MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 453096b73372f1a001c7e2f93b00fa095c8e0c5534f4ace6ede0bda4196fe69f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 453096b73372f1a001c7e2f93b00fa095c8e0c5534f4ace6ede0bda4196fe69f
SHA3-384 hash: f66fa64abc3c41a15e8e3c89a1dd780c6947155bc45d5cd8479d0c9f7d9163e613355969b9d9cb6f7ab6956aece4d5cc
SHA1 hash: 0018e573fc9c689e717c38963af1bbf869fe1e76
MD5 hash: f8b94ba51d375426f4b52eb6e84d41e0
humanhash: fillet-beryllium-alabama-bulldog
File name:20260529-054035_sftp__tmp_bendi_py
Download: download sample
File size:32'768 bytes
First seen:2026-05-29 12:03:43 UTC
Last seen:Never
File type:
MIME type:text/x-script.python
ssdeep 384:HGkGO/0fbxyAXtAn/q8jU3R1Ohb8IXQME5eTGZN9tqeyjtdV80zyulLP4HXAmHri:HcbOC8jm+8IgMMv0dVdyHbLw7vrrRPh
TLSH T1B8E208018C191EF1D38BC26D7F89D45562262A1B16157838FFECD6902F8CB3542F9ABE
Magika python
Reporter hett
Tags:honeypot linux proxyware py Python shardlure traffmonetizer


Avatar
hett
Captured by ShardLure honeypot. Suspected family: Traffmonetizer. File kind: Python (no shebang). Captured: 2026-05-29.

Intelligence

File Origin
# of uploads :
1
# of downloads :
17
Origin country :
US US
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a199392c73fda38a80aad9b
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
bash fingerprint lolbin
Link:
https://www.filescan.io/uploads/6a19938e099ef368af0cc0b1/reports/c06816e6-4981-4397-af7b-79a2087ffe5b/overview
Verdict:
Suspicious
Labled as:
Python/Agent.BQD trojan
Link:
https://www.hybrid-analysis.com/sample/453096b73372f1a001c7e2f93b00fa095c8e0c5534f4ace6ede0bda4196fe69f
Verdict:
Unknown
File Type:
ps1
Link:
https://opentip.kaspersky.com/453096b73372f1a001c7e2f93b00fa095c8e0c5534f4ace6ede0bda4196fe69f/results?tab=lookup
Score:
75%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/453096b73372f1a001c7e2f93b00fa095c8e0c5534f4ace6ede0bda4196fe69f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/453096b73372f1a001c7e2f93b00fa095c8e0c5534f4ace6ede0bda4196fe69f/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iuyjnnztoly2aaoh4l4twah2bfoi4dcvgt2kzzxn4c62iglp42pq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260529-qnmerscv5s/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/453096b73372f1a001c7e2f93b00fa095c8e0c5534f4ace6ede0bda4196fe69f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:telebot_framework
Create hunting rule
Author:vietdx.mb
Rule name:telegram_bot_api
Create hunting rule
Author:rectifyq
Description:Detects file containing Telegram Bot API

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Link
cowrie-download:20260529-054035_sftp__tmp_bendi_py
  
Delivery method
Other

Comments