MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0cf1d5a734c1a89018c86462d3a2202fbaf4c5b831dcd11222671dccfbb87602. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0cf1d5a734c1a89018c86462d3a2202fbaf4c5b831dcd11222671dccfbb87602
SHA3-384 hash: a34e0c98e9ac64f9413d68324455e896e472f6d252fdbaaf2a54b472fcd745efdf0646a670bded40bce9a54ac1ebea90
SHA1 hash: 78f06d30c89294bcdc71e760dd3979d2ec3b6117
MD5 hash: 1711d855370d0dda74e4c0121452e4ea
humanhash: fanta-oscar-butter-oklahoma
File name:0cf1d5a734c1a89018c86462d3a2202fbaf4c5b831dcd11222671dccfbb87602.sh
Download: download sample
File size:20'936 bytes
First seen:2026-02-22 13:19:35 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 192:cCuDg6p4hvZ5m5FG4j4HKNpiv7YSdAiyfEsUzUGf:Mbp4hvZ5m5FGGoKNpiv7YSdAm
TLSH T1BA92917620F08A335A9055C4B3772BA15F72965745A320A8B4FE2F359F59B03B0FFA21
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://38.6.178.140/easy_pass.shn/an/an/a
http://45.202.35.86/mass.shn/an/an/a
http://38.6.178.140/easy.shn/an/an/a
http://38.6.178.140/easy_cloud.shn/an/an/a
http://38.6.178.140/easy_lan.shn/an/an/a
http://23.224.176.63/sh/easy_av_wget.shn/an/an/a
http://45.152.112.110/rj1.sh9d468b03d3b0421f40cea70584f3681ee3e8651177c1a2a2b19129ea4346f2d9 Miraimirai sh ua-wget
http://196.190.65.223:81/hiddenbin/dvr1.shn/an/aelf ua-wget
http://194.69.203.32:81/hiddenbin/dvr1.shn/an/ageofenced opendir sh ua-wget USA
http://hxipzknrsojnitzv.zip/bins/bins.sh652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975 Miraibotnetdomain mirai opendir sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
8
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive mirai soft-404
Link:
https://www.filescan.io/uploads/699b031410e80629d4ed2faa/reports/b59e4c22-407b-4187-9f77-e4992608be9b/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/c85aa3b8-1acd-47f2-ac95-27e10dc51781
Behavior Graph:
Download SVG
%3 guuid=a477bc8b-1a00-0000-9c59-c402c80a0000 pid=2760 /usr/bin/sudo guuid=45bff88d-1a00-0000-9c59-c402cf0a0000 pid=2767 /tmp/sample.bin guuid=a477bc8b-1a00-0000-9c59-c402c80a0000 pid=2760->guuid=45bff88d-1a00-0000-9c59-c402cf0a0000 pid=2767 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/0cf1d5a734c1a89018c86462d3a2202fbaf4c5b831dcd11222671dccfbb87602
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0cf1d5a734c1a89018c86462d3a2202fbaf4c5b831dcd11222671dccfbb87602/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bty5ljzuygujaggimrrnhiraf65pjrnyghoncercm4o4z65yoyba._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qly1sadv2d/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0cf1d5a734c1a89018c86462d3a2202fbaf4c5b831dcd11222671dccfbb87602

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 0cf1d5a734c1a89018c86462d3a2202fbaf4c5b831dcd11222671dccfbb87602

(this sample)

1fdfc6e3ae612b736236df4579ff7a10954d47d9e7be67e6ebe8da173b0671c8

  
URLhaus
https://urlhaus.abuse.ch/url/3783314/
  
Delivery method
Distributed via web download
  
Dropping
MD5 bc422233b2512d7d5eb5500daf8a7822
  
Dropping
SHA256 1fdfc6e3ae612b736236df4579ff7a10954d47d9e7be67e6ebe8da173b0671c8

Comments