MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2505a245ffcbf7bbcb0d9d919fcc3ba76f13aa66993f7d9099e9bd56fd2657d1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2505a245ffcbf7bbcb0d9d919fcc3ba76f13aa66993f7d9099e9bd56fd2657d1
SHA3-384 hash: 59dd7ad2635dfdf25c85e6accd52aaabbc529d8507d8ce534856b891ce749808f85c22a429a8262141dc2da3cc6ba0c0
SHA1 hash: 9b08c3ee65eb4cab6af88edad51625ab2e308495
MD5 hash: c6990928f20529a4b16c316ec35435e9
humanhash: salami-angel-xray-single
File name:abc3.sh
Download: download sample
File size:726 bytes
First seen:2024-11-02 02:56:47 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:Eopp4KXp/NIl5Tpvc0LKIXp3DObpvpXpxIpbuSTpgQtNp47pTvOvbTpTTDjn:E2pb/NI7NvfKI53DQvp5xWbuOztbgTGZ
TLSH T1F10104EEF1562C51CA04CF18F067097462C6DFCCA295AB7AB9D47D32B1E55107015F46
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
64
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=672595078d23d9049132a3c4linux22vpnfull_triage
Tags:
trojan agent overt
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67259501f392b832c9d02991/reports/d6d933bb-c0a3-4847-93e5-233dbba917b4/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/2505a245ffcbf7bbcb0d9d919fcc3ba76f13aa66993f7d9099e9bd56fd2657d1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2505a245ffcbf7bbcb0d9d919fcc3ba76f13aa66993f7d9099e9bd56fd2657d1/
Threat name:
Win32.Trojan.Gafgyt
Create hunting rule
Status:
Malicious
First seen:
2023-06-15 04:32:07 UTC
File Type:
Text (Shell)
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=euc2erp7zp33xsyntwiz7tb3u5xrhktgte7x3eez5g6vn7jgk7iq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/241102-dfphyazlgr/
Behaviour
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies registry class
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2505a245ffcbf7bbcb0d9d919fcc3ba76f13aa66993f7d9099e9bd56fd2657d1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 2505a245ffcbf7bbcb0d9d919fcc3ba76f13aa66993f7d9099e9bd56fd2657d1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3270748/
  
Delivery method
Distributed via web download

Comments