MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 350f78ceec8ae8762b0b279437a983c07fd85f68d9d91f3476becf302c7b3ea5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 350f78ceec8ae8762b0b279437a983c07fd85f68d9d91f3476becf302c7b3ea5
SHA3-384 hash: eb8c06a5d69d46765f5806733ea21ac118f92529da6f442cf0f52473b0a9bc0bd588735f00a68c4a6ff4ed91642f72c8
SHA1 hash: bc1cd8b8b6109595fb56d31ae384dd370e2cbd46
MD5 hash: 39f2cdcae9a6b28454e7720eb0f58d79
humanhash: lactose-foxtrot-robin-xray
File name:ftpget.sh
Download: download sample
File size:554 bytes
First seen:2026-02-17 06:09:20 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:biCdzB1dzBebPdza+dzaodgdzoAdzohdzoGdzoXhFPdzo4tdzoha0LK27:bzdzXdzMbPdzVdztdgdzVdzYdzPdzehI
TLSH T140F0125676E26FF344A8EE8D621E66953227786C6C0C4A58E4DF601FAF74AC0BC10504
Magika txt
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
47
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.BV.Downloader-AEH.57695852.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/69940611930564ff3ca505cb/reports/5fd94e3b-dc29-4819-b298-3d3108099afc/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/450b8d16-a8f3-438e-84ee-69c7056fa348
Behavior Graph:
Download SVG
%3 guuid=b5ea692b-1700-0000-d867-f4b24a0d0000 pid=3402 /usr/bin/sudo guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409 /tmp/sample.bin guuid=b5ea692b-1700-0000-d867-f4b24a0d0000 pid=3402->guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409 execve guuid=9e488d2d-1700-0000-d867-f4b2530d0000 pid=3411 /usr/bin/rm delete-file guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=9e488d2d-1700-0000-d867-f4b2530d0000 pid=3411 execve guuid=8873032e-1700-0000-d867-f4b2550d0000 pid=3413 /usr/bin/busybox net send-data write-file guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=8873032e-1700-0000-d867-f4b2550d0000 pid=3413 execve guuid=c1784547-1700-0000-d867-f4b2920d0000 pid=3474 /usr/bin/chmod guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=c1784547-1700-0000-d867-f4b2920d0000 pid=3474 execve guuid=71658f47-1700-0000-d867-f4b2930d0000 pid=3475 /usr/bin/dash guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=71658f47-1700-0000-d867-f4b2930d0000 pid=3475 clone guuid=24135f48-1700-0000-d867-f4b2970d0000 pid=3479 /usr/bin/busybox net send-data write-file guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=24135f48-1700-0000-d867-f4b2970d0000 pid=3479 execve guuid=39e5fa6e-1700-0000-d867-f4b2cd0d0000 pid=3533 /usr/bin/chmod guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=39e5fa6e-1700-0000-d867-f4b2cd0d0000 pid=3533 execve guuid=cdea6e6f-1700-0000-d867-f4b2ce0d0000 pid=3534 /usr/bin/dash guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=cdea6e6f-1700-0000-d867-f4b2ce0d0000 pid=3534 clone guuid=6b796570-1700-0000-d867-f4b2d20d0000 pid=3538 /usr/bin/busybox net send-data write-file guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=6b796570-1700-0000-d867-f4b2d20d0000 pid=3538 execve guuid=6b4580d4-1700-0000-d867-f4b28b0e0000 pid=3723 /usr/bin/chmod guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=6b4580d4-1700-0000-d867-f4b28b0e0000 pid=3723 execve guuid=e892f2d4-1700-0000-d867-f4b28d0e0000 pid=3725 /usr/bin/dash guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=e892f2d4-1700-0000-d867-f4b28d0e0000 pid=3725 clone guuid=c0c5e5d6-1700-0000-d867-f4b2950e0000 pid=3733 /usr/bin/busybox net send-data write-file guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=c0c5e5d6-1700-0000-d867-f4b2950e0000 pid=3733 execve guuid=533834ee-1700-0000-d867-f4b2cc0e0000 pid=3788 /usr/bin/chmod guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=533834ee-1700-0000-d867-f4b2cc0e0000 pid=3788 execve guuid=3007f5ee-1700-0000-d867-f4b2cf0e0000 pid=3791 /usr/bin/dash guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=3007f5ee-1700-0000-d867-f4b2cf0e0000 pid=3791 clone guuid=609a1ff1-1700-0000-d867-f4b2d60e0000 pid=3798 /usr/bin/busybox net send-data write-file guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=609a1ff1-1700-0000-d867-f4b2d60e0000 pid=3798 execve guuid=9f1de909-1800-0000-d867-f4b2150f0000 pid=3861 /usr/bin/chmod guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=9f1de909-1800-0000-d867-f4b2150f0000 pid=3861 execve guuid=1dc5600a-1800-0000-d867-f4b2170f0000 pid=3863 /usr/bin/dash guuid=45eb572d-1700-0000-d867-f4b2510d0000 pid=3409->guuid=1dc5600a-1800-0000-d867-f4b2170f0000 pid=3863 clone 75167e6f-3751-590c-b5ff-464233fa7e5e 113.30.152.240:21 guuid=8873032e-1700-0000-d867-f4b2550d0000 pid=3413->75167e6f-3751-590c-b5ff-464233fa7e5e send: 78B 07741b29-9bc5-52c0-a314-8c6915940de7 113.30.152.240:39459 guuid=8873032e-1700-0000-d867-f4b2550d0000 pid=3413->07741b29-9bc5-52c0-a314-8c6915940de7 con guuid=24135f48-1700-0000-d867-f4b2970d0000 pid=3479->75167e6f-3751-590c-b5ff-464233fa7e5e send: 78B 348bd29e-c237-54fd-b089-2f0817d4a329 113.30.152.240:42253 guuid=24135f48-1700-0000-d867-f4b2970d0000 pid=3479->348bd29e-c237-54fd-b089-2f0817d4a329 con guuid=6b796570-1700-0000-d867-f4b2d20d0000 pid=3538->75167e6f-3751-590c-b5ff-464233fa7e5e send: 78B e5240ad3-cae8-5d25-b8ae-051175c50a73 113.30.152.240:39651 guuid=6b796570-1700-0000-d867-f4b2d20d0000 pid=3538->e5240ad3-cae8-5d25-b8ae-051175c50a73 con guuid=c0c5e5d6-1700-0000-d867-f4b2950e0000 pid=3733->75167e6f-3751-590c-b5ff-464233fa7e5e send: 78B 182b785e-6446-5f4a-b577-27a7e95f0f4d 113.30.152.240:43931 guuid=c0c5e5d6-1700-0000-d867-f4b2950e0000 pid=3733->182b785e-6446-5f4a-b577-27a7e95f0f4d con guuid=609a1ff1-1700-0000-d867-f4b2d60e0000 pid=3798->75167e6f-3751-590c-b5ff-464233fa7e5e send: 78B 353f13ae-150c-5644-86f1-3991a0ac9195 113.30.152.240:37087 guuid=609a1ff1-1700-0000-d867-f4b2d60e0000 pid=3798->353f13ae-150c-5644-86f1-3991a0ac9195 con
Score:
22%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/350f78ceec8ae8762b0b279437a983c07fd85f68d9d91f3476becf302c7b3ea5
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/350f78ceec8ae8762b0b279437a983c07fd85f68d9d91f3476becf302c7b3ea5/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/350f78ceec8ae8762b0b279437a983c07fd85f68d9d91f3476becf302c7b3ea5
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=guhxrtxmrluhmkyle6kdpkmdyb75qx3i3hmr6ndwx3htald3h2sq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260217-gw7agag13c/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/350f78ceec8ae8762b0b279437a983c07fd85f68d9d91f3476becf302c7b3ea5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 350f78ceec8ae8762b0b279437a983c07fd85f68d9d91f3476becf302c7b3ea5

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3718747/
  
Delivery method
Distributed via web download

Comments