MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c02963fdb148b9a2bf9b9913fa1db9a62dabaf47b281cef30ce83efa4e9675f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	7c02963fdb148b9a2bf9b9913fa1db9a62dabaf47b281cef30ce83efa4e9675f
SHA3-384 hash:	4399da938390eeee629cf569f8cdc6a745e7524c80c77c346555fbbf3ce51b0fa3a3ab946e5abf3f55dcd35ddba22e70
SHA1 hash:	2a3324a3934bd9090b48848dd4414587f6ec28ad
MD5 hash:	893db1db87c15c811f563090fa1d737f
humanhash:	arkansas-charlie-green-uniform
File name:	w
Download:	download sample
Signature	Mirai Create hunting rule
File size:	1'014 bytes
First seen:	2025-12-10 00:37:51 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	24:QXzFkVrFl5fVrFGVrF1VrFApVrFJVrFwVrFvVrFTVrFWVrFAJVk:QjeVrf1VrYVrPVriVrPVruVrJVrlVrMZ
TLSH	T1A31160BC070A6DB88088D83A7292C90D30E24FCF143BDB906E69217D30E05DE7132E0A
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://213.209.143.64/splarm	96f1feeb93c3a7452740a6f7914e10411b7f8bbc90a9560f4788f3c4ac61c4d0	Mirai	elf mirai ua-wget
http://213.209.143.64/splarm5	2a9500af556d33ba63010baf25c7889f3820cfb3ae73bf1e8c9308c6687a3d86	Mirai	elf mirai ua-wget
http://213.209.143.64/splarm6	fa9c55993474f595798a26c92346219f18341bc7ac8ead9effa655a2db87a6fe	Mirai	elf mirai ua-wget
http://213.209.143.64/splarm7	9fe549c71c620f6572f5c8815dea0d4401af11397444ada0cda8bd2b0fbc1efe	Mirai	censys elf mirai ua-wget
http://213.209.143.64/splm68k	740a18e3bb9cfcecf723aa78a34f61a0cdcf14052cac32d7433c4a15702c8a26	Mirai	elf mirai ua-wget
http://213.209.143.64/splmips	a14a4bdd8fbe5df29323e1a83629537f8bc9f6e905e52ae5f75b3ea1608ab001	Mirai	elf mirai ua-wget
http://213.209.143.64/splmpsl	e68a84f78ecbc3f02c3951dddb5a13f57ebe9401bd2ac2481c05b90b575045ec	Mirai	elf mirai ua-wget
http://213.209.143.64/splppc	4c689b24ad8a92dbbc7f119463a5930582dd9d631fd770952d6e7c8afd664b02	Mirai	elf mirai ua-wget
http://213.209.143.64/splsh4	6b168ba9afee5a8545ec17f32e29d629ac637b9441b40924668381b6e12151f4	Mirai	elf mirai ua-wget
http://213.209.143.64/splspc	4f3e28de824c6a494e8e3846fdf94e88e9980f7c8436d702c1a98cde64ba7989	Mirai	elf mirai ua-wget
http://213.209.143.64/splx86	d15385b030e4bf574cd2f6f1d1f4131881c7f198aebbe444f72bc9e83cd1a959	Mirai	censys elf mirai ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive

Link:

https://www.filescan.io/uploads/6938e24bcf690d27f3da75f1/reports/1600e0bd-c2f6-496a-8c13-c1155403d8e6/overview

Verdict:

Suspicious

Labled as:

Linux/Downloader.p

Link:

https://www.hybrid-analysis.com/sample/7c02963fdb148b9a2bf9b9913fa1db9a62dabaf47b281cef30ce83efa4e9675f

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-12-09T23:02:00Z UTC

Last seen:

2025-12-09T23:34:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/7c02963fdb148b9a2bf9b9913fa1db9a62dabaf47b281cef30ce83efa4e9675f/results?tab=lookup

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/80caac91-aeb0-473d-8216-13e8df566571

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/7c02963fdb148b9a2bf9b9913fa1db9a62dabaf47b281cef30ce83efa4e9675f

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7c02963fdb148b9a2bf9b9913fa1db9a62dabaf47b281cef30ce83efa4e9675f/

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/7c02963fdb148b9a2bf9b9913fa1db9a62dabaf47b281cef30ce83efa4e9675f

Threat name:

Win32.Trojan.Egairtigado

Status:

Malicious

First seen:

2025-12-10 01:10:29 UTC

File Type:

Text (Shell)

AV detection:

12 of 24 (50.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pqbjmp63csfzuk7zxgit7io3tjrnvoxupmubz3zqz2b67jhjm5pq._file

Result

Malware family:

n/a

Score:

9/10

Tags:

credential_access defense_evasion discovery linux

Link:

https://tria.ge/reports/251210-dhg7mscx5d/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Changes its process name

Reads system network configuration

Reads process memory

Enumerates active TCP sockets

Enumerates running processes

File and Directory Permissions Modification

Executes dropped EXE

Renames itself

Contacts a large (36057) amount of remote hosts

Creates a large amount of network flows

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7c02963fdb148b9a2bf9b9913fa1db9a62dabaf47b281cef30ce83efa4e9675f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 7c02963fdb148b9a2bf9b9913fa1db9a62dabaf47b281cef30ce83efa4e9675f

(this sample)

Mirai

elf 162aab4bfa96b1b69cc61a3bf0a6fdfcd8774a5a455c96ba2c21c07fbe43b6bf

URLhaus

https://urlhaus.abuse.ch/url/3726315/

Delivery method

Distributed via web download

Dropping

MD5 d415edc41431f8d2fcfb463fe2d117e2

Dropping

SHA256 162aab4bfa96b1b69cc61a3bf0a6fdfcd8774a5a455c96ba2c21c07fbe43b6bf

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample