MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2a10ffe0367bb1b26ba2c3bc600892c21074725c0b8c9dc9161e6ceb33915460. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2a10ffe0367bb1b26ba2c3bc600892c21074725c0b8c9dc9161e6ceb33915460
SHA3-384 hash: 2fc7e6803a1445e8364317a64d49c455872f4f2f8e47bc636fd3a26861536d8e33e8b16a3e7921560dc641246b6d9c0e
SHA1 hash: 2e763321936858b8a566eaadcaf5a7ce064bbad0
MD5 hash: 5fa825564b4ede126005a88ba9efbb54
humanhash: johnny-missouri-network-bluebird
File name:install.sh
Download: download sample
File size:463 bytes
First seen:2026-04-07 23:12:52 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:JMxwKuMPazNpDmvOKu3WDHFUpOKu3W3RIZOKuzXIQOKuT:u2rEMWOr3WjkOr3W3RIZOrzDOrT
TLSH T176F0DC841EBC96F603C6A824363011DC606E35BE3EC7370170C224EAB27B8009F67B36
Magika shell
Reporter johnk3r
Tags:89-36-224-5 sh
URLMalware sample (SHA256 hash)SignatureTags
http://89.36.224.5/mac/arm/driver/profilern/an/an/a
http://89.36.224.5/mac/intel/driver/profilern/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
48
Origin country :
CH CH
Vendor Threat Intelligence
No detections
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
anti-vm base64 expand fingerprint lolbin
Link:
https://www.filescan.io/uploads/69d58f922346b9da57c69280/reports/d26033d2-87f7-495d-aca2-aaa1f0d52eea/overview
Verdict:
Clean
File Type:
unix shell
Link:
https://opentip.kaspersky.com/2a10ffe0367bb1b26ba2c3bc600892c21074725c0b8c9dc9161e6ceb33915460/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/c1f9f758-9eab-43c9-86bb-4903b53ee2da
Behavior Graph:
Download SVG
%3 guuid=8c19e6cf-1600-0000-871b-022f840e0000 pid=3716 /usr/bin/sudo guuid=5a1f8fd1-1600-0000-871b-022f900e0000 pid=3728 /tmp/sample.bin guuid=8c19e6cf-1600-0000-871b-022f840e0000 pid=3716->guuid=5a1f8fd1-1600-0000-871b-022f900e0000 pid=3728 execve guuid=9ad5d6d1-1600-0000-871b-022f910e0000 pid=3729 /usr/bin/mkdir guuid=5a1f8fd1-1600-0000-871b-022f900e0000 pid=3728->guuid=9ad5d6d1-1600-0000-871b-022f910e0000 pid=3729 execve
Score:
6%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/2a10ffe0367bb1b26ba2c3bc600892c21074725c0b8c9dc9161e6ceb33915460
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2a10ffe0367bb1b26ba2c3bc600892c21074725c0b8c9dc9161e6ceb33915460/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/2a10ffe0367bb1b26ba2c3bc600892c21074725c0b8c9dc9161e6ceb33915460
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fiip7ybwpoy3e25cyo6gacesyiihi4s4bogj3siwdzwowm4rkrqa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260407-27k7ladw2p/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2a10ffe0367bb1b26ba2c3bc600892c21074725c0b8c9dc9161e6ceb33915460

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments