MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1bfe11abe577bb56a8b8d2bb98a9d244721d3da75660ae78ca5b0b941e4497bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1bfe11abe577bb56a8b8d2bb98a9d244721d3da75660ae78ca5b0b941e4497bd
SHA3-384 hash: c5732f8ddc99e0e447ca383db3e92942d02d4765aaca954ec6b368be0f4684b6455b5192484f5469a2993c5dd7878f17
SHA1 hash: 1c1f7858fe248297a78a311c159e1361f4396c0a
MD5 hash: 6f1906756cf7c7440c74548b189a3259
humanhash: cardinal-thirteen-beryllium-low
File name:1bfe11abe577bb56a8b8d2bb98a9d244721d3da75660ae78ca5b0b941e4497bd.sh
Download: download sample
File size:8'329 bytes
First seen:2026-02-22 13:21:28 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:cnRu9RZnB6/a9lwnmtAlwn8qAlwni+JYlrEJ0/hE/x/alr+1JYlrMBsJYlriSJY+:cRuhB6BKlmlVkxafdYx36HISISVYidkv
TLSH T17302827125F20C333A705984B2772BA6AB76D95385E3318C35DE2E366F86F02B5AF411
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.77.132.13/jfowijfoiwejfoiwjefoijwefjio87.138.104.129n/an/an/a
http://222.186.52.155:21541/sh/AV.shn/an/abash
http://222.186.52.155:21541/sh/5053.shn/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
58
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/699b033e97feb4afd651d9e6/reports/5de25ee0-45fd-4b4b-a2eb-0a1508174508/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/1bfe11abe577bb56a8b8d2bb98a9d244721d3da75660ae78ca5b0b941e4497bd/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/6efe46bb-5a64-4606-b618-1808b621248e
Behavior Graph:
Download SVG
%3 guuid=262596c7-1900-0000-70b5-dd668f090000 pid=2447 /usr/bin/sudo guuid=d764aec9-1900-0000-70b5-dd6695090000 pid=2453 /tmp/sample.bin guuid=262596c7-1900-0000-70b5-dd668f090000 pid=2447->guuid=d764aec9-1900-0000-70b5-dd6695090000 pid=2453 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/1bfe11abe577bb56a8b8d2bb98a9d244721d3da75660ae78ca5b0b941e4497bd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1bfe11abe577bb56a8b8d2bb98a9d244721d3da75660ae78ca5b0b941e4497bd/
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-22 13:23:39 UTC
File Type:
Text (HTML)
AV detection:
5 of 23 (21.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dp7bdk7fo65vnkfy2k5zrkosirzb2pnhkzqk46gklmfzihses66q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qnttvadx4e/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1bfe11abe577bb56a8b8d2bb98a9d244721d3da75660ae78ca5b0b941e4497bd

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 1bfe11abe577bb56a8b8d2bb98a9d244721d3da75660ae78ca5b0b941e4497bd

(this sample)

6f62167f649c5f698b409b90313d4774ae315604dc19a4279322ef2bfce84a83

  
URLhaus
https://urlhaus.abuse.ch/url/3783426/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ced37376359e40861e83a118e4234423
  
Dropping
SHA256 6f62167f649c5f698b409b90313d4774ae315604dc19a4279322ef2bfce84a83

Comments