MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 de726f290844a24a254a712ffa42615e7c2db0de3a7fe15129b5a29abadc928f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: de726f290844a24a254a712ffa42615e7c2db0de3a7fe15129b5a29abadc928f
SHA3-384 hash: 10b7d9ad3ea0ffa52484f7eab9812cf000506b44f05b80407aa86886a71615ebd4d479aaa09243e6c775102b0fd8cae1
SHA1 hash: c02228d3fd8dc684bc82afb164c7b9d6f1d5759b
MD5 hash: 747d1f787302e50284a7386cf74e70ba
humanhash: foxtrot-queen-skylark-three
File name:fc
Download: download sample
File size:1'293 bytes
First seen:2025-05-17 22:04:25 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:wcKqv0m9Nn6soeFqSsoeFq6YeFq6YeFq6YeFqWveFq/e4:3PDn6aqSaqqqqqqqWcqz
TLSH T16621D3631B0C79F0BE8D991AB6638B9A5CDED08F3D430B11D43083D6BC945645D74B70
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.142.53.233/arm7b530d6edb5659f75331fac721a888aaae428a06d6b3f658b1b0c9d23c4b75ba0 Miraimirai ua-wget
http://185.142.53.233/mips63e5d4c2ac320aa49bfc1c23e1a253c00ec5e51b4b64f0fb304c34f4d0a6fa56 Gafgytddos elf gafgyt mirai
http://185.142.53.233/mpsl1f20bd51306a7cd754a0d6864311ca2a4fc8def258607ba35285216eb39e6891 Gafgytddos elf gafgyt mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.37.32080.2907.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6829479b375681df7c1a2e81linux22vpnfull_triage
Tags:
trojan agent virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6829081bc609634bd7c72491/reports/d027e95b-d084-46fc-bbf9-100f2ce4edf3/overview
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/de726f290844a24a254a712ffa42615e7c2db0de3a7fe15129b5a29abadc928f
Score:
86%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/de726f290844a24a254a712ffa42615e7c2db0de3a7fe15129b5a29abadc928f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/de726f290844a24a254a712ffa42615e7c2db0de3a7fe15129b5a29abadc928f/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-05-18 01:33:00 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3zzg6kiiisreujkkoex7uqtblz6c3mg6hj76cujjwwrjvow4skhq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250518-c3m3yscm8t/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/de726f290844a24a254a712ffa42615e7c2db0de3a7fe15129b5a29abadc928f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh de726f290844a24a254a712ffa42615e7c2db0de3a7fe15129b5a29abadc928f

(this sample)

Mirai

elf fc4b814d40c1602ae693c8ddf483b659bbf0b63e301c11a9b4928fea74e01c56

  
URLhaus
https://urlhaus.abuse.ch/url/3491726/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5b2877ea97c1c21f1904893bfd0f4572
  
Dropping
SHA256 fc4b814d40c1602ae693c8ddf483b659bbf0b63e301c11a9b4928fea74e01c56

Comments