MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1a62f6ae3a54ae13e206c8b0b9a333bbefdaa1462de784fb233077c4f0bde12f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1a62f6ae3a54ae13e206c8b0b9a333bbefdaa1462de784fb233077c4f0bde12f
SHA3-384 hash: 41fc59f1336cfb889fa2681310793ceae33c58cb02b4b9254fed153e9edb5b06505f1429a51e0bb05572f4b09718e937
SHA1 hash: 479ee424ea2d050839e4028f9de6b5bd5f22c5a1
MD5 hash: fc0fa8cf054f8dc4d8025a1d25c5d75e
humanhash: whiskey-autumn-island-cat
File name:c.sh
Download: download sample
File size:83 bytes
First seen:2026-05-23 07:59:48 UTC
Last seen:2026-05-24 00:38:49 UTC
File type: sh
MIME type:text/plain
ssdeep 3:AjOh5gXVRL/L8ApHKJGNIaoLKJ4Kv:VSP/np0ax4KJp
TLSH T1FFA0126802F51902150CC81121D000291214E0C034D0C133D0187A5120825093841549
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://85.204.125.76/attack_botn/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
3
# of downloads :
51
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6a115eae875badc3b39320b3/reports/b89ac68e-18f9-42c1-ba66-c9eb7c9fd8b0/overview
Verdict:
Clean
File Type:
text
Link:
https://opentip.kaspersky.com/1a62f6ae3a54ae13e206c8b0b9a333bbefdaa1462de784fb233077c4f0bde12f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/36914776-e80f-4930-a629-ed978585f56c
Behavior Graph:
Download SVG
%3 guuid=a5f0f3ce-1600-0000-53e1-aac15b0c0000 pid=3163 /usr/bin/sudo guuid=199102d1-1600-0000-53e1-aac15e0c0000 pid=3166 /tmp/sample.bin guuid=a5f0f3ce-1600-0000-53e1-aac15b0c0000 pid=3163->guuid=199102d1-1600-0000-53e1-aac15e0c0000 pid=3166 execve guuid=f77f49d1-1600-0000-53e1-aac15f0c0000 pid=3167 /usr/bin/curl net send-data write-file guuid=199102d1-1600-0000-53e1-aac15e0c0000 pid=3166->guuid=f77f49d1-1600-0000-53e1-aac15f0c0000 pid=3167 execve guuid=03d75eef-1600-0000-53e1-aac17a0c0000 pid=3194 /usr/bin/chmod guuid=199102d1-1600-0000-53e1-aac15e0c0000 pid=3166->guuid=03d75eef-1600-0000-53e1-aac17a0c0000 pid=3194 execve guuid=9331a5ef-1600-0000-53e1-aac17b0c0000 pid=3195 /home/sandbox/bot net guuid=199102d1-1600-0000-53e1-aac15e0c0000 pid=3166->guuid=9331a5ef-1600-0000-53e1-aac17b0c0000 pid=3195 execve f02c14ef-f735-5e79-81f5-063b232980ef 85.204.125.76:80 guuid=f77f49d1-1600-0000-53e1-aac15f0c0000 pid=3167->f02c14ef-f735-5e79-81f5-063b232980ef send: 87B 53c94186-be21-557b-8480-07ed948c978d 85.204.125.76:12345 guuid=9331a5ef-1600-0000-53e1-aac17b0c0000 pid=3195->53c94186-be21-557b-8480-07ed948c978d con
Score:
87%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/1a62f6ae3a54ae13e206c8b0b9a333bbefdaa1462de784fb233077c4f0bde12f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1a62f6ae3a54ae13e206c8b0b9a333bbefdaa1462de784fb233077c4f0bde12f/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/1a62f6ae3a54ae13e206c8b0b9a333bbefdaa1462de784fb233077c4f0bde12f
Threat name:
Script.Trojan.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2026-05-23 08:00:51 UTC
File Type:
Text (Shell)
AV detection:
1 of 23 (4.35%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=djrpnlr2ksxbhyqgzcyltiztxpx5vikgfxtyj6zdgb34j4f54exq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260523-jwdn9sg15z/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1a62f6ae3a54ae13e206c8b0b9a333bbefdaa1462de784fb233077c4f0bde12f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 1a62f6ae3a54ae13e206c8b0b9a333bbefdaa1462de784fb233077c4f0bde12f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3851951/
  
Delivery method
Distributed via web download

Comments