MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4555f384e6cd3fd59059d91f0a60f2bb0bf3ea890bf23aa06d8d9c852809a383. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4555f384e6cd3fd59059d91f0a60f2bb0bf3ea890bf23aa06d8d9c852809a383
SHA3-384 hash: 171a096fcae0e7825864bff012f015add3f2d4224b6ac8cdf613dc6edc1b46354b77ad6107122816d944be0c1d17f82e
SHA1 hash: d5ee53fe941df056adf1f4cc9e3f24e3bb4eec0d
MD5 hash: 9e00c8d0bb07b1db2b2a0de95b294bce
humanhash: oranges-connecticut-wisconsin-wisconsin
File name:all.sh
Download: download sample
File size:762 bytes
First seen:2025-12-26 19:57:04 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:YkF1kcClZF70SuZHFAZHFlZHFW9FS1C+FM5gFDL9FSfC+FMDgFDPA1LRPb:ZDkH/FbuZHFAZHFlZHFW9FUFM5gF39FB
TLSH T1AB01B5C821B5307079A6D8FA4E320D2C30C690653DC62CB93977F8DE6B99D00F4668AD
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://92.119.164.209/huhu/titanjr.n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
22
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/694ee8b23f8fdbf8e952e861/reports/4b46538c-461f-49c8-8fad-63046504ef16/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/3951c69e-a3cf-4c59-aaf5-884def43dea7
Behavior Graph:
Download SVG
%3 guuid=f589b3ae-1900-0000-2b04-752e42090000 pid=2370 /usr/bin/sudo guuid=a1ffeeb0-1900-0000-2b04-752e47090000 pid=2375 /tmp/sample.bin guuid=f589b3ae-1900-0000-2b04-752e42090000 pid=2370->guuid=a1ffeeb0-1900-0000-2b04-752e47090000 pid=2375 execve guuid=5f696cb1-1900-0000-2b04-752e4a090000 pid=2378 /usr/bin/wget guuid=a1ffeeb0-1900-0000-2b04-752e47090000 pid=2375->guuid=5f696cb1-1900-0000-2b04-752e4a090000 pid=2378 execve
Score:
95%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4555f384e6cd3fd59059d91f0a60f2bb0bf3ea890bf23aa06d8d9c852809a383
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4555f384e6cd3fd59059d91f0a60f2bb0bf3ea890bf23aa06d8d9c852809a383/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/4555f384e6cd3fd59059d91f0a60f2bb0bf3ea890bf23aa06d8d9c852809a383
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ivk7hbhgzu75lecz3epquyhsxmf7h2ujbpzdvidnrwoikkajuobq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
linux
Link:
https://tria.ge/reports/251226-yph3qstrbs/
Behaviour
Writes file to tmp directory
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 4555f384e6cd3fd59059d91f0a60f2bb0bf3ea890bf23aa06d8d9c852809a383

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3744222/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3744229/

Comments