MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 edac6c174858a6c640ca16099e7a7f0514a041777526fe7e9c67d877cbc7f73c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments

SHA256 hash: edac6c174858a6c640ca16099e7a7f0514a041777526fe7e9c67d877cbc7f73c
SHA3-384 hash: 85ba9fed6c7bed203f0cc920eba74ef4d7ab64e4d6995fdae1b717e5dcad250bbc3d9a6f5e1853b787b31c4e218a04cf
SHA1 hash: a9c3442465e4656c569416d015ebb3e3f42e86e1
MD5 hash: 27ce3b5d511752f16100ac6ece3d7256
humanhash: florida-asparagus-fruit-moon
File name:edac6c174858a6c640ca16099e7a7f0514a041777526fe7e9c67d877cbc7f73c.sh
Download: download sample
File size:19'223 bytes
First seen:2026-02-22 13:19:27 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:cCuRk0B6csht+O+v1fsn+h4+tIiKqCTyOysuKNpUj4waYvjzzNGyUfosIbIbQuTh:cCueg6p4hvZ5m5FoKNpiv3tz0EfM
TLSH T16D825B7621F04A336BA055C4B3771BA15FB29617456320A8B4FE1F365F5AB03B0EBA21
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://38.6.178.140/easy_pass.shn/an/an/a
http://204.76.203.3/wget.shn/an/an/a
http://85.209.43.252/teccn/an/an/a
http://85.209.43.252/teeen/an/an/a
http://38.6.178.140/easy_cloud.shn/an/an/a
http://107.189.1.200/2.sh3b1294e989efd51c9e373b06f5548ebd176910eb311bba61333f3f76ccd46751 Miraimirai sh ua-wget
http://196.189.96.138:81/hiddenbin/dvr1.shn/an/an/a

Intelligence


File Origin
# of uploads :
1
# of downloads :
15
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Status:
terminated
Behavior Graph:
%3 guuid=6c58e338-1b00-0000-8304-fb076f0c0000 pid=3183 /usr/bin/sudo guuid=a7925f3c-1b00-0000-8304-fb07700c0000 pid=3184 /tmp/sample.bin guuid=6c58e338-1b00-0000-8304-fb076f0c0000 pid=3183->guuid=a7925f3c-1b00-0000-8304-fb07700c0000 pid=3184 execve
Threat name:
Text.Trojan.Generic
Status:
Suspicious
First seen:
2026-02-22 13:22:34 UTC
File Type:
Text (HTML)
AV detection:
2 of 24 (8.33%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh edac6c174858a6c640ca16099e7a7f0514a041777526fe7e9c67d877cbc7f73c

(this sample)

  
Delivery method
Distributed via web download

Comments