MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d49bd95ea38846820cada4d0a30a7d12214eb3d729c8867bd65296751f048005. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d49bd95ea38846820cada4d0a30a7d12214eb3d729c8867bd65296751f048005
SHA3-384 hash: e6849f69375a72401b0e7ca08c4cf1c414d7cd0b47106a3c74b3bb1ce2c14cd376b0a537d69292f335c32e8be9fd1f9f
SHA1 hash: 28e2916f6d0efbcafabf4d2234796e4a77984e30
MD5 hash: 88ab1a79ead3bf923df47b57d3a0269a
humanhash: coffee-beer-blossom-wolfram
File name:c.sh
Download: download sample
File size:823 bytes
First seen:2025-04-21 20:02:16 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:3J3yX0jQyXiqQyXuNNIl5zAQyXGc0LKjQ+TmOsQ+PeCQ+YN/QySEQ7taKAQpjQVU:3J3bq1NI7DfKDK92cohMtBwmNHR
TLSH T10901528D3164AFD25E0F9D25F4AA849CA68582C07374AD8AF116A870DDD520134DCFBA
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://160.191.244.119/arm5f612b06a6807b8e5be3470a5fffe2341278910fd5b04fc558bb263ee9217fa9 Miraielf mirai
http://160.191.244.119/arm551288104da90512c06fa48467a8116365982035cfe8e8b9ce552d0547562e867 Miraielf mirai
http://160.191.244.119/arm66b8faa24f772912d3db092f4c1d8f1201b43f676c750c0a707af7b0ddab581f0 Miraielf mirai
http://160.191.244.119/arm7148c15fe0313e85c686eb12040e7110409dee4734909e82fce8f987e2b3ba252 Miraielf mirai
http://160.191.244.119/m68kcbc0a3f10117b1ce2394feec34e60f8ddfdc4e2ebbfc2ede0497c7223449c8ea Miraielf mirai
http://160.191.244.119/mipsn/an/aelf
http://160.191.244.119/mpslae40589ca011bbeeab71412a1d1ecaab9a8f5757815c11832a1cb775691d8b58 Miraielf mirai
http://160.191.244.119/ppc7942fbd002e0b1a152f368e0831a1206504063ec2a8556bcb153cf6dac29c79b Miraielf mirai
http://160.191.244.119/sh444891b0983075ae2003f11fcd1032b84880290c5dc1dd616175ddb8b8e97f201 Miraielf mirai
http://160.191.244.119/spc04cb1630dc7bf2fbcfa7455c19d89b847d2da9fed1452713219056c2e2d46cdd Miraielf mirai
http://160.191.244.119/x862ce9fb3fae4dd2c0540e15c416d79a33933b714551d6016b28ddaa0f52a06913 Miraielf mirai
http://160.191.244.119/x86_641305be49b5c56dcf02fe33cf6517e1eeb98f7cbdcca5126187f15c974d27b445 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
130
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6806a5ce2203b3e10cd25913linux22vpnfull_triage
Tags:
agent hype sage
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6806a47a90767142c3de6a49/reports/3f792b38-a931-4d2b-8755-6601a47a2afa/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d49bd95ea38846820cada4d0a30a7d12214eb3d729c8867bd65296751f048005
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d49bd95ea38846820cada4d0a30a7d12214eb3d729c8867bd65296751f048005/
Threat name:
Linux.Downloader.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-04-21 20:03:08 UTC
File Type:
Text (Makefile)
AV detection:
15 of 38 (39.47%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2sn5sxvdrbdiedfnutikgct5ciqu5m6xfheim66wkklhkhyeqacq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250421-ysqa8axly2/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/d49bd95ea38846820cada4d0a30a7d12214eb3d729c8867bd65296751f048005

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh d49bd95ea38846820cada4d0a30a7d12214eb3d729c8867bd65296751f048005

(this sample)

Mirai

elf 5f612b06a6807b8e5be3470a5fffe2341278910fd5b04fc558bb263ee9217fa9

  
URLhaus
https://urlhaus.abuse.ch/url/3462080/
  
Delivery method
Distributed via web download
  
Dropping
MD5 71355abf052797d01af55b04d9a946b2
  
Dropping
SHA256 5f612b06a6807b8e5be3470a5fffe2341278910fd5b04fc558bb263ee9217fa9

Comments