MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 211b9a247ea5604328eb6453c45d6164d06ebf33ed06158234e2e915beb15ab5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 211b9a247ea5604328eb6453c45d6164d06ebf33ed06158234e2e915beb15ab5
SHA3-384 hash: cbc442cea87c42199e455b75d6f17de2570fae5cf59fb73866d5841601ffddf25a3fdbc2c7e5ccdf380459cbfb00d597
SHA1 hash: 8c5802311cb5fa51cfb4f18eecc4bb59d3884531
MD5 hash: f3a4e53cb81be22bf99e9c3552502ce2
humanhash: london-item-foxtrot-skylark
File name:211b9a247ea5604328eb6453c45d6164d06ebf33ed06158234e2e915beb15ab5.sh
Download: download sample
File size:7'989 bytes
First seen:2026-02-22 13:18:36 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:cLu7B65NGr+QC+wN909VM9tQIBvIB6IBDIB7I5Xp6fX6fi6f46fm6f9:cLul6jYRCv+cnQ4fcQQ
TLSH T1C8F1E67025F18C732E24AA40F2372BA5ABB6E91745E7318C35CE2D265F97B41A0FF415
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://95.214.27.141/av.shn/an/an/a
http://38.6.178.140/easy.shn/an/an/a
http://38.6.178.140/easy_cloud.shn/an/an/a
http://154.9.30.146/srb.shn/an/aelf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
6
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/699b027491ad9169e53336cf/reports/298e3794-bcc4-4115-8eb7-e8125702575d/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/211b9a247ea5604328eb6453c45d6164d06ebf33ed06158234e2e915beb15ab5/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/aa62bf9d-293b-40f0-ab9c-b90720859dce
Behavior Graph:
Download SVG
%3 guuid=e31e38fb-1900-0000-458c-0b90d7090000 pid=2519 /usr/bin/sudo guuid=b29fc0fd-1900-0000-458c-0b90de090000 pid=2526 /tmp/sample.bin guuid=e31e38fb-1900-0000-458c-0b90d7090000 pid=2519->guuid=b29fc0fd-1900-0000-458c-0b90de090000 pid=2526 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/211b9a247ea5604328eb6453c45d6164d06ebf33ed06158234e2e915beb15ab5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/211b9a247ea5604328eb6453c45d6164d06ebf33ed06158234e2e915beb15ab5/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eenzujd6uvqegkhlmrj4ixlbmtig5pzt5udblaru4lurlpvrlk2q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qkssdads7h/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/211b9a247ea5604328eb6453c45d6164d06ebf33ed06158234e2e915beb15ab5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 211b9a247ea5604328eb6453c45d6164d06ebf33ed06158234e2e915beb15ab5

(this sample)

007f065e58d07a799a21a2849a3907334abca1a31392e638d9343126079ca9b5

  
URLhaus
https://urlhaus.abuse.ch/url/3783213/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c488c5f8367ad4612d371973e8aed705
  
Dropping
SHA256 007f065e58d07a799a21a2849a3907334abca1a31392e638d9343126079ca9b5

Comments