MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d2b498ab4b99de8370e2a39ce2c84515038606546a0bdc1638c7cc6a007ae09. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	9d2b498ab4b99de8370e2a39ce2c84515038606546a0bdc1638c7cc6a007ae09
SHA3-384 hash:	fc3b07a535edb82cbe4fc4ca270128dcbb21edd6b6ff21b5ff011adb2763df5aecd4005e913e3102eda8755e9bd6d35c
SHA1 hash:	64662a6e956bf77a5fc12e8154d7f5cf785961c9
MD5 hash:	120d7429c93d340c03932809da00447c
humanhash:	august-butter-winter-golf
File name:	giga.sh
Download:	download sample
File size:	232 bytes
First seen:	2025-05-14 08:12:20 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	3:LMFeMEd9EVaJIca8BzSaLcaxaBCDELIM8cIFJhSmRDMFeMEd97KCIca8BzSaLca/:LMFFEjGkNYC/PamRDMFFEDKLkNYCzXkG
TLSH	T1DFD0C9EED9752430C041FD5CAF63DE586016D5D323573F88558C0DA68B98BD0E4515C8
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://103.188.82.240/mips	2d028a56a4e8ca330d2b5d39039a61ab3074f811ebc39e585d62decc81facc3d	Mirai	elf gafgyt geofenced mirai ua-wget USA
http://103.188.82.240/arm7	n/a	n/a	elf geofenced mirai ua-wget USA

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68245197e16384d6a70446edlinux22vpnfull_triage

Tags:

agent hype sage

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6824509a0e6398962583ba3e/reports/0bee73b2-c79c-4c55-af8d-fd915048b90b/overview

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/9d2b498ab4b99de8370e2a39ce2c84515038606546a0bdc1638c7cc6a007ae09

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9d2b498ab4b99de8370e2a39ce2c84515038606546a0bdc1638c7cc6a007ae09/

Threat name:

Text.Browser.Generic

Status:

Suspicious

First seen:

2025-05-14 08:13:16 UTC

File Type:

Text (Shell)

AV detection:

2 of 37 (5.41%)

Threat level:

4/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tuvutcvuxgo6qnyofi444leekfidqydfi2ql3qldrr6mniahvyeq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250514-j4hm7afj7z/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9d2b498ab4b99de8370e2a39ce2c84515038606546a0bdc1638c7cc6a007ae09

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 9d2b498ab4b99de8370e2a39ce2c84515038606546a0bdc1638c7cc6a007ae09

(this sample)

Mirai

elf 019dddb50e30d8cb3c6bb2bad01bc344152df54207c70c5d6c05b9f8ad4c8d49

URLhaus

https://urlhaus.abuse.ch/url/3537803/

Delivery method

Distributed via web download

Dropping

MD5 83df9df5c64f1de8b9074f5efdbcc97e

Dropping

SHA256 019dddb50e30d8cb3c6bb2bad01bc344152df54207c70c5d6c05b9f8ad4c8d49

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample