MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2359802bafeea6fb8d0ac8d50622249e6cb18aae8ab72d00893cf6ec9c0400f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a2359802bafeea6fb8d0ac8d50622249e6cb18aae8ab72d00893cf6ec9c0400f
SHA3-384 hash: c8658d3790021fefbaa377f81cf6be326918c8fa536e5f55bb953705d0a27d8cc7867ecbe1b17b312866204f4fc0c7f1
SHA1 hash: b6204141f1b556820a74f2b871562c0aae31a02b
MD5 hash: b4225ad2c8811a7c749b62da0408fa08
humanhash: social-bacon-low-london
File name:and
Download: download sample
File size:3'484 bytes
First seen:2025-04-09 19:53:25 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:N06f871APwpxPqamIuX41a7KvKxAJ7KhOy7CSBHLJ:41APyvmz447aYJ
TLSH T1417106CB1363B51D098FC49075D986193524BBC7B0852788DCA812B25387ADDB9EDFEC
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.28.32.251/an/an/amirai moobot sh ua-wget
http://103.28.32.251/most-armca2d87db6526d58c00a5b4d5d6cfd569f5d2f7c1cc1a2c76d5990577b9a7b9fb Miraielf mirai moobot ua-wget
http://103.28.32.251/most-arm5457ac3463c32393c1ca5b86684c1aaa30f883746ca5e42cd5b41d5b0d85fb94e Miraielf mirai moobot ua-wget
http://103.28.32.251/most-arm60c499a0a944b9d28b259e55f4c5c3e5d6eaaeb6105f9b2c7f94b6c44fb93b319 Miraielf mirai moobot ua-wget
http://103.28.32.251/most-arm73698882933571d7fd599291ad8778f5ecfd8015c0cecccbbb2484af69ed5e5f4 Miraielf mirai moobot ua-wget
http://103.28.32.251/most-m68k38027e621a2b5608d47465a785658004d1274354e82a25e735e6bf34d0cabd09 Miraielf mirai moobot ua-wget
http://103.28.32.251/most-mips448d05b73582cdf2e1cd8ca002a9f117b8aa8dee7a839a7643abe77a802f85ad Miraielf mirai moobot ua-wget
http://103.28.32.251/most-mpsle046eae1f9862254c2126c741696f6f3a7ccb1682382e6a4ec43a0b07cd594f3 Miraielf mirai moobot ua-wget
http://103.28.32.251/most-ppcn/an/an/a
http://103.28.32.251/most-sh445c3040bb3b4d691f36366bce288bc953d13d2174d7ad33e5521d0c6e6695e76 Miraielf mirai moobot ua-wget
http://103.28.32.251/most-spcn/an/an/a
http://103.28.32.251/most-x8629206f3b73af721c3c74bcbe47763b2177643697a375f6dc5f672eca1054d57a Miraielf mirai moobot ua-wget
http://103.28.32.251/most-x86_6437655e6676ef77fe577eb4ad5ff1562290bec739bef988fc6aeb36f9802a6700 Miraielf mirai moobot ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
81
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f76c17f9ba909217ce97f0linux22vpnfull_triage
Tags:
mirai virus
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/67f6d0602d430c849e0fe73e/reports/4ddc7ddf-14d6-49ff-98bb-237dc47ca620/overview
Verdict:
Malicious
Labled as:
Bash.MiraiA.Generic
Link:
https://www.hybrid-analysis.com/sample/a2359802bafeea6fb8d0ac8d50622249e6cb18aae8ab72d00893cf6ec9c0400f
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a2359802bafeea6fb8d0ac8d50622249e6cb18aae8ab72d00893cf6ec9c0400f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a2359802bafeea6fb8d0ac8d50622249e6cb18aae8ab72d00893cf6ec9c0400f/
Threat name:
Script-Shell.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-04-09 03:44:21 UTC
File Type:
Text (Shell)
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ui2zqav273vg7ogqvsgvayrcjhtmwgfk5cvxfuaisphw5soaiahq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a2359802bafeea6fb8d0ac8d50622249e6cb18aae8ab72d00893cf6ec9c0400f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh a2359802bafeea6fb8d0ac8d50622249e6cb18aae8ab72d00893cf6ec9c0400f

(this sample)

sh b4caa833ce0e083ccd9093fb1c8c926ffe5a616e6904802813225a7ee9ca46d7

  
URLhaus
https://urlhaus.abuse.ch/url/3505725/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3505749/
  
Dropping
MD5 7832295112a9f7e478aa986760934601
  
Dropping
SHA256 b4caa833ce0e083ccd9093fb1c8c926ffe5a616e6904802813225a7ee9ca46d7

Comments