MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 76013487f3735ac4a83381a9533aec048e2a17868398e410b6999ccdbaf1be74. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | 76013487f3735ac4a83381a9533aec048e2a17868398e410b6999ccdbaf1be74 |
|---|---|
| SHA3-384 hash: | 7eae45436b780b971b2c71b571a3dd43623823833c90a160cc35e925afd93a87975898b04fef8166ace3848676b9f26b |
| SHA1 hash: | 3fe07a079ae19f2f1ce251881da0a1a1d2fde25f |
| MD5 hash: | 7e547ab6941c852824e7aa661883a837 |
| humanhash: | ten-delta-ten-zulu |
| File name: | wget.sh |
| Download: | download sample |
| File size: | 1'116 bytes |
| First seen: | 2025-09-08 15:17:56 UTC |
| Last seen: | Never |
| File type: | sh |
| MIME type: | text/plain |
| ssdeep | 24:7dIdvJdIdmdIdxNISdIeKsdIdNdIdQdIdLTDk0dIdoDdIdTkdId7dId9/dIdZxv:1tWZp |
| TLSH | T1802158FE3339150597240A8430760510A2CBC3937BAC9B81F3AC10236D9DACDBE29F2B |
| Magika | asm |
| Reporter |  abuse_ch |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://41.216.189.108/00101010101001/sora.arm | n/a | n/a | elf ua-wget |
| http://41.216.189.108/00101010101001/sora.arm5 | n/a | n/a | elf ua-wget |
| http://41.216.189.108/00101010101001/sora.arm6 | n/a | n/a | elf ua-wget |
| http://41.216.189.108/bins/sora.arm7 | n/a | n/a | elf ua-wget |
| http://41.216.189.108/00101010101001/sora.m68k | n/a | n/a | elf ua-wget |
| http://41.216.189.108/00101010101001/sora.mips | n/a | n/a | elf ua-wget |
| http://41.216.189.108/00101010101001/sora.mpsl | n/a | n/a | elf ua-wget |
| http://41.216.189.108/00101010101001/sora.ppc | n/a | n/a | elf ua-wget |
| http://41.216.189.108/00101010101001/sora.sh4 | n/a | n/a | elf ua-wget |
| http://41.216.189.108/00101010101001/sora.spc | n/a | n/a | elf ua-wget |
| http://41.216.189.108/00101010101001/sora.x86 | n/a | n/a | elf ua-wget |
| http://41.216.189.108/00101010101001/sora.x86_64 | n/a | n/a | elf ua-wget |
Intelligence
File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DEVendor Threat Intelligence
Detection(s):
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
mirai
Verdict:
Malicious
File Type:
ps1
First seen:
2025-09-06T14:10:00Z UTC
Last seen:
2025-09-06T14:10:00Z UTC
Hits:
~10
Status:
terminated
Behavior Graph:
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Threat name:
Document-HTML.Downloader.Heuristic
Status:
Malicious
First seen:
2025-09-06 19:07:00 UTC
File Type:
Text (Shell)
AV detection:
17 of 38 (44.74%)
Threat level:
2/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
3/10
Tags:
n/a
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh 76013487f3735ac4a83381a9533aec048e2a17868398e410b6999ccdbaf1be74
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.