MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e4f37e2c4faf9db8e2cbf0b5ad1b616166ba45a5113c4d80f64d3f4f11ead1e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	1e4f37e2c4faf9db8e2cbf0b5ad1b616166ba45a5113c4d80f64d3f4f11ead1e
SHA3-384 hash:	c47d7ae1c1ffbe502c49818dc3ce38826e129bb1f01257680f7d84ba07128314900e3dd3e6d181783f79b205db1b1aa7
SHA1 hash:	497b0a352b05769120c38ffbc021e7d9078a82c8
MD5 hash:	e1ec6210ad16578b244a9f4c3d160083
humanhash:	neptune-eleven-texas-bacon
File name:	geo
Download:	download sample
File size:	422 bytes
First seen:	2026-02-08 19:35:22 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:QvWXOp845iKb4IUKAMKxUeutIqNEAqXs9nIqABjbEAqXsrVFbEAqXs7:QvQ05pELMKa1IYEKIDFbEeFbE4
TLSH	T113E02BCE459344268E4CDD88BAD266102C5982D217F41D61FF589D3378DE44D3318AD5
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://130.12.180.126/crack	n/a	n/a	elf ua-wget

Intelligence

File Origin

# of uploads :

1

# of downloads :

39

Origin country :

DE

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Labled as:

TrojanDownloader/Linux.Shell

Link:

https://www.hybrid-analysis.com/sample/1e4f37e2c4faf9db8e2cbf0b5ad1b616166ba45a5113c4d80f64d3f4f11ead1e

Result

Gathering data

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/ac935d7a-a65a-4277-bae2-c6ecdea8a425

Score:

93%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/1e4f37e2c4faf9db8e2cbf0b5ad1b616166ba45a5113c4d80f64d3f4f11ead1e

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1e4f37e2c4faf9db8e2cbf0b5ad1b616166ba45a5113c4d80f64d3f4f11ead1e/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dzhtpywe7l45xdrmx4fvvunwcylgxjc2kej4jwapmtj7j4i6vupa._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/1e4f37e2c4faf9db8e2cbf0b5ad1b616166ba45a5113c4d80f64d3f4f11ead1e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 1e4f37e2c4faf9db8e2cbf0b5ad1b616166ba45a5113c4d80f64d3f4f11ead1e

(this sample)

elf 74973d963dd84473230a95e7bbff5c2d1042e2c22c705d5a140bc7a41d0e725f

elf 790cb9fdb87da32e78c5547b08cc62ae47783bdded54cb7206d9161f937ab819

URLhaus

https://urlhaus.abuse.ch/url/3774748/

Delivery method

Distributed via web download

Dropping

MD5 2a7cc34fc0ccad7a8d3985e84e46defa

Dropping

SHA256 790cb9fdb87da32e78c5547b08cc62ae47783bdded54cb7206d9161f937ab819

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample