MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d89d2fc58cdc7a75ea257c0e2c5d3338d41f550d7a991458d7d2ad9fef829876. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	d89d2fc58cdc7a75ea257c0e2c5d3338d41f550d7a991458d7d2ad9fef829876
SHA3-384 hash:	71b39029780ba6cbdba126beb3cdffe4ea4771fb2945c999c85085df1c0a0b011e6a84fb58085b916fb23ad4f1d546a8
SHA1 hash:	90b545851551afac7924debe9e1f4fc007c83734
MD5 hash:	f01b47db8eb6ef7d4062864b62539ac5
humanhash:	virginia-sink-eighteen-purple
File name:	a
Download:	download sample
File size:	909 bytes
First seen:	2025-04-01 13:46:47 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	12:A5C9hNQfFg4hIPhmaf5hbyLmK+J3vySA2o+It+74/4MEv6xZRsp4cl/lUZ9EY:A5Wb0g4hIPhmaBhbyjWKSC+DyfcdUMY
TLSH	T1051190061901592541BAD05D07CB500DF682849F7A546F10B3FF395A2B75D86F2E82AE
Magika	shell
Reporter	abuse_ch
Tags:	sh

Intelligence

File Origin

# of uploads :

1

# of downloads :

56

Origin country :

DE

Vendor Threat Intelligence

Verdict:

Malicious

Score:

93.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67ebf154cfd0a37f830b7f5clinux22vpnfull_triage

Tags:

mirai

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

busybox

Link:

https://www.filescan.io/uploads/67ebee66f274bf2d8e2c6c83/reports/304f959d-da5e-4d61-af3f-09392ca50a20/overview

Score:

4%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/d89d2fc58cdc7a75ea257c0e2c5d3338d41f550d7a991458d7d2ad9fef829876

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d89d2fc58cdc7a75ea257c0e2c5d3338d41f550d7a991458d7d2ad9fef829876/

Threat name:

Script.Trojan.Multiverze

Status:

Malicious

First seen:

2025-04-01 13:47:17 UTC

File Type:

Text (Shell)

AV detection:

11 of 24 (45.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3cos7rmm3r5hl2rfpqhcyxjthdkb6vinpkmriwgx2kwz734ctb3a._file

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/250401-q3lf1sskt5/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/d89d2fc58cdc7a75ea257c0e2c5d3338d41f550d7a991458d7d2ad9fef829876

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 52c67e8242c7e08c69cf616ea517ecd2a37b7a0ffce408744560ba91371a286f

sh d89d2fc58cdc7a75ea257c0e2c5d3338d41f550d7a991458d7d2ad9fef829876

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3498141/

Delivery method

Distributed via web download

Dropped by

SHA256 52c67e8242c7e08c69cf616ea517ecd2a37b7a0ffce408744560ba91371a286f

Dropped by

MD5 a0a6e601c989e1afc082f70fb4a77629

URLhaus

https://urlhaus.abuse.ch/url/3498138/

URLhaus

https://urlhaus.abuse.ch/url/2824952/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample