MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8c51a2cf33720cd5afa5739816bd52b0dd2ce2a2f27601ea6b3672da0de5c98d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments

SHA256 hash: 8c51a2cf33720cd5afa5739816bd52b0dd2ce2a2f27601ea6b3672da0de5c98d
SHA3-384 hash: 995b0e7ab5e3a07099df4147c6e5dc83b14852866af9977530a57db27d79144266275004c1405a5690051cc959a22d35
SHA1 hash: 0cf4ffbee4914729c9d585af95afb32854a9fd89
MD5 hash: fdf49c199d004f0df236984852106d71
humanhash: cola-oscar-thirteen-happy
File name:f
Download: download sample
File size:136 bytes
First seen:2026-07-02 02:30:57 UTC
Last seen:2026-07-02 09:24:49 UTC
File type: sh
MIME type:text/plain
ssdeep 3:LrJZARFpnhFVTyGBzSEyLTUWnD9nhFVT8TBzSE8eUwn:LrJ+jphvxI/D9hvcZn
TLSH T1D9C08CAB04A820048281EC927863423F329FDBC01024270CD2C83523CC84000F820EC5
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://217.60.195.160/mipsn/an/abotnet mirai
http://217.60.195.160/mpsln/an/abotnet mirai

Intelligence


File Origin
# of uploads :
176
# of downloads :
8
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
downloader mirai
Status:
terminated
Behavior Graph:
%3 guuid=47a59ac0-1900-0000-5129-e760ae100000 pid=4270 /usr/bin/sudo guuid=54958ac2-1900-0000-5129-e760b4100000 pid=4276 /tmp/sample.bin guuid=47a59ac0-1900-0000-5129-e760ae100000 pid=4270->guuid=54958ac2-1900-0000-5129-e760b4100000 pid=4276 execve guuid=b087ddc2-1900-0000-5129-e760b6100000 pid=4278 /usr/bin/rm guuid=54958ac2-1900-0000-5129-e760b4100000 pid=4276->guuid=b087ddc2-1900-0000-5129-e760b6100000 pid=4278 execve guuid=223767c3-1900-0000-5129-e760ba100000 pid=4282 /usr/bin/wget net send-data write-file guuid=54958ac2-1900-0000-5129-e760b4100000 pid=4276->guuid=223767c3-1900-0000-5129-e760ba100000 pid=4282 execve guuid=ec1136cb-1900-0000-5129-e760d9100000 pid=4313 /usr/bin/chmod guuid=54958ac2-1900-0000-5129-e760b4100000 pid=4276->guuid=ec1136cb-1900-0000-5129-e760d9100000 pid=4313 execve guuid=ea3885cb-1900-0000-5129-e760dd100000 pid=4317 /usr/bin/dash guuid=54958ac2-1900-0000-5129-e760b4100000 pid=4276->guuid=ea3885cb-1900-0000-5129-e760dd100000 pid=4317 clone guuid=90ddb8cc-1900-0000-5129-e760e4100000 pid=4324 /usr/bin/wget net send-data write-file guuid=54958ac2-1900-0000-5129-e760b4100000 pid=4276->guuid=90ddb8cc-1900-0000-5129-e760e4100000 pid=4324 execve guuid=480d73d2-1900-0000-5129-e760fa100000 pid=4346 /usr/bin/chmod guuid=54958ac2-1900-0000-5129-e760b4100000 pid=4276->guuid=480d73d2-1900-0000-5129-e760fa100000 pid=4346 execve guuid=84d7c3d2-1900-0000-5129-e760fd100000 pid=4349 /usr/bin/dash guuid=54958ac2-1900-0000-5129-e760b4100000 pid=4276->guuid=84d7c3d2-1900-0000-5129-e760fd100000 pid=4349 clone bd4cd58e-4bf4-5e45-aa20-cbdbc74c7fd7 217.60.195.160:80 guuid=223767c3-1900-0000-5129-e760ba100000 pid=4282->bd4cd58e-4bf4-5e45-aa20-cbdbc74c7fd7 send: 133B guuid=90ddb8cc-1900-0000-5129-e760e4100000 pid=4324->bd4cd58e-4bf4-5e45-aa20-cbdbc74c7fd7 send: 133B
Result
Malware family:
n/a
Score:
  8/10
Tags:
adware persistence ransomware spyware
Behaviour
Checks SCSI registry key(s)
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Enumerates physical storage devices
Enumerates connected drives
Boot or Logon Autostart Execution: Active Setup
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 8c51a2cf33720cd5afa5739816bd52b0dd2ce2a2f27601ea6b3672da0de5c98d

(this sample)

  
Delivery method
Distributed via web download

Comments