MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bce106c776cbb7296726c3e1a16c516b29ea4b2d8507546d1fe9b4fda7421d8d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bce106c776cbb7296726c3e1a16c516b29ea4b2d8507546d1fe9b4fda7421d8d
SHA3-384 hash: bd4d48cf10582dbb8ffd5016793e84fcaa6941bbc2bf7aa0de8b01d71731c38793a8a03b1e5fd9160a373c4d06e03757
SHA1 hash: 36592d3c43ae63716c23db130d0bfe5e1f65c05e
MD5 hash: 846b7420005320484499174f49552461
humanhash: salami-mountain-california-skylark
File name:jg.sh
Download: download sample
File size:626 bytes
First seen:2026-04-13 21:07:12 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:SonH5fSvmnH5xQxpImnH5SFGNIMSF+5c0Z0mnH5qX7K6mmnHaa8G0mnHLkLBLWCH:x/jM1PNIORZ7UrKID7aKcBzJ7x
TLSH T19FF0C9CA5570BEA68064CF18E1B60E94921981D5B1E2F7E899F6042F8EC8701F95CF97
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.156.152.67:83/manji.armc501e99c1aa80f76924b29118fe6cb0a726ee83b41ccc2e0f016160893ba4123 Miraiarm elf mirai opendir ua-wget
http://94.156.152.67:83/manji.arm57382e7affc0f9dfbf0f03bbc8c9aea4ed67ac4c67890e36a1cc7ab94a007a988 Miraiarm elf mirai opendir ua-wget
http://94.156.152.67:83/manji.arm6851b69004aa2c495d3361839f23c3a2e7925ee3a65b9be3019421e05d4227026 Miraiarm elf mirai opendir ua-wget
http://94.156.152.67:83/manji.arm7aeebce7f9cc82201e14d75581507596be40db1c1f56a777d27f106aa06507ce4 Miraiarm elf mirai opendir ua-wget
http://94.156.152.67:83/manji.x86f68c42aa500783d6986c77a09c242ab345bda1ed7a1f1743df296631d2dae229 Miraielf gafgyt mirai opendir ua-wget x86
http://94.156.152.67:83/manji.mips2e2b3522666f0db2f136fc05d7ba3151ed69b2cd4ef96d4207d2ac9b318b8163 Miraielf mips mirai opendir ua-wget
http://94.156.152.67:83/manji.mpsl8cb0ebe8ad767bd8ead638db9d2135c4ef9f963ca4c180ec4e25b85dc065e799 Miraielf mips mirai opendir ua-wget
http://94.156.152.67:83/manji.m68k85dbdfc0f43dddd1082ff8aa68ed20ae988156959f3c062f986d3af13bece1bb Miraielf m68k mirai opendir ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
35
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69dd5b14799d5bf325fc52fc/reports/2ca53dde-0cbf-43f7-93c4-8973fc7f0283/overview
Verdict:
Malicious
File Type:
text
First seen:
2026-04-13T18:13:00Z UTC
Last seen:
2026-04-13T18:38:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.gen
Link:
https://opentip.kaspersky.com/bce106c776cbb7296726c3e1a16c516b29ea4b2d8507546d1fe9b4fda7421d8d/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/bce106c776cbb7296726c3e1a16c516b29ea4b2d8507546d1fe9b4fda7421d8d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bce106c776cbb7296726c3e1a16c516b29ea4b2d8507546d1fe9b4fda7421d8d/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/bce106c776cbb7296726c3e1a16c516b29ea4b2d8507546d1fe9b4fda7421d8d
Threat name:
Document-HTML.Backdoor.Mirai
Create hunting rule
Status:
Malicious
First seen:
2026-04-13 16:57:51 UTC
File Type:
Text (Shell)
AV detection:
15 of 38 (39.47%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xtqqnr3wzo3sszzgypq2c3crnmu6usznqudvi3i75g2p3j2cdwgq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260413-zykhlabt4z/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bce106c776cbb7296726c3e1a16c516b29ea4b2d8507546d1fe9b4fda7421d8d

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh bce106c776cbb7296726c3e1a16c516b29ea4b2d8507546d1fe9b4fda7421d8d

(this sample)

Mirai

elf c501e99c1aa80f76924b29118fe6cb0a726ee83b41ccc2e0f016160893ba4123

  
URLhaus
https://urlhaus.abuse.ch/url/3820818/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c5600ff3f3aa54533fe610df345da6d3
  
Dropping
SHA256 c501e99c1aa80f76924b29118fe6cb0a726ee83b41ccc2e0f016160893ba4123

Comments