MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8448e3fd5748e618814b8531e9339473991a18afd4f70cd109489a54ccc3fcaf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8448e3fd5748e618814b8531e9339473991a18afd4f70cd109489a54ccc3fcaf
SHA3-384 hash: 185f51ab403b25fc13646d9c043742365029caebf3914562f175b17a077e61a16ed655a3b171d211bd29d1c11f6fec70
SHA1 hash: af6367a5c352ef086d2fea8245a286b9f7e0b776
MD5 hash: 8e58d9bb5a794a825d9a25d59ee279e1
humanhash: diet-fifteen-skylark-stairway
File name:b
Download: download sample
File size:203 bytes
First seen:2026-02-18 19:05:58 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 3:TKH4vWbDdQFRsfdQF5aS8dQFnvdIBFfQF5/u5dBdQFxvZzMNGTOtIWYpDeB+aKv7:hObaIuOA9yDB2/vuLrp2Nl
TLSH T108D012C510D7A5E031FC44B331B6D91551C98A8ECE408D28DCDA35B3545DF0470D3965
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.251.236.118/multi/wget.shn/an/amirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
119
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/8448e3fd5748e618814b8531e9339473991a18afd4f70cd109489a54ccc3fcaf
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/8448e3fd5748e618814b8531e9339473991a18afd4f70cd109489a54ccc3fcaf/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/331b0e3f-03af-4018-9d89-620bd3358114
Behavior Graph:
Download SVG
%3 guuid=77fe62d0-1600-0000-ef41-6c4d090d0000 pid=3337 /usr/bin/sudo guuid=a00ae9d2-1600-0000-ef41-6c4d110d0000 pid=3345 /tmp/sample.bin guuid=77fe62d0-1600-0000-ef41-6c4d090d0000 pid=3337->guuid=a00ae9d2-1600-0000-ef41-6c4d110d0000 pid=3345 execve guuid=7f1d58d3-1600-0000-ef41-6c4d130d0000 pid=3347 /usr/bin/wget net send-data write-file guuid=a00ae9d2-1600-0000-ef41-6c4d110d0000 pid=3345->guuid=7f1d58d3-1600-0000-ef41-6c4d130d0000 pid=3347 execve guuid=076931ed-1600-0000-ef41-6c4d4f0d0000 pid=3407 /usr/bin/chmod guuid=a00ae9d2-1600-0000-ef41-6c4d110d0000 pid=3345->guuid=076931ed-1600-0000-ef41-6c4d4f0d0000 pid=3407 execve guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409 /usr/bin/dash guuid=a00ae9d2-1600-0000-ef41-6c4d110d0000 pid=3345->guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409 execve 90d03414-d2d8-5070-b639-14da4b2ee60c 103.251.236.118:80 guuid=7f1d58d3-1600-0000-ef41-6c4d130d0000 pid=3347->90d03414-d2d8-5070-b639-14da4b2ee60c send: 143B guuid=e2a823ee-1600-0000-ef41-6c4d540d0000 pid=3412 /usr/bin/rm guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=e2a823ee-1600-0000-ef41-6c4d540d0000 pid=3412 execve guuid=9a60eeee-1600-0000-ef41-6c4d570d0000 pid=3415 /usr/bin/wget net send-data write-file guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=9a60eeee-1600-0000-ef41-6c4d570d0000 pid=3415 execve guuid=fae28247-1700-0000-ef41-6c4dee0d0000 pid=3566 /usr/bin/chmod guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=fae28247-1700-0000-ef41-6c4dee0d0000 pid=3566 execve guuid=7753ee47-1700-0000-ef41-6c4df00d0000 pid=3568 /usr/bin/dash guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=7753ee47-1700-0000-ef41-6c4df00d0000 pid=3568 clone guuid=5d48c048-1700-0000-ef41-6c4df30d0000 pid=3571 /usr/bin/wget net send-data write-file guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=5d48c048-1700-0000-ef41-6c4df30d0000 pid=3571 execve guuid=95a4419b-1700-0000-ef41-6c4dc60e0000 pid=3782 /usr/bin/chmod guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=95a4419b-1700-0000-ef41-6c4dc60e0000 pid=3782 execve guuid=b953c99b-1700-0000-ef41-6c4dc80e0000 pid=3784 /usr/bin/dash guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=b953c99b-1700-0000-ef41-6c4dc80e0000 pid=3784 clone guuid=9659e39c-1700-0000-ef41-6c4dcd0e0000 pid=3789 /usr/bin/wget net send-data write-file guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=9659e39c-1700-0000-ef41-6c4dcd0e0000 pid=3789 execve guuid=435b35f1-1700-0000-ef41-6c4de90f0000 pid=4073 /usr/bin/chmod guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=435b35f1-1700-0000-ef41-6c4de90f0000 pid=4073 execve guuid=d161a5f1-1700-0000-ef41-6c4deb0f0000 pid=4075 /usr/bin/dash guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=d161a5f1-1700-0000-ef41-6c4deb0f0000 pid=4075 clone guuid=04d617f3-1700-0000-ef41-6c4df30f0000 pid=4083 /usr/bin/wget net send-data write-file guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=04d617f3-1700-0000-ef41-6c4df30f0000 pid=4083 execve guuid=1f768371-1800-0000-ef41-6c4de5100000 pid=4325 /usr/bin/chmod guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=1f768371-1800-0000-ef41-6c4de5100000 pid=4325 execve guuid=299bff71-1800-0000-ef41-6c4de7100000 pid=4327 /usr/bin/dash guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=299bff71-1800-0000-ef41-6c4de7100000 pid=4327 clone guuid=ee8cde73-1800-0000-ef41-6c4ded100000 pid=4333 /usr/bin/wget net send-data write-file guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=ee8cde73-1800-0000-ef41-6c4ded100000 pid=4333 execve guuid=304807ca-1800-0000-ef41-6c4dc5110000 pid=4549 /usr/bin/chmod guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=304807ca-1800-0000-ef41-6c4dc5110000 pid=4549 execve guuid=78f64aca-1800-0000-ef41-6c4dc9110000 pid=4553 /mnt/xddf net send-data guuid=8be4b8ed-1600-0000-ef41-6c4d510d0000 pid=3409->guuid=78f64aca-1800-0000-ef41-6c4dc9110000 pid=4553 execve guuid=9a60eeee-1600-0000-ef41-6c4d570d0000 pid=3415->90d03414-d2d8-5070-b639-14da4b2ee60c send: 145B guuid=5d48c048-1700-0000-ef41-6c4df30d0000 pid=3571->90d03414-d2d8-5070-b639-14da4b2ee60c send: 145B guuid=9659e39c-1700-0000-ef41-6c4dcd0e0000 pid=3789->90d03414-d2d8-5070-b639-14da4b2ee60c send: 145B guuid=04d617f3-1700-0000-ef41-6c4df30f0000 pid=4083->90d03414-d2d8-5070-b639-14da4b2ee60c send: 147B guuid=ee8cde73-1800-0000-ef41-6c4ded100000 pid=4333->90d03414-d2d8-5070-b639-14da4b2ee60c send: 147B 5ad8de00-d329-537b-bd35-6108d414a6ea 89.167.52.86:853 guuid=78f64aca-1800-0000-ef41-6c4dc9110000 pid=4553->5ad8de00-d329-537b-bd35-6108d414a6ea send: 3270B
Score:
77%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8448e3fd5748e618814b8531e9339473991a18afd4f70cd109489a54ccc3fcaf
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8448e3fd5748e618814b8531e9339473991a18afd4f70cd109489a54ccc3fcaf/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/8448e3fd5748e618814b8531e9339473991a18afd4f70cd109489a54ccc3fcaf
Threat name:
Linux.Downloader.Malgent
Create hunting rule
Status:
Malicious
First seen:
2026-02-18 19:11:00 UTC
AV detection:
1 of 24 (4.17%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qreoh7kxjdtbraklquy6sm4uoomrugfp2t3qzuijjcnfjtgd7sxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 8448e3fd5748e618814b8531e9339473991a18afd4f70cd109489a54ccc3fcaf

(this sample)

sh 5273878a02fc3de5576f27dca29eb0f8a415066aa341cc819a9177bedb3d5378

  
URLhaus
https://urlhaus.abuse.ch/url/3780705/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3780696/
  
URLhaus
https://urlhaus.abuse.ch/url/3780697/
  
URLhaus
https://urlhaus.abuse.ch/url/3780702/
  
URLhaus
https://urlhaus.abuse.ch/url/3780706/
  
URLhaus
https://urlhaus.abuse.ch/url/3780719/
  
Dropping
MD5 e5cd8f90bf54e855b5e5e5d1445d711e
  
Dropping
SHA256 5273878a02fc3de5576f27dca29eb0f8a415066aa341cc819a9177bedb3d5378

Comments