MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f461fc16dcb32f44eb7e0187b5c5223d54fceb581804408056f99bb86793ae8d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f461fc16dcb32f44eb7e0187b5c5223d54fceb581804408056f99bb86793ae8d
SHA3-384 hash: 43c35a71b30179cd235917477c28cfdfbaf3c4b54be68b88b39b9b7142948757d387ea61a14effeb750bc5fa67d36bb5
SHA1 hash: badbd7ff6f4adc199d4b0a897038d2c1d1ae9a1e
MD5 hash: b7ca55301396f76fb2d4b2a979e392f5
humanhash: lithium-london-sink-hawaii
File name:curl.sh
Download: download sample
File size:977 bytes
First seen:2025-06-21 17:37:19 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3Mcs6v1RcsEUcsBNIv1csyWAKSq5cs2HcslSJl2csvq3csmZ/x+CcsOcTcsmAX:qd6v1RdEUd21dyWAxq5d2HdlSX2dvq3A
TLSH T1C511589805E0660E5F39CF1CF1AE83186D41C5E571B6BBA8AD3988339C9F1317068F1E
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.149.252.178/main.armn/an/an/a
http://103.149.252.178/main.arm5n/an/an/a
http://103.149.252.178/main.arm6n/an/an/a
http://103.149.252.178/main.arm7n/an/an/a
http://103.149.252.178/main.m68kn/an/an/a
http://103.149.252.178/main.mipsn/an/an/a
http://103.149.252.178/main.mpsln/an/an/a
http://103.149.252.178/main.powerpcn/an/an/a
http://103.149.252.178/main.sh4n/an/an/a
http://103.149.252.178/main.x86n/an/an/a
http://103.149.252.178/main.x86_64n/an/an/a
http://103.149.252.178/main.x86_32n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
77
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
96.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6856f012b06783b9ebd675cblinux22vpnfull_triage
Tags:
downloader mirai agent virus
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/24257bb5-738c-46dc-8eb0-c7d430c5e8e0
Behavior Graph:
Download SVG
%3 guuid=5a9385e3-1900-0000-f10e-d0115b0c0000 pid=3163 /usr/bin/sudo guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172 /tmp/sample.bin guuid=5a9385e3-1900-0000-f10e-d0115b0c0000 pid=3163->guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172 execve guuid=9ffbb0e6-1900-0000-f10e-d011660c0000 pid=3174 /usr/bin/curl net send-data guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=9ffbb0e6-1900-0000-f10e-d011660c0000 pid=3174 execve guuid=d84f6430-1a00-0000-f10e-d011d20c0000 pid=3282 /usr/bin/chmod guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=d84f6430-1a00-0000-f10e-d011d20c0000 pid=3282 execve guuid=6751da30-1a00-0000-f10e-d011d30c0000 pid=3283 /usr/bin/dash guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=6751da30-1a00-0000-f10e-d011d30c0000 pid=3283 clone guuid=4a8af630-1a00-0000-f10e-d011d40c0000 pid=3284 /usr/bin/curl net send-data guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=4a8af630-1a00-0000-f10e-d011d40c0000 pid=3284 execve guuid=0201d17a-1a00-0000-f10e-d011700d0000 pid=3440 /usr/bin/chmod guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=0201d17a-1a00-0000-f10e-d011700d0000 pid=3440 execve guuid=86aa0f7b-1a00-0000-f10e-d011710d0000 pid=3441 /usr/bin/dash guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=86aa0f7b-1a00-0000-f10e-d011710d0000 pid=3441 clone guuid=ae5d197b-1a00-0000-f10e-d011730d0000 pid=3443 /usr/bin/curl net send-data guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=ae5d197b-1a00-0000-f10e-d011730d0000 pid=3443 execve guuid=074a2dc1-1a00-0000-f10e-d011270e0000 pid=3623 /usr/bin/chmod guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=074a2dc1-1a00-0000-f10e-d011270e0000 pid=3623 execve guuid=16a77fc1-1a00-0000-f10e-d011280e0000 pid=3624 /usr/bin/dash guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=16a77fc1-1a00-0000-f10e-d011280e0000 pid=3624 clone guuid=881a8fc1-1a00-0000-f10e-d0112a0e0000 pid=3626 /usr/bin/curl net send-data guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=881a8fc1-1a00-0000-f10e-d0112a0e0000 pid=3626 execve guuid=a00ff209-1b00-0000-f10e-d011020f0000 pid=3842 /usr/bin/chmod guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=a00ff209-1b00-0000-f10e-d011020f0000 pid=3842 execve guuid=29f22d0a-1b00-0000-f10e-d011040f0000 pid=3844 /usr/bin/dash guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=29f22d0a-1b00-0000-f10e-d011040f0000 pid=3844 clone guuid=aa73330a-1b00-0000-f10e-d011050f0000 pid=3845 /usr/bin/curl net send-data guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=aa73330a-1b00-0000-f10e-d011050f0000 pid=3845 execve guuid=53669e51-1b00-0000-f10e-d01101100000 pid=4097 /usr/bin/chmod guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=53669e51-1b00-0000-f10e-d01101100000 pid=4097 execve guuid=9889e051-1b00-0000-f10e-d01102100000 pid=4098 /usr/bin/dash guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=9889e051-1b00-0000-f10e-d01102100000 pid=4098 clone guuid=46630252-1b00-0000-f10e-d01103100000 pid=4099 /usr/bin/curl net send-data guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=46630252-1b00-0000-f10e-d01103100000 pid=4099 execve guuid=ec82429e-1b00-0000-f10e-d011e1100000 pid=4321 /usr/bin/chmod guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=ec82429e-1b00-0000-f10e-d011e1100000 pid=4321 execve guuid=5250c59e-1b00-0000-f10e-d011e2100000 pid=4322 /usr/bin/dash guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=5250c59e-1b00-0000-f10e-d011e2100000 pid=4322 clone guuid=cf71e19e-1b00-0000-f10e-d011e3100000 pid=4323 /usr/bin/curl net send-data guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=cf71e19e-1b00-0000-f10e-d011e3100000 pid=4323 execve guuid=7af31ae7-1b00-0000-f10e-d011d5110000 pid=4565 /usr/bin/chmod guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=7af31ae7-1b00-0000-f10e-d011d5110000 pid=4565 execve guuid=8bff66e7-1b00-0000-f10e-d011d7110000 pid=4567 /usr/bin/dash guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=8bff66e7-1b00-0000-f10e-d011d7110000 pid=4567 clone guuid=364e88e7-1b00-0000-f10e-d011d8110000 pid=4568 /usr/bin/curl net send-data guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=364e88e7-1b00-0000-f10e-d011d8110000 pid=4568 execve guuid=d16d8f06-1c00-0000-f10e-d01121120000 pid=4641 /usr/bin/chmod guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=d16d8f06-1c00-0000-f10e-d01121120000 pid=4641 execve guuid=bb9af506-1c00-0000-f10e-d01124120000 pid=4644 /usr/bin/dash guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=bb9af506-1c00-0000-f10e-d01124120000 pid=4644 clone guuid=37084207-1c00-0000-f10e-d01126120000 pid=4646 /usr/bin/curl net send-data guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=37084207-1c00-0000-f10e-d01126120000 pid=4646 execve guuid=3123584e-1c00-0000-f10e-d011d9120000 pid=4825 /usr/bin/chmod guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=3123584e-1c00-0000-f10e-d011d9120000 pid=4825 execve guuid=2d88d94e-1c00-0000-f10e-d011db120000 pid=4827 /usr/bin/dash guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=2d88d94e-1c00-0000-f10e-d011db120000 pid=4827 clone guuid=62c3ef4e-1c00-0000-f10e-d011dc120000 pid=4828 /usr/bin/curl net send-data guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=62c3ef4e-1c00-0000-f10e-d011dc120000 pid=4828 execve guuid=6c99e289-1c00-0000-f10e-d01159130000 pid=4953 /usr/bin/chmod guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=6c99e289-1c00-0000-f10e-d01159130000 pid=4953 execve guuid=6f1c698a-1c00-0000-f10e-d0115b130000 pid=4955 /usr/bin/dash guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=6f1c698a-1c00-0000-f10e-d0115b130000 pid=4955 clone guuid=fc147c8a-1c00-0000-f10e-d0115c130000 pid=4956 /usr/bin/curl net send-data guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=fc147c8a-1c00-0000-f10e-d0115c130000 pid=4956 execve guuid=c094ead1-1c00-0000-f10e-d0110d140000 pid=5133 /usr/bin/chmod guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=c094ead1-1c00-0000-f10e-d0110d140000 pid=5133 execve guuid=10ad44d2-1c00-0000-f10e-d0110f140000 pid=5135 /usr/bin/dash guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=10ad44d2-1c00-0000-f10e-d0110f140000 pid=5135 clone guuid=6f9c52d2-1c00-0000-f10e-d01110140000 pid=5136 /usr/bin/curl net send-data guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=6f9c52d2-1c00-0000-f10e-d01110140000 pid=5136 execve guuid=778e22f0-1c00-0000-f10e-d01172140000 pid=5234 /usr/bin/chmod guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=778e22f0-1c00-0000-f10e-d01172140000 pid=5234 execve guuid=731a85f0-1c00-0000-f10e-d01174140000 pid=5236 /usr/bin/dash guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=731a85f0-1c00-0000-f10e-d01174140000 pid=5236 clone guuid=a49992f0-1c00-0000-f10e-d01175140000 pid=5237 /usr/bin/rm delete-file guuid=257451e6-1900-0000-f10e-d011640c0000 pid=3172->guuid=a49992f0-1c00-0000-f10e-d01175140000 pid=5237 execve b95ce511-3591-5114-995b-9ce77bb440cb 103.149.252.178:80 guuid=9ffbb0e6-1900-0000-f10e-d011660c0000 pid=3174->b95ce511-3591-5114-995b-9ce77bb440cb send: 87B guuid=4a8af630-1a00-0000-f10e-d011d40c0000 pid=3284->b95ce511-3591-5114-995b-9ce77bb440cb send: 88B guuid=ae5d197b-1a00-0000-f10e-d011730d0000 pid=3443->b95ce511-3591-5114-995b-9ce77bb440cb send: 88B guuid=881a8fc1-1a00-0000-f10e-d0112a0e0000 pid=3626->b95ce511-3591-5114-995b-9ce77bb440cb send: 88B guuid=aa73330a-1b00-0000-f10e-d011050f0000 pid=3845->b95ce511-3591-5114-995b-9ce77bb440cb send: 88B guuid=46630252-1b00-0000-f10e-d01103100000 pid=4099->b95ce511-3591-5114-995b-9ce77bb440cb send: 88B guuid=cf71e19e-1b00-0000-f10e-d011e3100000 pid=4323->b95ce511-3591-5114-995b-9ce77bb440cb send: 88B guuid=364e88e7-1b00-0000-f10e-d011d8110000 pid=4568->b95ce511-3591-5114-995b-9ce77bb440cb send: 91B guuid=37084207-1c00-0000-f10e-d01126120000 pid=4646->b95ce511-3591-5114-995b-9ce77bb440cb send: 87B guuid=62c3ef4e-1c00-0000-f10e-d011dc120000 pid=4828->b95ce511-3591-5114-995b-9ce77bb440cb send: 87B guuid=fc147c8a-1c00-0000-f10e-d0115c130000 pid=4956->b95ce511-3591-5114-995b-9ce77bb440cb send: 90B guuid=6f9c52d2-1c00-0000-f10e-d01110140000 pid=5136->b95ce511-3591-5114-995b-9ce77bb440cb send: 90B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f461fc16dcb32f44eb7e0187b5c5223d54fceb581804408056f99bb86793ae8d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f461fc16dcb32f44eb7e0187b5c5223d54fceb581804408056f99bb86793ae8d/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/f461fc16dcb32f44eb7e0187b5c5223d54fceb581804408056f99bb86793ae8d
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-06-21 17:45:08 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6rq7yfw4wmxuj236agd3lrjchvkpz22ydacebacw7gn3qz4tv2gq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250621-v8zcaavvhs/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f461fc16dcb32f44eb7e0187b5c5223d54fceb581804408056f99bb86793ae8d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh f461fc16dcb32f44eb7e0187b5c5223d54fceb581804408056f99bb86793ae8d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3561022/
  
Delivery method
Distributed via web download

Comments