MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b301513e27049ca2492975a4a2e14ae4ad2ee96e6b49b39c437f3a8aff30f912. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b301513e27049ca2492975a4a2e14ae4ad2ee96e6b49b39c437f3a8aff30f912
SHA3-384 hash: da12f7bdc9bcb0c9e65570798a7c22844d47fa0bd028340e1e9d9d1947ac16098e8e29d28f4b73f97e2374187da80cd9
SHA1 hash: 48f025de20c5de9c1ec874cc3d07fd5254b9b515
MD5 hash: a51f3772142c0c92af845382f99a4630
humanhash: saturn-helium-arkansas-oscar
File name:c.sh
Download: download sample
File size:1'333 bytes
First seen:2025-12-23 21:14:24 UTC
Last seen:2025-12-24 11:08:54 UTC
File type: sh
MIME type:text/plain
ssdeep 24:3J3gfI8XIpDNIiIwtKKIIUs7gIs4IwXI6fIjZIm0r4I0OBn1VInMwTIJdIPR:ifI8XIp9IwtRInHIxIwXI6fIjZIm0r41
TLSH T10B2150BDCF5591761DDC8A3875098119E90DCDF0F8A8DEA0B51346B67F98300AD4CB6E
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://179.43.175.148/sdxkzX_UXA229x.armn/an/aelf ua-wget
http://179.43.175.148/sdxkzX_UXA229x.arm5n/an/aelf ua-wget
http://179.43.175.148/sdxkzX_UXA229x.arm6n/an/aelf ua-wget
http://179.43.175.148/sdxkzX_UXA229x.arm7n/an/aelf ua-wget
http://179.43.175.148/sdxkzX_UXA229x.sh4n/an/aelf ua-wget
http://179.43.175.148/sdxkzX_UXA229x.arcn/an/an/a
http://179.43.175.148/sdxkzX_UXA229x.mipsn/an/aelf ua-wget
http://179.43.175.148/sdxkzX_UXA229x.mipseln/an/aelf ua-wget
http://179.43.175.148/sdxkzX_UXA229x.sparcn/an/aelf ua-wget
http://179.43.175.148/sdxkzX_UXA229x.x86_64n/an/aelf ua-wget
http://179.43.175.148/sdxkzX_UXA229x.i686n/an/aelf ua-wget
http://179.43.175.148/sdxkzX_UXA229x.i586n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/694b0668e8abb702f8060aea/reports/d51f939b-1ea9-4f74-a674-1da8cfaf0cf7/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-23T18:24:00Z UTC
Last seen:
2025-12-23T18:39:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.cl
Link:
https://opentip.kaspersky.com/b301513e27049ca2492975a4a2e14ae4ad2ee96e6b49b39c437f3a8aff30f912/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2c6befed-62a3-4534-9f76-e314525ed12a
Behavior Graph:
Download SVG
%3 guuid=a7a4dc2d-1a00-0000-4fbd-4d2627090000 pid=2343 /usr/bin/sudo guuid=28013d31-1a00-0000-4fbd-4d262b090000 pid=2347 /tmp/sample.bin guuid=a7a4dc2d-1a00-0000-4fbd-4d2627090000 pid=2343->guuid=28013d31-1a00-0000-4fbd-4d262b090000 pid=2347 execve guuid=bca5a031-1a00-0000-4fbd-4d262d090000 pid=2349 /usr/bin/curl net guuid=28013d31-1a00-0000-4fbd-4d262b090000 pid=2347->guuid=bca5a031-1a00-0000-4fbd-4d262d090000 pid=2349 execve 7cbb43c8-c608-5d45-9f56-32df48cad74c 179.43.175.148:80 guuid=bca5a031-1a00-0000-4fbd-4d262d090000 pid=2349->7cbb43c8-c608-5d45-9f56-32df48cad74c con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b301513e27049ca2492975a4a2e14ae4ad2ee96e6b49b39c437f3a8aff30f912
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b301513e27049ca2492975a4a2e14ae4ad2ee96e6b49b39c437f3a8aff30f912/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/b301513e27049ca2492975a4a2e14ae4ad2ee96e6b49b39c437f3a8aff30f912
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-23 21:15:23 UTC
File Type:
Text (Shell)
AV detection:
14 of 36 (38.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wmavcprhasokesjjowskfykk4sws52lonne3hhcdp45iv7zq7eja._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b301513e27049ca2492975a4a2e14ae4ad2ee96e6b49b39c437f3a8aff30f912

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh b301513e27049ca2492975a4a2e14ae4ad2ee96e6b49b39c437f3a8aff30f912

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3741615/
  
Delivery method
Distributed via web download

Comments