MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 693e032d392b074e576d3c93daae8670b82d1747debca8ccd3a109aa51f42d14. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 693e032d392b074e576d3c93daae8670b82d1747debca8ccd3a109aa51f42d14
SHA3-384 hash: 8cbebeb5db44e1f627d006899fafa4f4d0a7bf1d367896ead85617dbe66f7c7f97c305d0b18368616ad9ffecf3fc25a1
SHA1 hash: d998889b91983b5cbdb10c48d1b520bd472b2904
MD5 hash: 545b541d6a9fa2a923d31d64a0170662
humanhash: carpet-blossom-seventeen-fourteen
File name:c.sh
Download: download sample
File size:1'087 bytes
First seen:2026-04-15 04:04:17 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:X5zFE5D5UfEEk5KNI5rEDD53cKrEf+5+kafaE+5D1DIr61HFIN1nIp1edIIenhcT:AYNILK8kAG5RUrkSXITEEc/ZSU
TLSH T1A2116DEC30A8207EBD01AE46B2B65AD4B111F1FB6D834F90E8080974F58EBF4716E744
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter adliwahid
URLMalware sample (SHA256 hash)SignatureTags
http://5.175.223.249/data.arm48ada174e7f0845bee202dbb6613ac07665ae5fe9db08d297e8b8da06d096275d Miraimirai
http://5.175.223.249/data.arm55ca5f11f6f388258c42826f4a876f7976d8000d8d06b11e40df4ef067d420a2c Miraimirai
http://5.175.223.249/data.arm62ebae23266ae5ece0b621baecb1222dee09f02b393d6b4993f6f8b3a81234efa Miraimirai
http://5.175.223.249/data.arm78cda6ff36f64a6c787982c216740857cf6b06b3c0dce3f341b3fcaafd6a8df3e Miraimirai
http://5.175.223.249/data.aarch64123d0b0b0e246646a29a3eeeca3cec00e015ac8d69a9d586bef992c2a1051009 Miraimirai
http://5.175.223.249/data.mipsd468b6ada8e3dcbfa91c708de4fe1ca3e41bbe18b2f5af2054a2e0a5686fdc9d Miraimirai
http://5.175.223.249/data.mipselaabe3c75c74611484aae5f13ec6212a348df01d223d4c2d2a7d77a306486c1d8 Miraimirai
http://5.175.223.249/data.mips-uclibc2525a22200d9dd29ba5732ab02ddf094271448a31eab85f57770c3fdac16dc3e Miraimirai
http://5.175.223.249/data.mipsel-uclibc15588e148ce17c6225ffdccad499ddb5adcf931f189355f600e54d861f6992ae Miraimirai
http://5.175.223.249/data.powerpc8120766b6b118ee6863f57d2a2f7f53752d282fd4d12d925f70b9ab74f003534 Miraimirai
http://5.175.223.249/data.x8673d62b475534c08e67fd1b4c8f05ab3fd64114260cb7b9924c091b48a0bcfa2e Miraimirai
http://5.175.223.249/data.x86_64efc5bbcf49271bc9c0392ac79924984f720dd282b7fa44341d2be26c215ae964 MiraiDDoSAgent mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
44
Origin country :
NL NL
Vendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-04-15T01:11:00Z UTC
Last seen:
2026-04-15T01:31:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/693e032d392b074e576d3c93daae8670b82d1747debca8ccd3a109aa51f42d14/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/693e032d392b074e576d3c93daae8670b82d1747debca8ccd3a109aa51f42d14
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/693e032d392b074e576d3c93daae8670b82d1747debca8ccd3a109aa51f42d14/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/693e032d392b074e576d3c93daae8670b82d1747debca8ccd3a109aa51f42d14
Threat name:
Script-Shell.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-04-15 04:06:18 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ne7agljzfmdu4v3nhsj5vlugoc4c2f2h326krtgtuee2uupufuka._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm credential_access defense_evasion discovery linux
Link:
https://tria.ge/reports/260415-enf27shw9v/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Reads process memory
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.34
Link:
https://yomi.yoroi.company/submissions/693e032d392b074e576d3c93daae8670b82d1747debca8ccd3a109aa51f42d14

File information

The table below shows additional information about this malware sample such as delivery method and external references.

sh 693e032d392b074e576d3c93daae8670b82d1747debca8ccd3a109aa51f42d14

(this sample)

Mirai

elf 8ada174e7f0845bee202dbb6613ac07665ae5fe9db08d297e8b8da06d096275d

  
Dropping
MD5 0663b675e6942409377877b3fce56255
  
Dropping
SHA256 8ada174e7f0845bee202dbb6613ac07665ae5fe9db08d297e8b8da06d096275d

Comments