MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 6a253112430db5ba263f7483e8a3f3088004e7993d9eae996dede1b350715bfb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 4
| SHA256 hash: | 6a253112430db5ba263f7483e8a3f3088004e7993d9eae996dede1b350715bfb |
|---|---|
| SHA3-384 hash: | b2d68cc044140c29355ac558a9a47f5bf16bdb7561ba11dce9b60dee18882644a8c7e65a35d8a04957e74c1623f4e6c0 |
| SHA1 hash: | 6fe2b909f857f02910f7e30310ca44bfcb44e750 |
| MD5 hash: | c8c2e2286130ab73cc24f9a1129fd0a8 |
| humanhash: | crazy-hot-jupiter-georgia |
| File name: | r.sh |
| Download: | download sample |
| File size: | 235 bytes |
| First seen: | 2025-11-30 08:36:48 UTC |
| Last seen: | Never |
| File type: | sh |
| MIME type: | text/x-shellscript |
| ssdeep | 3:TKH4ow4NLyRK5qRXpsJ1HXHl3zSAULW5MXzXSHqqRXpsJ1HXHeBzSAULWTXXoK1:howNwxzHlQW5mzXSAzHeeWbXoK1 |
| TLSH | T1A1D092EEB27812B0C8CCFB206DE18A6844017B88F58A0FF9980FA135C074EF16012684 |
| TrID | 70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1) |
| Magika | shell |
| Reporter |  abuse_ch |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://212.85.24.46:82/irannet.mipsel | 3850e949caaa065013d3cd154c5aa29092ee72b5ce68a087e9079b60e89cb2e4 | Mirai | elf geofenced mirai ua-wget USA |
| http://212.85.24.46:82/irannet.mips | 6b6299d1004bff5762d6d60160154368d0ae0a364370cc684f57a2a65fa13f30 | Mirai | elf geofenced mirai ua-wget USA |
Intelligence
File Origin
# of uploads :
1
# of downloads :
32
Origin country :
DEVendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
busybox mirai
Result
Gathering data
Status:
Failed
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Detection(s):
Suspicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh 6a253112430db5ba263f7483e8a3f3088004e7993d9eae996dede1b350715bfb
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.