MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b501d1f5c5cbe7405d93686eeef38095bf303b1c86b842653f030d9ddf83a077. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b501d1f5c5cbe7405d93686eeef38095bf303b1c86b842653f030d9ddf83a077
SHA3-384 hash: ff39fd917314f82fa353acedcad77e0af946aacb1c8b80b6b842c316ec2d2ea25453b050b2a3cc937d00e60fb1a372ea
SHA1 hash: 6f6acf21cb8a54c43a5bd71057f933bc18e754e3
MD5 hash: ee3e8852082f82526175e3e3b5eced2f
humanhash: echo-saturn-pluto-coffee
File name:mips.sh
Download: download sample
File size:258 bytes
First seen:2026-04-05 07:17:50 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:cwKj969jX+QjlrFH7jXX7U9jX+QbrZ3djX1WNFIQyxn:5K09jXRFH7jXrU9jXHZ3djXENy
TLSH T153D012C405602DF525AF896123E542CAF6099190E3D54FCAD3C469613228DA0BDE4A81
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://64.89.163.118/florida4bafd0db45b44a978092247b4178e3775ae19153f7c6d981fb7780d9b0d8e82a Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
35
Origin country :
DE DE
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.HEUR.Trojan-Downloader.Shell.Agent.p.32526.23611.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/69d20cc6e2df9aa488c7380b/reports/1a042692-b264-48da-a1fc-f0934a80e480/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-03-27T16:11:00Z UTC
Last seen:
2026-04-05T06:48:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/b501d1f5c5cbe7405d93686eeef38095bf303b1c86b842653f030d9ddf83a077/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/131de399-e712-47ee-a177-c0fa3f23a803
Behavior Graph:
Download SVG
%3 guuid=239887b8-1f00-0000-6217-9910d2070000 pid=2002 /usr/bin/sudo guuid=d61eddbb-1f00-0000-6217-9910d7070000 pid=2007 /tmp/sample.bin guuid=239887b8-1f00-0000-6217-9910d2070000 pid=2002->guuid=d61eddbb-1f00-0000-6217-9910d7070000 pid=2007 execve guuid=72dc4abc-1f00-0000-6217-9910d8070000 pid=2008 /usr/bin/dash guuid=d61eddbb-1f00-0000-6217-9910d7070000 pid=2007->guuid=72dc4abc-1f00-0000-6217-9910d8070000 pid=2008 clone guuid=8e9faec6-1f00-0000-6217-9910eb070000 pid=2027 /usr/bin/chmod guuid=d61eddbb-1f00-0000-6217-9910d7070000 pid=2007->guuid=8e9faec6-1f00-0000-6217-9910eb070000 pid=2027 execve guuid=f768f1c6-1f00-0000-6217-9910ed070000 pid=2029 /usr/bin/dash guuid=d61eddbb-1f00-0000-6217-9910d7070000 pid=2007->guuid=f768f1c6-1f00-0000-6217-9910ed070000 pid=2029 clone guuid=a452a3c7-1f00-0000-6217-9910ef070000 pid=2031 /usr/bin/rm delete-file zombie guuid=d61eddbb-1f00-0000-6217-9910d7070000 pid=2007->guuid=a452a3c7-1f00-0000-6217-9910ef070000 pid=2031 execve guuid=0a4377bc-1f00-0000-6217-9910d9070000 pid=2009 /usr/bin/busybox net send-data write-file guuid=72dc4abc-1f00-0000-6217-9910d8070000 pid=2008->guuid=0a4377bc-1f00-0000-6217-9910d9070000 pid=2009 execve b6177f27-82fe-5c91-8fa0-9b83237d96cd 64.89.163.118:80 guuid=0a4377bc-1f00-0000-6217-9910d9070000 pid=2009->b6177f27-82fe-5c91-8fa0-9b83237d96cd send: 83B
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b501d1f5c5cbe7405d93686eeef38095bf303b1c86b842653f030d9ddf83a077
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b501d1f5c5cbe7405d93686eeef38095bf303b1c86b842653f030d9ddf83a077/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/b501d1f5c5cbe7405d93686eeef38095bf303b1c86b842653f030d9ddf83a077
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wua5d5ofzptuaxmtnbxo544asw7taoy4q24eezj7amgz3x4dub3q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260405-h45x2sgt6z/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b501d1f5c5cbe7405d93686eeef38095bf303b1c86b842653f030d9ddf83a077

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh b501d1f5c5cbe7405d93686eeef38095bf303b1c86b842653f030d9ddf83a077

(this sample)

Mirai

elf 4bafd0db45b44a978092247b4178e3775ae19153f7c6d981fb7780d9b0d8e82a

  
URLhaus
https://urlhaus.abuse.ch/url/3812316/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a7d007a37ed8b76608b631f371335815
  
Dropping
SHA256 4bafd0db45b44a978092247b4178e3775ae19153f7c6d981fb7780d9b0d8e82a

Comments