MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c2c731c7f6e3be0fb0f7d4b6f2337a7daeeccb470ebfdb8d06274414e312ad3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c2c731c7f6e3be0fb0f7d4b6f2337a7daeeccb470ebfdb8d06274414e312ad3
SHA3-384 hash: d0f9e65f4927ffbbc6b1d7ccd3a254bd1bf67b737c6e1688cfcdfa8bda0165b6d977a17a5ce4546a24322479b7e4fc47
SHA1 hash: 0b9876cda4fe12d7c491736c06a2e0628ba0ceac
MD5 hash: 90d6c5756efb32c124dbcab3fbe00b3b
humanhash: william-california-montana-alabama
File name:telnet.sh
Download: download sample
File size:2'790 bytes
First seen:2025-12-21 09:31:52 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:eSDq3SDR0SD0t7SDQhSDBkSDbqSDTiSDejSDLaSDiPSDlwSDBkSDENSDo5SD9X:BtRfRxdN5dP1Vdbx
TLSH T1615199CC03838B315DAEDF7777A9888C7098A5E5B8D18E31D9DE7CAF448DE88A446143
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://151.242.30.13/bins/x8637f7a145112264b800b0d92a85bcc3ae6569fd50189e4080a9e13b0292df746c Miraielf geofenced mirai opendir ua-wget USA x86
http://151.242.30.13/bins/mips49b5d4b51083347f4aef30fb43fb58c9e330a220aa5c399dc3ada968d6a54216 Miraielf geofenced mips mirai opendir ua-wget USA
http://151.242.30.13/bins/mpslce67ce77f0ab2080a75313c92dd557f2779d88d44a7ad532d08cc0be80675e4b Miraielf geofenced mips mirai opendir ua-wget USA
http://151.242.30.13/bins/arca24a51b3ea4777475bad5ad18c053d99707d85d0e816278e4a27058a919eb224 Miraiarc elf geofenced mirai opendir ua-wget USA
http://151.242.30.13/bins/i468n/an/aelf ua-wget
http://151.242.30.13/bins/i68651e5d00211eb3a69cd7796e2208a2010aa263ce3490cf19ced71bec279bd303b Miraielf geofenced mirai opendir ua-wget USA x86
http://151.242.30.13/bins/x86_642cfe3d9f0100eb65810c632cd830a0ab516ce17a86536dee646ad819776b700a Miraielf geofenced mirai opendir ua-wget USA x86
http://151.242.30.13/bins/arm65ec93db8296b4ae09dd7a92272be5305f2c2ecd32566d73b07ae32eaf991056 Miraiarm elf geofenced mirai opendir ua-wget USA
http://151.242.30.13/bins/arm5d4ac7e5c0f78e10f1fe63eb105a7f6c295ac5cc9b1cdc9eddeb2642acc51639e Miraiarm elf geofenced mirai opendir ua-wget USA
http://151.242.30.13/bins/arm61f984d0ca8c9f8b92d0f34afd449b540206b6634730e2975b309d494bc682e13 Miraiarm elf geofenced mirai opendir ua-wget USA
http://151.242.30.13/bins/arm70a61672a8fa4115cc530b8b7651c20d5e9030af98f99ed92b35cdb6e8fc7c9e2 Miraiarm elf geofenced mirai opendir ua-wget USA
http://151.242.30.13/bins/ppccea109a1388edb5a1829d952637a0d9b37a48d8eee6fed0c2fe7b250085c707f Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://151.242.30.13/bins/spc07019ea27232f2c0f528115a443e5b61fc45a53b05ccc28f60496ddd8a08b40a Miraielf geofenced mirai opendir sparc ua-wget USA
http://151.242.30.13/bins/m68k31c7ba1ae705063552f31e6deca1602468cfa6f93ed33e59b89312bb7dd0d8aa Miraielf geofenced m68k mirai opendir ua-wget USA
http://151.242.30.13/bins/sh414d4af82d5566a2cd3a4f81aef840a0f5d4c6f62f95eee5d7ae9e838bccabdf3 Miraielf geofenced mirai opendir SuperH ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-20T12:10:00Z UTC
Last seen:
2025-12-21T12:48:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/7c2c731c7f6e3be0fb0f7d4b6f2337a7daeeccb470ebfdb8d06274414e312ad3/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/52b8bb13-94a8-4fc5-8c88-7ad93a3400e3
Behavior Graph:
Download SVG
%3
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/7c2c731c7f6e3be0fb0f7d4b6f2337a7daeeccb470ebfdb8d06274414e312ad3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c2c731c7f6e3be0fb0f7d4b6f2337a7daeeccb470ebfdb8d06274414e312ad3/
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-12-20 16:20:21 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pqwhghd7ny56b6yppvfw6izxu7no5tfuodv73ogqmj2ectrrfljq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251221-lhy46atjep/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7c2c731c7f6e3be0fb0f7d4b6f2337a7daeeccb470ebfdb8d06274414e312ad3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 7c2c731c7f6e3be0fb0f7d4b6f2337a7daeeccb470ebfdb8d06274414e312ad3

(this sample)

Mirai

elf 92e7027452964fe8329e6a2519d20f6788fa7b0c1f49cbb63027805f71a774df

Mirai

elf 37f7a145112264b800b0d92a85bcc3ae6569fd50189e4080a9e13b0292df746c

  
URLhaus
https://urlhaus.abuse.ch/url/3738790/
  
Delivery method
Distributed via web download
  
Dropping
MD5 42372bd3a444e2b34222bdc82bd6c21f
  
Dropping
SHA256 37f7a145112264b800b0d92a85bcc3ae6569fd50189e4080a9e13b0292df746c

Comments