MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 6d29e4352ae66c81057ee4ca4434857ca062ca4617442d969acd42adf46de0e8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 7
| SHA256 hash: | 6d29e4352ae66c81057ee4ca4434857ca062ca4617442d969acd42adf46de0e8 |
|---|---|
| SHA3-384 hash: | 836e693549c6221d0feb2185e29e91d044489f3fcb9eb876ffd30ae25970b952913bfcfd04774673d3a4c392bcadc265 |
| SHA1 hash: | ccc5c3cacece29f225526b66afbaea000cb47958 |
| MD5 hash: | 246a5fa21f25f4461a89ca53040f4600 |
| humanhash: | purple-tennis-oranges-cold |
| File name: | massload |
| Download: | download sample |
| File size: | 3'191 bytes |
| First seen: | 2025-11-21 20:38:35 UTC |
| Last seen: | Never |
| File type: | sh |
| MIME type: | text/plain |
| ssdeep | 48:QvZi4whMSGdnHxDUPUq5EIIICmvYTndPrHcYHcPBr5JMIVMICiz8Wv+156fPgf9:AZijlZz3C1 |
| TLSH | T18E61D7A83BD1573B82C68F47F221BA697B0F99CED8850ED865DF68F5CAAC8047031517 |
| Magika | shell |
| Reporter |  abuse_ch |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://103.146.23.141/mips | 8940a2d83740ea74154a6ede90488eb87e10ca22f092597e9c27f00ae380f8cb | Mirai | elf geofenced mips mirai ua-wget USA |
| http://103.146.23.141/mpsl | 5add3655c138947e54f6e93f583e7704a9a33ea87a1c76eb5322358d9d6d992e | Mirai | elf geofenced mips mirai ua-wget USA |
| http://103.146.23.141/arm4 | fe97cfdc07d40ad61d688edb30b6d7fdb500c0d6db85f7d1f9e639173922f4ab | Mirai | arm elf geofenced mirai ua-wget USA |
| http://103.146.23.141/arm5 | 5b94659fba807f800bca96cbf40d6be1da4306e21b0f6f2579c41f70585690e9 | Mirai | arm elf geofenced mirai ua-wget USA |
| http://103.146.23.141/arm7 | 21c9e1189e8447ddb5e233401d47ac4be0321d988e081a75a074d4414cf1a5a8 | Mirai | arm elf geofenced mirai ua-wget USA |
| http://103.146.23.141/powerpc | 102596c6c0ac0201bb8eff29e1e210540f192026927a79e23d27b11dc25e4b33 | Mirai | elf geofenced mirai PowerPC ua-wget USA |
Intelligence
File Origin
# of uploads :
1
# of downloads :
44
Origin country :
DEVendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
busybox mirai
Verdict:
Malicious
Labled as:
Bash.MiraiA.Generic
Verdict:
Malicious
File Type:
text
First seen:
2025-11-21T18:59:00Z UTC
Last seen:
2025-11-22T08:32:00Z UTC
Hits:
~10
Status:
terminated
Behavior Graph:
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Threat name:
Script-Shell.Worm.Mirai
Status:
Malicious
First seen:
2025-11-21 21:23:30 UTC
File Type:
Text (Shell)
AV detection:
13 of 38 (34.21%)
Threat level:
5/5
Detection(s):
Suspicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh 6d29e4352ae66c81057ee4ca4434857ca062ca4617442d969acd42adf46de0e8
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.