MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8e5263851b1c747f12605cc88eb2475bf0c670bda7ecefbfd9ec8947316df67d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8e5263851b1c747f12605cc88eb2475bf0c670bda7ecefbfd9ec8947316df67d
SHA3-384 hash: c424b0c07a22fc13a38c6df4fe7580f730ced9b0c18bb3a646ec5a3aeebf5af90581b6b3f316746e7589347b0548be66
SHA1 hash: 4d817ec27b78fdf4141d26ff013cdb398406f6d2
MD5 hash: 7c0c80a7be710cd9d70233d0e9f27ebb
humanhash: early-single-timing-connecticut
File name:abc2.sh
Download: download sample
File size:707 bytes
First seen:2026-02-17 17:12:47 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:u1eLq/cj/iNIl5zA/P0LKj/uOs/iC/c//6cSE/otaKA/K/iA/KtfAn:lbmNI7dKS0R6cAtB//MhA
TLSH T11501E1CF2BA1F1458E0CAE10F16A06597945E7C032B45F59ABD47872D8DDA10FCE8F4A
Magika txt
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
50
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6994a1bc930564ff3ca664f8/reports/0af3a72b-505a-4dbc-8059-50d2466e19d4/overview
Result
Gathering data
Verdict:
Malicious
File Type:
text
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/8e5263851b1c747f12605cc88eb2475bf0c670bda7ecefbfd9ec8947316df67d/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8d4468c4-f3b2-46a5-879e-14df78c18069
Behavior Graph:
Download SVG
%3 guuid=50cc89ef-1800-0000-d12a-790fc4080000 pid=2244 /usr/bin/sudo guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250 /tmp/sample.bin guuid=50cc89ef-1800-0000-d12a-790fc4080000 pid=2244->guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250 execve guuid=6b3ed2f2-1800-0000-d12a-790fcb080000 pid=2251 /usr/bin/wget net send-data write-file guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=6b3ed2f2-1800-0000-d12a-790fcb080000 pid=2251 execve guuid=c1c37a76-1900-0000-d12a-790f88090000 pid=2440 /usr/bin/chmod guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=c1c37a76-1900-0000-d12a-790f88090000 pid=2440 execve guuid=8283bb76-1900-0000-d12a-790f8a090000 pid=2442 /usr/bin/dash guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=8283bb76-1900-0000-d12a-790f8a090000 pid=2442 clone guuid=c6da5c77-1900-0000-d12a-790f8e090000 pid=2446 /usr/bin/wget net send-data write-file guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=c6da5c77-1900-0000-d12a-790f8e090000 pid=2446 execve guuid=3b6689c4-1900-0000-d12a-790f430a0000 pid=2627 /usr/bin/chmod guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=3b6689c4-1900-0000-d12a-790f430a0000 pid=2627 execve guuid=1bb4c8c4-1900-0000-d12a-790f450a0000 pid=2629 /usr/bin/dash guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=1bb4c8c4-1900-0000-d12a-790f450a0000 pid=2629 clone guuid=eeab77c5-1900-0000-d12a-790f480a0000 pid=2632 /usr/bin/wget net send-data write-file guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=eeab77c5-1900-0000-d12a-790f480a0000 pid=2632 execve guuid=900aec51-1a00-0000-d12a-790f5b0b0000 pid=2907 /usr/bin/chmod guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=900aec51-1a00-0000-d12a-790f5b0b0000 pid=2907 execve guuid=99504152-1a00-0000-d12a-790f5d0b0000 pid=2909 /usr/bin/dash guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=99504152-1a00-0000-d12a-790f5d0b0000 pid=2909 clone guuid=4f400853-1a00-0000-d12a-790f620b0000 pid=2914 /usr/bin/wget net send-data write-file guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=4f400853-1a00-0000-d12a-790f620b0000 pid=2914 execve guuid=bc1b9170-1c00-0000-d12a-790fdf0f0000 pid=4063 /usr/bin/chmod guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=bc1b9170-1c00-0000-d12a-790fdf0f0000 pid=4063 execve guuid=b873d070-1c00-0000-d12a-790fe00f0000 pid=4064 /usr/bin/dash guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=b873d070-1c00-0000-d12a-790fe00f0000 pid=4064 clone guuid=61dc8f71-1c00-0000-d12a-790fe40f0000 pid=4068 /usr/bin/wget net send-data write-file guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=61dc8f71-1c00-0000-d12a-790fe40f0000 pid=4068 execve guuid=a60ae2ff-1d00-0000-d12a-790f6a140000 pid=5226 /usr/bin/chmod guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=a60ae2ff-1d00-0000-d12a-790f6a140000 pid=5226 execve guuid=66d44e00-1e00-0000-d12a-790f6b140000 pid=5227 /usr/bin/dash guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=66d44e00-1e00-0000-d12a-790f6b140000 pid=5227 clone guuid=5d834801-1e00-0000-d12a-790f6d140000 pid=5229 /usr/bin/wget net send-data write-file guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=5d834801-1e00-0000-d12a-790f6d140000 pid=5229 execve guuid=7c787304-1f00-0000-d12a-790f79140000 pid=5241 /usr/bin/chmod guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=7c787304-1f00-0000-d12a-790f79140000 pid=5241 execve guuid=4ce4de04-1f00-0000-d12a-790f7a140000 pid=5242 /usr/bin/dash guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=4ce4de04-1f00-0000-d12a-790f7a140000 pid=5242 clone guuid=c7a48305-1f00-0000-d12a-790f7c140000 pid=5244 /usr/bin/wget net send-data write-file guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=c7a48305-1f00-0000-d12a-790f7c140000 pid=5244 execve guuid=c53be3bc-1f00-0000-d12a-790f84140000 pid=5252 /usr/bin/chmod guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=c53be3bc-1f00-0000-d12a-790f84140000 pid=5252 execve guuid=268b95be-1f00-0000-d12a-790f85140000 pid=5253 /usr/bin/dash guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=268b95be-1f00-0000-d12a-790f85140000 pid=5253 clone guuid=0be3ddc1-1f00-0000-d12a-790f87140000 pid=5255 /usr/bin/wget net send-data write-file guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=0be3ddc1-1f00-0000-d12a-790f87140000 pid=5255 execve guuid=eb6a7645-2000-0000-d12a-790f88140000 pid=5256 /usr/bin/chmod guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=eb6a7645-2000-0000-d12a-790f88140000 pid=5256 execve guuid=d5c51446-2000-0000-d12a-790f89140000 pid=5257 /usr/bin/dash guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=d5c51446-2000-0000-d12a-790f89140000 pid=5257 clone guuid=80fe4347-2000-0000-d12a-790f8b140000 pid=5259 /usr/bin/wget net send-data write-file guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=80fe4347-2000-0000-d12a-790f8b140000 pid=5259 execve guuid=9c7a500e-2100-0000-d12a-790fac140000 pid=5292 /usr/bin/chmod guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=9c7a500e-2100-0000-d12a-790fac140000 pid=5292 execve guuid=e3f8d40e-2100-0000-d12a-790fad140000 pid=5293 /usr/bin/dash guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=e3f8d40e-2100-0000-d12a-790fad140000 pid=5293 clone guuid=76de710f-2100-0000-d12a-790faf140000 pid=5295 /usr/bin/wget net send-data write-file guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=76de710f-2100-0000-d12a-790faf140000 pid=5295 execve guuid=bb054582-2100-0000-d12a-790fb0140000 pid=5296 /usr/bin/chmod guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=bb054582-2100-0000-d12a-790fb0140000 pid=5296 execve guuid=e982a482-2100-0000-d12a-790fb1140000 pid=5297 /home/sandbox/x86 net guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=e982a482-2100-0000-d12a-790fb1140000 pid=5297 execve guuid=c2d8d784-2100-0000-d12a-790fb9140000 pid=5305 /usr/bin/wget net send-data write-file guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=c2d8d784-2100-0000-d12a-790fb9140000 pid=5305 execve guuid=0f596946-2200-0000-d12a-790fbc140000 pid=5308 /usr/bin/chmod guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=0f596946-2200-0000-d12a-790fbc140000 pid=5308 execve guuid=8c87ae46-2200-0000-d12a-790fbd140000 pid=5309 /home/sandbox/x86_64 net guuid=78a188f2-1800-0000-d12a-790fca080000 pid=2250->guuid=8c87ae46-2200-0000-d12a-790fbd140000 pid=5309 execve 3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 103.116.52.126:80 guuid=6b3ed2f2-1800-0000-d12a-790fcb080000 pid=2251->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 133B guuid=c6da5c77-1900-0000-d12a-790f8e090000 pid=2446->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 132B guuid=eeab77c5-1900-0000-d12a-790f480a0000 pid=2632->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 133B guuid=4f400853-1a00-0000-d12a-790f620b0000 pid=2914->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 133B guuid=61dc8f71-1c00-0000-d12a-790fe40f0000 pid=4068->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 133B guuid=5d834801-1e00-0000-d12a-790f6d140000 pid=5229->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 133B guuid=c7a48305-1f00-0000-d12a-790f7c140000 pid=5244->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 133B guuid=0be3ddc1-1f00-0000-d12a-790f87140000 pid=5255->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 132B guuid=80fe4347-2000-0000-d12a-790f8b140000 pid=5259->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 132B guuid=76de710f-2100-0000-d12a-790faf140000 pid=5295->3fef5bdb-c5ad-5d10-ba8a-1d0b4a6a5ed7 send: 132B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=e982a482-2100-0000-d12a-790fb1140000 pid=5297->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=cc16cc82-2100-0000-d12a-790fb2140000 pid=5298 /usr/bin/dash guuid=e982a482-2100-0000-d12a-790fb1140000 pid=5297->guuid=cc16cc82-2100-0000-d12a-790fb2140000 pid=5298 execve guuid=d8e5cc84-2100-0000-d12a-790fb8140000 pid=5304 /home/sandbox/bin/busybox dns net send-data zombie guuid=e982a482-2100-0000-d12a-790fb1140000 pid=5297->guuid=d8e5cc84-2100-0000-d12a-790fb8140000 pid=5304 clone guuid=41292b83-2100-0000-d12a-790fb3140000 pid=5299 /usr/bin/rm guuid=cc16cc82-2100-0000-d12a-790fb2140000 pid=5298->guuid=41292b83-2100-0000-d12a-790fb3140000 pid=5299 execve guuid=e51f7a83-2100-0000-d12a-790fb4140000 pid=5300 /usr/bin/mkdir guuid=cc16cc82-2100-0000-d12a-790fb2140000 pid=5298->guuid=e51f7a83-2100-0000-d12a-790fb4140000 pid=5300 execve guuid=c34f1284-2100-0000-d12a-790fb5140000 pid=5301 /usr/bin/mv guuid=cc16cc82-2100-0000-d12a-790fb2140000 pid=5298->guuid=c34f1284-2100-0000-d12a-790fb5140000 pid=5301 execve guuid=0a14a584-2100-0000-d12a-790fb6140000 pid=5302 /usr/bin/chmod zombie guuid=cc16cc82-2100-0000-d12a-790fb2140000 pid=5298->guuid=0a14a584-2100-0000-d12a-790fb6140000 pid=5302 execve guuid=c306ab84-2100-0000-d12a-790fb7140000 pid=5303 /usr/bin/dash guuid=cc16cc82-2100-0000-d12a-790fb2140000 pid=5298->guuid=c306ab84-2100-0000-d12a-790fb7140000 pid=5303 clone guuid=d8e5cc84-2100-0000-d12a-790fb8140000 pid=5304->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 155B 95e0242c-d621-5b6a-bf7c-c34dbb755f99 bbos.minet.vn:56999 guuid=d8e5cc84-2100-0000-d12a-790fb8140000 pid=5304->95e0242c-d621-5b6a-bf7c-c34dbb755f99 send: 24B guuid=614eda84-2100-0000-d12a-790fba140000 pid=5306 /home/sandbox/bin/busybox guuid=d8e5cc84-2100-0000-d12a-790fb8140000 pid=5304->guuid=614eda84-2100-0000-d12a-790fba140000 pid=5306 clone guuid=a64bdf84-2100-0000-d12a-790fbb140000 pid=5307 /home/sandbox/bin/busybox net net-scan send-data guuid=d8e5cc84-2100-0000-d12a-790fb8140000 pid=5304->guuid=a64bdf84-2100-0000-d12a-790fbb140000 pid=5307 clone e82b4f26-a3cb-5e04-ae5e-c1ca432bd118 bbos.minet.vn:80 guuid=c2d8d784-2100-0000-d12a-790fb9140000 pid=5305->e82b4f26-a3cb-5e04-ae5e-c1ca432bd118 send: 135B guuid=a64bdf84-2100-0000-d12a-790fbb140000 pid=5307->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a64bdf84-2100-0000-d12a-790fbb140000 pid=5307|send-data send-data to 4097 IP addresses review logs to see them all guuid=a64bdf84-2100-0000-d12a-790fbb140000 pid=5307->guuid=a64bdf84-2100-0000-d12a-790fbb140000 pid=5307|send-data send guuid=8c87ae46-2200-0000-d12a-790fbd140000 pid=5309->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4476bb46-2200-0000-d12a-790fbe140000 pid=5310 /usr/bin/dash guuid=8c87ae46-2200-0000-d12a-790fbd140000 pid=5309->guuid=4476bb46-2200-0000-d12a-790fbe140000 pid=5310 execve guuid=f2d28b48-2200-0000-d12a-790fc2140000 pid=5314 /home/sandbox/x86_64 dns net send-data zombie guuid=8c87ae46-2200-0000-d12a-790fbd140000 pid=5309->guuid=f2d28b48-2200-0000-d12a-790fc2140000 pid=5314 clone guuid=777aec46-2200-0000-d12a-790fbf140000 pid=5311 /usr/bin/rm guuid=4476bb46-2200-0000-d12a-790fbe140000 pid=5310->guuid=777aec46-2200-0000-d12a-790fbf140000 pid=5311 execve guuid=224b5b47-2200-0000-d12a-790fc0140000 pid=5312 /usr/bin/mkdir guuid=4476bb46-2200-0000-d12a-790fbe140000 pid=5310->guuid=224b5b47-2200-0000-d12a-790fc0140000 pid=5312 execve guuid=a2d0fb47-2200-0000-d12a-790fc1140000 pid=5313 /usr/bin/chmod guuid=4476bb46-2200-0000-d12a-790fbe140000 pid=5310->guuid=a2d0fb47-2200-0000-d12a-790fc1140000 pid=5313 execve guuid=f2d28b48-2200-0000-d12a-790fc2140000 pid=5314->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 155B guuid=f2d28b48-2200-0000-d12a-790fc2140000 pid=5314->95e0242c-d621-5b6a-bf7c-c34dbb755f99 send: 22B guuid=ea21a148-2200-0000-d12a-790fc3140000 pid=5315 /home/sandbox/x86_64 guuid=f2d28b48-2200-0000-d12a-790fc2140000 pid=5314->guuid=ea21a148-2200-0000-d12a-790fc3140000 pid=5315 clone guuid=0f2bb248-2200-0000-d12a-790fc4140000 pid=5316 /home/sandbox/x86_64 net net-scan send-data guuid=f2d28b48-2200-0000-d12a-790fc2140000 pid=5314->guuid=0f2bb248-2200-0000-d12a-790fc4140000 pid=5316 clone guuid=0f2bb248-2200-0000-d12a-790fc4140000 pid=5316->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=0f2bb248-2200-0000-d12a-790fc4140000 pid=5316|send-data send-data to 4097 IP addresses review logs to see them all guuid=0f2bb248-2200-0000-d12a-790fc4140000 pid=5316->guuid=0f2bb248-2200-0000-d12a-790fc4140000 pid=5316|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8e5263851b1c747f12605cc88eb2475bf0c670bda7ecefbfd9ec8947316df67d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8e5263851b1c747f12605cc88eb2475bf0c670bda7ecefbfd9ec8947316df67d/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/8e5263851b1c747f12605cc88eb2475bf0c670bda7ecefbfd9ec8947316df67d
Threat name:
Script-Shell.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-02-17 16:44:29 UTC
File Type:
Text (Shell)
AV detection:
11 of 36 (30.56%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rzjghbi3dr2h6etaltei5mshlpymm4f5u7wo7p6z5seuomln6z6q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260217-vrml6aft4g/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8e5263851b1c747f12605cc88eb2475bf0c670bda7ecefbfd9ec8947316df67d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 8e5263851b1c747f12605cc88eb2475bf0c670bda7ecefbfd9ec8947316df67d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3779636/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3779635/

Comments