MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b010baf97cd5c6eaf9151edb39cd68ce589f8da77c85fcc08412bd278962f69b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b010baf97cd5c6eaf9151edb39cd68ce589f8da77c85fcc08412bd278962f69b
SHA3-384 hash: 18c53a5955af696b68b844677f20b6e2fd694a01cb5df866418b2aa7beba3cba78a5deb93f9741fb68d41e66f9051704
SHA1 hash: 54f333902a7781bcd9e4b70f5874f59cbb007330
MD5 hash: 5004ca0c607c6a6b1d82dc4c82423085
humanhash: iowa-lithium-cola-mike
File name:w2.sh
Download: download sample
File size:640 bytes
First seen:2026-04-13 21:07:05 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:SonH5fS87hnH5xQxpEWZnH5SFGNIMSF+5cinH5qX7K6h7hnHaa84nHLkLBLlnHhc:xD7xjM6WJPNIO5UrKsxJaBBD78n
TLSH T14CF0C9CA55707EA68024CF14E1760DD0530981DAB0E2F7E9A9F6042F8E98721F91CF97
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.156.152.67:83/manji.armc501e99c1aa80f76924b29118fe6cb0a726ee83b41ccc2e0f016160893ba4123 Miraiarm elf mirai opendir ua-wget
http://94.156.152.67:83/manji.arm57382e7affc0f9dfbf0f03bbc8c9aea4ed67ac4c67890e36a1cc7ab94a007a988 Miraiarm elf mirai opendir ua-wget
http://94.156.152.67:83/manji.arm6851b69004aa2c495d3361839f23c3a2e7925ee3a65b9be3019421e05d4227026 Miraiarm elf mirai opendir ua-wget
http://94.156.152.67:83/manji.arm7aeebce7f9cc82201e14d75581507596be40db1c1f56a777d27f106aa06507ce4 Miraiarm elf mirai opendir ua-wget
http://94.156.152.67:83/manji.x86f68c42aa500783d6986c77a09c242ab345bda1ed7a1f1743df296631d2dae229 Miraielf gafgyt mirai opendir ua-wget x86
http://94.156.152.67:83/manji.mips2e2b3522666f0db2f136fc05d7ba3151ed69b2cd4ef96d4207d2ac9b318b8163 Miraielf mips mirai opendir ua-wget
http://94.156.152.67:83/manji.mpsl8cb0ebe8ad767bd8ead638db9d2135c4ef9f963ca4c180ec4e25b85dc065e799 Miraielf mips mirai opendir ua-wget
http://94.156.152.67:83/manji.m68k85dbdfc0f43dddd1082ff8aa68ed20ae988156959f3c062f986d3af13bece1bb Miraielf m68k mirai opendir ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69dd5b135ea31bc68a2772f2/reports/d6547195-9f49-4f93-9eab-b4c36b6ea863/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-04-13T18:13:00Z UTC
Last seen:
2026-04-13T18:38:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.cl
Link:
https://opentip.kaspersky.com/b010baf97cd5c6eaf9151edb39cd68ce589f8da77c85fcc08412bd278962f69b/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b010baf97cd5c6eaf9151edb39cd68ce589f8da77c85fcc08412bd278962f69b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b010baf97cd5c6eaf9151edb39cd68ce589f8da77c85fcc08412bd278962f69b/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/b010baf97cd5c6eaf9151edb39cd68ce589f8da77c85fcc08412bd278962f69b
Threat name:
Document-HTML.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-04-13 21:07:35 UTC
File Type:
Text (Shell)
AV detection:
13 of 38 (34.21%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wailv6l42xdov6ivd3ntttlizzmj7dnhpsc7zqeeck6spclc62nq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260413-zykhlabt4y/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b010baf97cd5c6eaf9151edb39cd68ce589f8da77c85fcc08412bd278962f69b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh b010baf97cd5c6eaf9151edb39cd68ce589f8da77c85fcc08412bd278962f69b

(this sample)

Mirai

elf c501e99c1aa80f76924b29118fe6cb0a726ee83b41ccc2e0f016160893ba4123

  
URLhaus
https://urlhaus.abuse.ch/url/3820816/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c5600ff3f3aa54533fe610df345da6d3
  
Dropping
SHA256 c501e99c1aa80f76924b29118fe6cb0a726ee83b41ccc2e0f016160893ba4123

Comments