MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 86285175faffed365a75800e1f08333dede6f568027a3f397bd77efb13ebb0fc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 86285175faffed365a75800e1f08333dede6f568027a3f397bd77efb13ebb0fc
SHA3-384 hash: 3be2e0e7f986e14dc04f4e2408fffd3c3c07ef7525d96cdc526fcaca02d498fff88d102e8908ac5c1647a200620c8cad
SHA1 hash: 7f432b972fa0c4538467f36dcfa5ba075022e4d5
MD5 hash: a3c4df7516653a739819c499bac58bd1
humanhash: glucose-red-uranus-nitrogen
File name:c.sh
Download: download sample
File size:393 bytes
First seen:2025-05-02 19:27:07 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3HA8LqxHAKNIl5zAxHA30LKjxHM2CxHMqxH7iAUn:3J3g8LtKNI7ziKXy2n
TLSH T1C1E022BC219A228F93249E11F03FC2087473EBCA7070CE12E02A3029B5842217832F07
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.44/arm5829188885aebea92bb695e713ffb1b1dd889bb7f59d4774cfd61f0b3be2eb98f Miraielf mirai
http://213.209.143.44/arm632ee9608c05bd0b9e569a4be873e4c82bcb1ad7c63e408c2c43cd3e9859bf4f4 Miraielf mirai
http://213.209.143.44/arm7d272c1dc14542558532ea0b5f242882a062f2f0fe15f1ad51390507972f6f462 Miraielf mirai
http://213.209.143.44/mips2d8559c3a323ebfd0536bf99910632c2b4ce22e557553ad2dd88d63dda06fcc2 Miraielf mirai
http://213.209.143.44/mipsela28ef23eab368ee0cf4c519dc023f8ea21f2ab99e3cb4c2b7961ddefe8d4ba1a Miraielf mirai
http://213.209.143.44/x865b28f780409f28c7947f3984accd20a33bcf043af7a4918082ffa10fbb05b1dd Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
94
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=681520394355f44aee6893c6linux22vpnfull_triage
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68151c8d0b64e174c41531e8/reports/e306fdcd-5aeb-48e6-b2cd-0d298393d8bc/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/86285175faffed365a75800e1f08333dede6f568027a3f397bd77efb13ebb0fc
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/86285175faffed365a75800e1f08333dede6f568027a3f397bd77efb13ebb0fc/
Threat name:
Linux.Downloader.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-05-02 19:28:08 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qyufc5p277wtmwtvqahb6cbthxw6n5liaj5d6ol3257pwe7lwd6a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250502-x552rstsbs/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/86285175faffed365a75800e1f08333dede6f568027a3f397bd77efb13ebb0fc

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 86285175faffed365a75800e1f08333dede6f568027a3f397bd77efb13ebb0fc

(this sample)

elf 770a224748c59cad28b9078315a0c8236c1b85e5bb76f868c44139911137775f

  
URLhaus
https://urlhaus.abuse.ch/url/3532736/
  
Delivery method
Distributed via web download
  
Dropping
MD5 34ffd31f8bbe88472db7703ce6d1551b
  
Dropping
SHA256 770a224748c59cad28b9078315a0c8236c1b85e5bb76f868c44139911137775f

Comments