MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a23893ec11dca1f3dc36c0b8afa2f4890080a176a136d4dc6bb93eb1288624c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a23893ec11dca1f3dc36c0b8afa2f4890080a176a136d4dc6bb93eb1288624c4
SHA3-384 hash: 8d0cab2341c35651ef6bdc3f268bd443570fc339d96bdfda0f48e7cfcf4e54b2f1163aed31d6c8a21c5680736125e90c
SHA1 hash: fb8b53cd01a314b32858f91950eb07b37a902e86
MD5 hash: 9e58bb33f250dcbc4605bffae120febb
humanhash: lion-twelve-six-beer
File name:wget.sh
Download: download sample
File size:485 bytes
First seen:2025-02-21 03:02:13 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 6:hPjooZX4WmI+ga1NFoZX4aM3GjoZX4tiB8BoXoZX4wVxZboXoZX41LIT54tNFoZM:J8Mth8XMv2GjM6OMLSXM2SiXM+fGc
TLSH T1AAF030C4A2B10EEBC8A99D45F7528C668496A3CCA4CBCBED7C5A532A0C25500FC94EC2
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.156.227.74/arm5n/an/aelf mirai ua-wget
http://94.156.227.74/arm6n/an/aelf mirai ua-wget
http://94.156.227.74/arm7n/an/aelf mirai ua-wget
http://94.156.227.74/mipsn/an/a32-bit elf mirai
http://94.156.227.74/mpsln/an/aelf mirai ua-wget
http://94.156.227.74/x86n/an/a32-bit elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67b7eda3a0fd713c335c21aalinux22vpnfull_triage
Tags:
agent virus hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/67b7ecf35b81efb9a6962bf1/reports/5059607c-16ed-4368-bc0f-2dbb42023295/overview
Result
Verdict:
UNKNOWN
Score:
49%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/a23893ec11dca1f3dc36c0b8afa2f4890080a176a136d4dc6bb93eb1288624c4
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a23893ec11dca1f3dc36c0b8afa2f4890080a176a136d4dc6bb93eb1288624c4/
Threat name:
Script.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-02-21 03:03:10 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ui4jh3ar3sq7hxbwyc4k7ixureaibilwue3njxdlxe7lckegetca._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/250221-dj4r2a1may/
Behaviour
System Network Configuration Discovery
Writes file to tmp directory
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/a23893ec11dca1f3dc36c0b8afa2f4890080a176a136d4dc6bb93eb1288624c4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh a23893ec11dca1f3dc36c0b8afa2f4890080a176a136d4dc6bb93eb1288624c4

(this sample)

elf 6a5e641459bf9a13edda730e95d6234fae07f1b0e691375fe4e9dd238e13d01e

  
URLhaus
https://urlhaus.abuse.ch/url/3438729/
  
Delivery method
Distributed via web download
  
Dropping
MD5 44ea43dd3e1abcf6293714f786710cc7
  
Dropping
SHA256 6a5e641459bf9a13edda730e95d6234fae07f1b0e691375fe4e9dd238e13d01e

Comments