MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 04f5fcefc87a68013bf72af04c69f5dfc4944df9d2e990191ea06dcea0ae8ee2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 04f5fcefc87a68013bf72af04c69f5dfc4944df9d2e990191ea06dcea0ae8ee2
SHA3-384 hash: 39636902666a7988ee3bfdcdc84ab1132ec49f200ad356c5bd7299367151b8b49cec4010c59b851023c472ada51136ad
SHA1 hash: ae33ab6307af165a3eb1fe2db35b5956903c3f28
MD5 hash: 452939c3e11fc95c6e64b41762e66a98
humanhash: echo-bluebird-green-magazine
File name:tftp.sh
Download: download sample
File size:561 bytes
First seen:2026-03-25 03:57:36 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:eJKbFbXNgzWzXazizXbmTaGaXd6agaX1LKiev:eJKbFbXNgzWzX4gX+aGaXdDVX1LKVv
TLSH T145F03C773BA02A324744D85AD301C9FA7E67E0A08A2388C1259506F7BD714C4ECE4ABD
Magika txt
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
51
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.BV.Downloader-AEH.12342983.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/69c35d5a5229aae88c84f0d7/reports/5899e662-2e71-49bf-aaf5-b4c50889374f/overview
Verdict:
Clean
File Type:
text
Link:
https://opentip.kaspersky.com/04f5fcefc87a68013bf72af04c69f5dfc4944df9d2e990191ea06dcea0ae8ee2/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ea3771f6-54c7-4210-b7be-43055666c322
Behavior Graph:
Download SVG
%3 guuid=fe03b6dc-1800-0000-7312-4c8e65050000 pid=1381 /usr/bin/sudo guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390 /tmp/sample.bin guuid=fe03b6dc-1800-0000-7312-4c8e65050000 pid=1381->guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390 execve guuid=9278f3df-1800-0000-7312-4c8e6f050000 pid=1391 /usr/bin/rm guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390->guuid=9278f3df-1800-0000-7312-4c8e6f050000 pid=1391 execve guuid=a0ff44e0-1800-0000-7312-4c8e70050000 pid=1392 /usr/bin/busybox send-data guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390->guuid=a0ff44e0-1800-0000-7312-4c8e70050000 pid=1392 execve guuid=a67a28e3-1b00-0000-7312-4c8e590b0000 pid=2905 /usr/bin/chmod guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390->guuid=a67a28e3-1b00-0000-7312-4c8e590b0000 pid=2905 execve guuid=b84280e3-1b00-0000-7312-4c8e5b0b0000 pid=2907 /usr/bin/dash guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390->guuid=b84280e3-1b00-0000-7312-4c8e5b0b0000 pid=2907 clone guuid=0a9b92e3-1b00-0000-7312-4c8e5c0b0000 pid=2908 /usr/bin/busybox send-data guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390->guuid=0a9b92e3-1b00-0000-7312-4c8e5c0b0000 pid=2908 execve guuid=98b281e6-1e00-0000-7312-4c8ec4120000 pid=4804 /usr/bin/chmod guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390->guuid=98b281e6-1e00-0000-7312-4c8ec4120000 pid=4804 execve guuid=5977cee6-1e00-0000-7312-4c8ec6120000 pid=4806 /usr/bin/dash guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390->guuid=5977cee6-1e00-0000-7312-4c8ec6120000 pid=4806 clone guuid=714ddce6-1e00-0000-7312-4c8ec7120000 pid=4807 /usr/bin/busybox send-data guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390->guuid=714ddce6-1e00-0000-7312-4c8ec7120000 pid=4807 execve guuid=9bfc77ea-2100-0000-7312-4c8e6f140000 pid=5231 /usr/bin/chmod guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390->guuid=9bfc77ea-2100-0000-7312-4c8e6f140000 pid=5231 execve guuid=dfc623eb-2100-0000-7312-4c8e70140000 pid=5232 /usr/bin/dash guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390->guuid=dfc623eb-2100-0000-7312-4c8e70140000 pid=5232 clone guuid=a08c2deb-2100-0000-7312-4c8e71140000 pid=5233 /usr/bin/busybox send-data guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390->guuid=a08c2deb-2100-0000-7312-4c8e71140000 pid=5233 execve guuid=d2176aee-2400-0000-7312-4c8e91140000 pid=5265 /usr/bin/chmod guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390->guuid=d2176aee-2400-0000-7312-4c8e91140000 pid=5265 execve guuid=d02cb6ee-2400-0000-7312-4c8e92140000 pid=5266 /usr/bin/dash guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390->guuid=d02cb6ee-2400-0000-7312-4c8e92140000 pid=5266 clone guuid=2619ccee-2400-0000-7312-4c8e93140000 pid=5267 /usr/bin/busybox send-data guuid=d8bd99df-1800-0000-7312-4c8e6e050000 pid=1390->guuid=2619ccee-2400-0000-7312-4c8e93140000 pid=5267 execve c064a359-6c73-5304-946c-32a9c49acc94 91.92.241.94:69 guuid=a0ff44e0-1800-0000-7312-4c8e70050000 pid=1392->c064a359-6c73-5304-946c-32a9c49acc94 send: 252B guuid=0a9b92e3-1b00-0000-7312-4c8e5c0b0000 pid=2908->c064a359-6c73-5304-946c-32a9c49acc94 send: 252B guuid=714ddce6-1e00-0000-7312-4c8ec7120000 pid=4807->c064a359-6c73-5304-946c-32a9c49acc94 send: 252B guuid=a08c2deb-2100-0000-7312-4c8e71140000 pid=5233->c064a359-6c73-5304-946c-32a9c49acc94 send: 252B guuid=2619ccee-2400-0000-7312-4c8e93140000 pid=5267->c064a359-6c73-5304-946c-32a9c49acc94 send: 231B
Score:
33%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/04f5fcefc87a68013bf72af04c69f5dfc4944df9d2e990191ea06dcea0ae8ee2
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/04f5fcefc87a68013bf72af04c69f5dfc4944df9d2e990191ea06dcea0ae8ee2/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/04f5fcefc87a68013bf72af04c69f5dfc4944df9d2e990191ea06dcea0ae8ee2
Threat name:
Text.Browser.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-03-25 03:58:25 UTC
File Type:
Text (Shell)
AV detection:
1 of 36 (2.78%)
Threat level:
  4/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=at27z36ipjuaco7xflyey2pv37cjitpz2luzagi6ubw45ifor3ra._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260325-ejmzysez9r/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/04f5fcefc87a68013bf72af04c69f5dfc4944df9d2e990191ea06dcea0ae8ee2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 04f5fcefc87a68013bf72af04c69f5dfc4944df9d2e990191ea06dcea0ae8ee2

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3804535/
  
Delivery method
Distributed via web download

Comments