MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1225a00cd892ae2141a53e1c448461e2461cc0a83fdc3d62ae0d0a96cef11217. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	1225a00cd892ae2141a53e1c448461e2461cc0a83fdc3d62ae0d0a96cef11217
SHA3-384 hash:	82d52bb12f4fd3d3101c998227ab5a98f6a663ce17416f65be75b234d2a914df141c48cbab419ec6d9f46070525d562d
SHA1 hash:	0dfc80aa4251812d3ecabc90e73a2b9be8cd9497
MD5 hash:	482b50d4306c49aee3c1060aa2535185
humanhash:	hot-maryland-missouri-angel
File name:	wget.sh
Download:	download sample
File size:	883 bytes
First seen:	2025-05-18 20:13:30 UTC
Last seen:	2025-05-19 19:45:29 UTC
File type:	sh
MIME type:	text/plain
ssdeep	12:7AXoE+75AKzE+XNI1AM4wA+86A6K4WH+aA/F+nAGC+5gArV+zF5AqF4+cSA/Xua6:EXTAxNIKRv6K4zNKFuFeqFS/ARWVYv
TLSH	T10E11A9E812119ACD081A9E083C998F928249A3C5B934BFCDE18404368DE470D709CFEF
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://160.191.244.17/bins/jew.arm	n/a	n/a	n/a
http://160.191.244.17/bins/jew.arm5	n/a	n/a	n/a
http://160.191.244.17/bins/jew.arm6	n/a	n/a	n/a
http://160.191.244.17/bins/jew.arm7	n/a	n/a	n/a
http://160.191.244.17/bins/jew.m68k	n/a	n/a	n/a
http://160.191.244.17/bins/jew.mips	n/a	n/a	n/a
http://160.191.244.17/bins/jew.mpsl	n/a	n/a	n/a
http://160.191.244.17/bins/jew.ppc	n/a	n/a	n/a
http://160.191.244.17/bins/jew.sh4	n/a	n/a	n/a
http://160.191.244.17/bins/jew.spc	n/a	n/a	n/a
http://160.191.244.17/bins/jew.x86	n/a	n/a	n/a

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL

Verdict:

Malicious

Score:

96.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=682a41c5e5aa44ec2e1aa409linux22vpnfull_triage

Tags:

trojan mirai agent virus

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/682a3f94c609634bd7c7d130/reports/c21efc70-bcf4-4640-87c7-4527d809e8ae/overview

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/1225a00cd892ae2141a53e1c448461e2461cc0a83fdc3d62ae0d0a96cef11217

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1225a00cd892ae2141a53e1c448461e2461cc0a83fdc3d62ae0d0a96cef11217/

Threat name:

Document-HTML.Downloader.Heuristic

Status:

Malicious

First seen:

2025-05-18 20:14:13 UTC

File Type:

Text (Shell)

AV detection:

15 of 24 (62.50%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=cis2adgyskxccqnfhyoejbdb4jdbzqfih7od2yvobufjntxrcilq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/250518-yz2ylacl9y/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/1225a00cd892ae2141a53e1c448461e2461cc0a83fdc3d62ae0d0a96cef11217

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 1225a00cd892ae2141a53e1c448461e2461cc0a83fdc3d62ae0d0a96cef11217

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3546682/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample