MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 411f61a18b783ea8f33da8c2c30c7ae575e6e8c157ef2c9d103096904ae22349. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 5
| SHA256 hash: | 411f61a18b783ea8f33da8c2c30c7ae575e6e8c157ef2c9d103096904ae22349 |
|---|---|
| SHA3-384 hash: | 19fcefd7d40b85c645f1cc696d21206ca8f1b928ec212d2d8f195ac2f9cf576f603f8ffbbdb102cfa1372c0a07f36f43 |
| SHA1 hash: | 7abd94ee23e01e4e4d9c4e01952423295720adfd |
| MD5 hash: | 91e0fbb0e571e290ce0487ea6521b154 |
| humanhash: | xray-white-princess-two |
| File name: | curl.sh |
| Download: | download sample |
| File size: | 957 bytes |
| First seen: | 2025-06-22 11:53:16 UTC |
| Last seen: | 2025-06-23 00:30:59 UTC |
| File type: | sh |
| MIME type: | text/plain |
| ssdeep | 24:3J3h6I06I16IRGNINQ6InK46Ie6Iz6IGf6I3G6Iai6II6I6f:Lp0p1pQpnbpepzpGfp3GpaipIp6f |
| TLSH | T19411EBED8059740767359C30B03D6A49E486C6E036A4D681F0EED4F7E1A923B43B5B9A |
| Magika | txt |
| Reporter |  abuse_ch |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://api.trumdvfb.com/skibidi/cutearm | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutearm5 | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutearm6 | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutearm7 | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutem68k | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutemips | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutempsl | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutepowerpc | n/a | n/a | botnetdomain elf ua-wget |
| http://api.trumdvfb.com/skibidi/cutesh4 | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutex86 | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutex86_64 | n/a | n/a | n/a |
Intelligence
File Origin
# of uploads :
2
# of downloads :
60
Origin country :
DEVendor Threat Intelligence
Detection(s):
Verdict:
Clean
Score:
84.2%
Link:
Tags:
n/a
Verdict:
Unknown
Threat level:
2.5/10
Confidence:
100%
Tags:
lolbin mirai remote
Status:
terminated
Behavior Graph:
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Threat name:
Document-HTML.Downloader.Heuristic
Status:
Malicious
First seen:
2025-06-22 11:54:23 UTC
File Type:
Text (Shell)
AV detection:
9 of 38 (23.68%)
Threat level:
2/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
3/10
Tags:
n/a
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh 411f61a18b783ea8f33da8c2c30c7ae575e6e8c157ef2c9d103096904ae22349
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.