MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a14b3271df3153b79aa0388631d3b2876fc7fbbd28b2dc63ddecaa22f239e4b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash:	7a14b3271df3153b79aa0388631d3b2876fc7fbbd28b2dc63ddecaa22f239e4b
SHA3-384 hash:	c8dc6b6d1ac9c7eaf25513d3de47f07687d4c161fbd13a919cadeafd2a60924627fb1bfcb94fe8546440bfbe5b94b874
SHA1 hash:	9fdbcd1b442d6ce95c70cb4ac153ea117cb29f57
MD5 hash:	fb4c460f76a5fc569134d05bcb3853c8
humanhash:	edward-double-yankee-gee
File name:	g
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'077 bytes
First seen:	2025-08-23 02:02:17 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:E22IbO5zOt+MB0hR+kSspsmkSGhkSeZ1hkSjUkA:EAO5CEA0ikPkLkZZnklkA
TLSH	T19B116DCF59659C72DCA85D8937520C24B88EC5E425CFCE8CA6CD8135D8DDE043593F69
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://158.51.126.131/v/armv4l	e333d6098ba7af114b4e8b290f0e587592067b8e153798bf4763262d2074ad96	Mirai	elf mirai ua-wget
http://158.51.126.131/v/armv5l	79d810e67c7bd6c6669214c1c4b631829d90726886b4167a232813d8434ef3f7	Mirai	elf mirai ua-wget
http://158.51.126.131/v/armv7l	c3788d92bfc3a08dbcca4476832c46b099bcad182c56cdbccf837eb0edb6cd77	Mirai	elf mirai ua-wget
http://158.51.126.131/v/mips	d4e2e83716082a12346f565d13cc06546a099a05725f194c135f7b3839473a6c	Mirai	elf mirai ua-wget
http://158.51.126.131/v/mipsel	8db391280f5fda83a9dc476d69d093827bb72b3a90c3112679855eacabb996e1	Mirai	elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.32150.LX.BOT.UNOFFICIAL

Verdict:

Malicious

File Type:

ps1

First seen:

2025-08-22T23:13:00Z UTC

Last seen:

2025-08-22T23:13:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p

Link:

https://opentip.kaspersky.com/7a14b3271df3153b79aa0388631d3b2876fc7fbbd28b2dc63ddecaa22f239e4b/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/de1a5421-60ab-4def-bf33-d22f5b7b255d

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/7a14b3271df3153b79aa0388631d3b2876fc7fbbd28b2dc63ddecaa22f239e4b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7a14b3271df3153b79aa0388631d3b2876fc7fbbd28b2dc63ddecaa22f239e4b/

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/7a14b3271df3153b79aa0388631d3b2876fc7fbbd28b2dc63ddecaa22f239e4b

Threat name:

Linux.Downloader.SAgnt

Status:

Malicious

First seen:

2025-08-23 02:04:35 UTC

File Type:

Text (Shell)

AV detection:

9 of 24 (37.50%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=piklgjy56mktw6nkaoegghj3fb3py7532kfs3rr533fkelzdtzfq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250823-chj6kafq8y/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/7a14b3271df3153b79aa0388631d3b2876fc7fbbd28b2dc63ddecaa22f239e4b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.