MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 73da928950f56620a630ee8432bcb3c1d876face241918342cf6af3bfa2feafa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 73da928950f56620a630ee8432bcb3c1d876face241918342cf6af3bfa2feafa
SHA3-384 hash: 979b034e43ccf5dadd30ed5d572c7ed1de66b0a4567f450e2c4173aa5a7ffb44d33cf33761d9bd2ed9d0aa8406e4efa3
SHA1 hash: f6b7f13300368721614e1b3a4b3749f5d541d832
MD5 hash: 04b7b9b4d33af17fd0b3da5ced5da48c
humanhash: fruit-ack-minnesota-minnesota
File name:re
Download: download sample
File size:296 bytes
First seen:2026-01-19 01:20:39 UTC
Last seen:2026-01-19 21:15:44 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 6:hftJ+pUKUF2RVYTeinYf53I3k2M3FoF/fkVKhOXqIKXD73IKX+N1IEWYq1IKBK0:ZtJ+jRPEYiHTF0ghsOTh4WYO80
TLSH T19DE0C28CF853083378748CB9A7D73451950F920A6E06549A72C9620BEAE4E50B050153
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
2
# of downloads :
79
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-23.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/696dd4e49c4da7d847358dc9/reports/5c8b4629-8ab6-44db-9858-2a4c8ba52d68/overview
Verdict:
Malicious
Labled as:
Bash.MiraiB.Generic
Link:
https://www.hybrid-analysis.com/sample/73da928950f56620a630ee8432bcb3c1d876face241918342cf6af3bfa2feafa
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-01-18T20:23:00Z UTC
Last seen:
2026-01-19T12:53:00Z UTC
Hits:
~10
Detections:
Trojan-Downloader.Shell.Agent.bi HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/73da928950f56620a630ee8432bcb3c1d876face241918342cf6af3bfa2feafa/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a3b08248-de41-47d6-8b18-05d1f81f9a9e
Behavior Graph:
Download SVG
%3 guuid=be2bc7d3-1700-0000-e400-b4fa9e0c0000 pid=3230 /usr/bin/sudo guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234 /tmp/sample.bin guuid=be2bc7d3-1700-0000-e400-b4fa9e0c0000 pid=3230->guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234 execve guuid=0fde36d6-1700-0000-e400-b4faa40c0000 pid=3236 /usr/bin/wget net send-data write-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=0fde36d6-1700-0000-e400-b4faa40c0000 pid=3236 execve guuid=dd2106f5-1700-0000-e400-b4fade0c0000 pid=3294 /usr/bin/chmod guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=dd2106f5-1700-0000-e400-b4fade0c0000 pid=3294 execve guuid=03f96af5-1700-0000-e400-b4fae00c0000 pid=3296 /usr/bin/dash guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=03f96af5-1700-0000-e400-b4fae00c0000 pid=3296 clone guuid=afc6fcf5-1700-0000-e400-b4fae40c0000 pid=3300 /usr/bin/rm delete-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=afc6fcf5-1700-0000-e400-b4fae40c0000 pid=3300 execve guuid=341850f6-1700-0000-e400-b4fae60c0000 pid=3302 /usr/bin/wget net send-data write-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=341850f6-1700-0000-e400-b4fae60c0000 pid=3302 execve guuid=05e4f615-1800-0000-e400-b4fa0d0d0000 pid=3341 /usr/bin/chmod guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=05e4f615-1800-0000-e400-b4fa0d0d0000 pid=3341 execve guuid=d1da8516-1800-0000-e400-b4fa0e0d0000 pid=3342 /usr/bin/dash guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=d1da8516-1800-0000-e400-b4fa0e0d0000 pid=3342 clone guuid=9ba70219-1800-0000-e400-b4fa140d0000 pid=3348 /usr/bin/rm delete-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=9ba70219-1800-0000-e400-b4fa140d0000 pid=3348 execve guuid=d3645019-1800-0000-e400-b4fa150d0000 pid=3349 /usr/bin/wget net send-data write-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=d3645019-1800-0000-e400-b4fa150d0000 pid=3349 execve guuid=55ec2232-1800-0000-e400-b4fa3e0d0000 pid=3390 /usr/bin/chmod guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=55ec2232-1800-0000-e400-b4fa3e0d0000 pid=3390 execve guuid=9b978332-1800-0000-e400-b4fa3f0d0000 pid=3391 /usr/bin/dash guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=9b978332-1800-0000-e400-b4fa3f0d0000 pid=3391 clone guuid=ac0df233-1800-0000-e400-b4fa450d0000 pid=3397 /usr/bin/rm delete-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=ac0df233-1800-0000-e400-b4fa450d0000 pid=3397 execve guuid=66823c34-1800-0000-e400-b4fa470d0000 pid=3399 /usr/bin/wget net send-data write-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=66823c34-1800-0000-e400-b4fa470d0000 pid=3399 execve guuid=4f0e674d-1800-0000-e400-b4fa770d0000 pid=3447 /usr/bin/chmod guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=4f0e674d-1800-0000-e400-b4fa770d0000 pid=3447 execve guuid=fccdd64d-1800-0000-e400-b4fa780d0000 pid=3448 /usr/bin/dash guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=fccdd64d-1800-0000-e400-b4fa780d0000 pid=3448 clone guuid=8d9b9c4f-1800-0000-e400-b4fa7d0d0000 pid=3453 /usr/bin/rm delete-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=8d9b9c4f-1800-0000-e400-b4fa7d0d0000 pid=3453 execve guuid=fa75e64f-1800-0000-e400-b4fa7f0d0000 pid=3455 /usr/bin/wget net send-data write-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=fa75e64f-1800-0000-e400-b4fa7f0d0000 pid=3455 execve guuid=3e39566a-1800-0000-e400-b4fab30d0000 pid=3507 /usr/bin/chmod guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=3e39566a-1800-0000-e400-b4fab30d0000 pid=3507 execve guuid=6c07b26a-1800-0000-e400-b4fab40d0000 pid=3508 /usr/bin/dash guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=6c07b26a-1800-0000-e400-b4fab40d0000 pid=3508 clone guuid=26a9dd6b-1800-0000-e400-b4fab60d0000 pid=3510 /usr/bin/rm delete-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=26a9dd6b-1800-0000-e400-b4fab60d0000 pid=3510 execve guuid=77b8206c-1800-0000-e400-b4fab70d0000 pid=3511 /usr/bin/wget net send-data write-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=77b8206c-1800-0000-e400-b4fab70d0000 pid=3511 execve guuid=6d064f89-1800-0000-e400-b4fade0d0000 pid=3550 /usr/bin/chmod guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=6d064f89-1800-0000-e400-b4fade0d0000 pid=3550 execve guuid=2de69389-1800-0000-e400-b4fadf0d0000 pid=3551 /usr/bin/dash guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=2de69389-1800-0000-e400-b4fadf0d0000 pid=3551 clone guuid=6272168a-1800-0000-e400-b4fae20d0000 pid=3554 /usr/bin/rm delete-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=6272168a-1800-0000-e400-b4fae20d0000 pid=3554 execve guuid=61ffb28a-1800-0000-e400-b4fae40d0000 pid=3556 /usr/bin/wget net send-data write-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=61ffb28a-1800-0000-e400-b4fae40d0000 pid=3556 execve guuid=95bc19a4-1800-0000-e400-b4fa280e0000 pid=3624 /usr/bin/chmod guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=95bc19a4-1800-0000-e400-b4fa280e0000 pid=3624 execve guuid=f399b8a4-1800-0000-e400-b4fa2a0e0000 pid=3626 /usr/bin/dash guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=f399b8a4-1800-0000-e400-b4fa2a0e0000 pid=3626 clone guuid=aad0aca5-1800-0000-e400-b4fa2e0e0000 pid=3630 /usr/bin/rm delete-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=aad0aca5-1800-0000-e400-b4fa2e0e0000 pid=3630 execve guuid=b1cd01a6-1800-0000-e400-b4fa300e0000 pid=3632 /usr/bin/wget net send-data write-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=b1cd01a6-1800-0000-e400-b4fa300e0000 pid=3632 execve guuid=382d9ebf-1800-0000-e400-b4fa6d0e0000 pid=3693 /usr/bin/chmod guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=382d9ebf-1800-0000-e400-b4fa6d0e0000 pid=3693 execve guuid=794ae7bf-1800-0000-e400-b4fa6e0e0000 pid=3694 /usr/bin/dash guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=794ae7bf-1800-0000-e400-b4fa6e0e0000 pid=3694 clone guuid=e5237fc0-1800-0000-e400-b4fa700e0000 pid=3696 /usr/bin/rm delete-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=e5237fc0-1800-0000-e400-b4fa700e0000 pid=3696 execve guuid=f656cac0-1800-0000-e400-b4fa710e0000 pid=3697 /usr/bin/wget net send-data write-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=f656cac0-1800-0000-e400-b4fa710e0000 pid=3697 execve guuid=91371fd9-1800-0000-e400-b4fa950e0000 pid=3733 /usr/bin/chmod guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=91371fd9-1800-0000-e400-b4fa950e0000 pid=3733 execve guuid=257284d9-1800-0000-e400-b4fa960e0000 pid=3734 /tmp/dlink.exploit guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=257284d9-1800-0000-e400-b4fa960e0000 pid=3734 execve guuid=59c69fd9-1800-0000-e400-b4fa990e0000 pid=3737 /usr/bin/rm delete-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=59c69fd9-1800-0000-e400-b4fa990e0000 pid=3737 execve guuid=9203ebd9-1800-0000-e400-b4fa9c0e0000 pid=3740 /usr/bin/wget net send-data write-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=9203ebd9-1800-0000-e400-b4fa9c0e0000 pid=3740 execve guuid=559c33f1-1800-0000-e400-b4fade0e0000 pid=3806 /usr/bin/chmod guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=559c33f1-1800-0000-e400-b4fade0e0000 pid=3806 execve guuid=527788f1-1800-0000-e400-b4fae00e0000 pid=3808 /usr/bin/dash guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=527788f1-1800-0000-e400-b4fae00e0000 pid=3808 clone guuid=30db0af3-1800-0000-e400-b4fae70e0000 pid=3815 /usr/bin/rm delete-file guuid=6ae2fed5-1700-0000-e400-b4faa20c0000 pid=3234->guuid=30db0af3-1800-0000-e400-b4fae70e0000 pid=3815 execve 9e269a19-b086-5b9b-9863-0a1f5412a545 198.144.189.70:80 guuid=0fde36d6-1700-0000-e400-b4faa40c0000 pid=3236->9e269a19-b086-5b9b-9863-0a1f5412a545 send: 142B guuid=341850f6-1700-0000-e400-b4fae60c0000 pid=3302->9e269a19-b086-5b9b-9863-0a1f5412a545 send: 142B guuid=d3645019-1800-0000-e400-b4fa150d0000 pid=3349->9e269a19-b086-5b9b-9863-0a1f5412a545 send: 141B guuid=66823c34-1800-0000-e400-b4fa470d0000 pid=3399->9e269a19-b086-5b9b-9863-0a1f5412a545 send: 142B guuid=fa75e64f-1800-0000-e400-b4fa7f0d0000 pid=3455->9e269a19-b086-5b9b-9863-0a1f5412a545 send: 142B guuid=77b8206c-1800-0000-e400-b4fab70d0000 pid=3511->9e269a19-b086-5b9b-9863-0a1f5412a545 send: 142B guuid=61ffb28a-1800-0000-e400-b4fae40d0000 pid=3556->9e269a19-b086-5b9b-9863-0a1f5412a545 send: 141B guuid=b1cd01a6-1800-0000-e400-b4fa300e0000 pid=3632->9e269a19-b086-5b9b-9863-0a1f5412a545 send: 141B guuid=f656cac0-1800-0000-e400-b4fa710e0000 pid=3697->9e269a19-b086-5b9b-9863-0a1f5412a545 send: 141B guuid=4eec97d9-1800-0000-e400-b4fa980e0000 pid=3736 /tmp/dlink.exploit zombie guuid=257284d9-1800-0000-e400-b4fa960e0000 pid=3734->guuid=4eec97d9-1800-0000-e400-b4fa980e0000 pid=3736 clone guuid=9b69a2d9-1800-0000-e400-b4fa9a0e0000 pid=3738 /tmp/dlink.exploit net send-data zombie guuid=4eec97d9-1800-0000-e400-b4fa980e0000 pid=3736->guuid=9b69a2d9-1800-0000-e400-b4fa9a0e0000 pid=3738 clone b176a1c4-7acf-5cab-9da1-7489b9f29878 198.144.189.70:41323 guuid=9b69a2d9-1800-0000-e400-b4fa9a0e0000 pid=3738->b176a1c4-7acf-5cab-9da1-7489b9f29878 send: 11B guuid=dcb63e27-1900-0000-e400-b4fa880f0000 pid=3976 /tmp/dlink.exploit net net-scan send-data guuid=9b69a2d9-1800-0000-e400-b4fa9a0e0000 pid=3738->guuid=dcb63e27-1900-0000-e400-b4fa880f0000 pid=3976 clone guuid=16c14127-1900-0000-e400-b4fa890f0000 pid=3977 /tmp/dlink.exploit net net-scan send-data guuid=9b69a2d9-1800-0000-e400-b4fa9a0e0000 pid=3738->guuid=16c14127-1900-0000-e400-b4fa890f0000 pid=3977 clone guuid=9203ebd9-1800-0000-e400-b4fa9c0e0000 pid=3740->9e269a19-b086-5b9b-9863-0a1f5412a545 send: 141B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=dcb63e27-1900-0000-e400-b4fa880f0000 pid=3976->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con c8976be1-7b46-5918-bf10-1b3827900cf8 184.105.1.136:23 guuid=dcb63e27-1900-0000-e400-b4fa880f0000 pid=3976->c8976be1-7b46-5918-bf10-1b3827900cf8 send: 40B guuid=dcb63e27-1900-0000-e400-b4fa880f0000 pid=3976|send-data send-data to 4097 IP addresses review logs to see them all guuid=dcb63e27-1900-0000-e400-b4fa880f0000 pid=3976->guuid=dcb63e27-1900-0000-e400-b4fa880f0000 pid=3976|send-data send guuid=16c14127-1900-0000-e400-b4fa890f0000 pid=3977->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=16c14127-1900-0000-e400-b4fa890f0000 pid=3977|send-data send-data to 4097 IP addresses review logs to see them all guuid=16c14127-1900-0000-e400-b4fa890f0000 pid=3977->guuid=16c14127-1900-0000-e400-b4fa890f0000 pid=3977|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/73da928950f56620a630ee8432bcb3c1d876face241918342cf6af3bfa2feafa
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/73da928950f56620a630ee8432bcb3c1d876face241918342cf6af3bfa2feafa/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/73da928950f56620a630ee8432bcb3c1d876face241918342cf6af3bfa2feafa
Threat name:
Linux.Downloader.MiraiB
Create hunting rule
Status:
Malicious
First seen:
2026-01-19 01:19:54 UTC
File Type:
Text (Shell)
AV detection:
17 of 36 (47.22%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=opnjfckq6vtcbjrq52cdfpftyhmhn6woeqmrqnbm62xtx6rp5l5a._file
Result
Malware family:
n/a
Score:
  9/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/260119-hnt6lsb19f/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
File and Directory Permissions Modification
Executes dropped EXE
Contacts a large (71902) amount of remote hosts
Creates a large amount of network flows
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/73da928950f56620a630ee8432bcb3c1d876face241918342cf6af3bfa2feafa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 73da928950f56620a630ee8432bcb3c1d876face241918342cf6af3bfa2feafa

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3759824/
  
Delivery method
Distributed via web download

Comments