MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f501c1e60333b10d8aa7543bb6fa9ae69439a71b6b12d8a0d4fbbdcd079cb3c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f501c1e60333b10d8aa7543bb6fa9ae69439a71b6b12d8a0d4fbbdcd079cb3c
SHA3-384 hash: 373559d354490d5de0c3694e201d37918b46b282544ba02a56e715f85f38b700c306e5d3a41c7f816e5354b182709d49
SHA1 hash: 7444f2e661b2936522291abfaaf2e3ae16a35f31
MD5 hash: 5c82f557738311c1299bd3f9e9c3fa2f
humanhash: double-nebraska-idaho-lithium
File name:m
Download: download sample
File size:554 bytes
First seen:2026-03-02 03:09:47 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:MquhRnFxvhsQiMDfYd0lG5YYnfbBeYYHj6X:MfnnDh+CYdAG5Y0ofD6X
TLSH T163F0264000E33D92A3765D589454C94D21572753A293BF34A1F14BD51F7B0C0739F7C5
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://ext-checkdin.vercel.app/api/tokenln/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 bash lolbin obfuscated
Link:
https://www.filescan.io/uploads/69a539f097feb4afd663bec3/reports/2eb21d4a-4168-4f0e-be09-fd55b1a00a76/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/1f501c1e60333b10d8aa7543bb6fa9ae69439a71b6b12d8a0d4fbbdcd079cb3c
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ae069eba-b636-4085-97d3-772aae24f47e
Behavior Graph:
Download SVG
%3 guuid=2a2b5a2a-1b00-0000-ac88-c869740c0000 pid=3188 /usr/bin/sudo guuid=7f95012c-1b00-0000-ac88-c869790c0000 pid=3193 /tmp/sample.bin guuid=2a2b5a2a-1b00-0000-ac88-c869740c0000 pid=3188->guuid=7f95012c-1b00-0000-ac88-c869790c0000 pid=3193 execve guuid=8f3b492c-1b00-0000-ac88-c8697b0c0000 pid=3195 /usr/bin/mkdir guuid=7f95012c-1b00-0000-ac88-c869790c0000 pid=3193->guuid=8f3b492c-1b00-0000-ac88-c8697b0c0000 pid=3195 execve guuid=085ca32c-1b00-0000-ac88-c8697c0c0000 pid=3196 /usr/bin/clear guuid=7f95012c-1b00-0000-ac88-c869790c0000 pid=3193->guuid=085ca32c-1b00-0000-ac88-c8697c0c0000 pid=3196 execve
Score:
43%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/1f501c1e60333b10d8aa7543bb6fa9ae69439a71b6b12d8a0d4fbbdcd079cb3c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1f501c1e60333b10d8aa7543bb6fa9ae69439a71b6b12d8a0d4fbbdcd079cb3c/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d5ibyhtagm5rbwfkovb3w35jvzuuhgtrw2ys3cqnj655zudzzm6a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260302-h5lkssaz6c/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/1f501c1e60333b10d8aa7543bb6fa9ae69439a71b6b12d8a0d4fbbdcd079cb3c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 1f501c1e60333b10d8aa7543bb6fa9ae69439a71b6b12d8a0d4fbbdcd079cb3c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3787692/
  
Delivery method
Distributed via web download

Comments