MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 15e18433ac32b1c07f3b99a486f6562047c0e33b33abc254ae2d5e31650a0c4a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 15e18433ac32b1c07f3b99a486f6562047c0e33b33abc254ae2d5e31650a0c4a
SHA3-384 hash: b2121a60d364c84226550da5d21dd65f67a5b59d40fadbffea83b6fc0c91d3f0cec4e074fb8277eb7715af450537173d
SHA1 hash: 891346a260a83c700805627505f2ec13e586a9f8
MD5 hash: 2d750175bee6dadd726a6d239c6a5e3a
humanhash: paris-magazine-fruit-sierra
File name:wert
Download: download sample
File size:799 bytes
First seen:2025-02-24 09:07:34 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:vAdmnfTe8cn8Jvuk9rXMySwrX3AW5evrXSjWrX/R5lSNnTQKFNLQp:IdiTe8JJvDcQnt5mi8PXlSOKP8p
TLSH T13E0179CD0320274188EC7CB7B1F282252686CBDCA1FF4BCBEE46263841856607561BDA
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.143.1.116/nabx86n/an/an/a
http://193.143.1.116/nabmipsn/an/an/a
http://193.143.1.116/nabmpsln/an/an/a
http://193.143.1.116/nabarmn/an/an/a
http://193.143.1.116/nabarm5n/an/an/a
http://193.143.1.116/nabarm6n/an/an/a
http://193.143.1.116/nabarm7n/an/an/a
http://193.143.1.116/nabppcn/an/an/a
http://193.143.1.116/nabm68kn/an/an/a
http://193.143.1.116/nabsh4n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
24
Origin country :
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67bc4511a0fd713c335c97delinux22vpnfull_triage
Tags:
agent virus hype
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67bc37063afc3763bec3744d/reports/e1d8be60-872a-482a-850a-ea89e2462d7b/overview
Verdict:
Malicious
Labled as:
HTML/ExpKit.Gen2
Link:
https://www.hybrid-analysis.com/sample/15e18433ac32b1c07f3b99a486f6562047c0e33b33abc254ae2d5e31650a0c4a
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/15e18433ac32b1c07f3b99a486f6562047c0e33b33abc254ae2d5e31650a0c4a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/15e18433ac32b1c07f3b99a486f6562047c0e33b33abc254ae2d5e31650a0c4a/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-02-24 10:08:11 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cxqyim5mgky4a7z3tgsin5swebd4byz3gov4evfofvpdczikbrfa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250224-l6bc1awns7/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/15e18433ac32b1c07f3b99a486f6562047c0e33b33abc254ae2d5e31650a0c4a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 15e18433ac32b1c07f3b99a486f6562047c0e33b33abc254ae2d5e31650a0c4a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3436409/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3436394/

Comments