MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 46967cd19c64c4662235dbc105ca6ebc63bceed890ef760860c1dfe496be62a3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 46967cd19c64c4662235dbc105ca6ebc63bceed890ef760860c1dfe496be62a3
SHA3-384 hash: 0d82d1343b77687453ff5126631201685499d8a7cbdcbe5742040b269119544e5c372713f8bb17b8d86c645b961bab34
SHA1 hash: 1c0282a1089fdeb41cec191fd2c7876fc530d2d9
MD5 hash: 3459859d6047536b34180ff1dcb3a551
humanhash: coffee-bacon-uranus-kitten
File name:w.sh
Download: download sample
File size:1'272 bytes
First seen:2025-07-10 17:41:52 UTC
Last seen:2025-07-11 03:45:54 UTC
File type: sh
MIME type:text/plain
ssdeep 24:PcC3WvcBIpvcuNNIUuiu7vcn4K6jvUmr6vAjG7vTNmB7v/vhlvu6evfgvWV2fHA:0fV2H779cmr6YjG7LNmB7XplG6eQuV2o
TLSH T11F2144C90F6380438A3C4F31F45B87B92A8E45E3F4E4EE9561CD5CB35288B24B031E16
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.116.143/HBTs/top1miku.armn/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.arm5n/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.arm6n/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.arm7n/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.m68kn/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.mipsn/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.mpsln/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.ppcn/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.sh4n/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.spcn/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.x86n/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.x86_64n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
25
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=686ffb78900df8e7f869696blinux22vpnfull_triage
Tags:
hype sage
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/686ffb9080b46be06e9e5146/reports/239bf178-d861-46d8-97ad-f9462ed8bbc6/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/3a4005bf-eb05-48ec-baa1-3fe503170c26
Behavior Graph:
Download SVG
%3 guuid=f46994c8-1a00-0000-73a8-89ef7c0c0000 pid=3196 /usr/bin/sudo guuid=40d26ccb-1a00-0000-73a8-89ef800c0000 pid=3200 /tmp/sample.bin guuid=f46994c8-1a00-0000-73a8-89ef7c0c0000 pid=3196->guuid=40d26ccb-1a00-0000-73a8-89ef800c0000 pid=3200 execve guuid=77b9b5cb-1a00-0000-73a8-89ef810c0000 pid=3201 /usr/bin/busybox guuid=40d26ccb-1a00-0000-73a8-89ef800c0000 pid=3200->guuid=77b9b5cb-1a00-0000-73a8-89ef810c0000 pid=3201 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/46967cd19c64c4662235dbc105ca6ebc63bceed890ef760860c1dfe496be62a3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/46967cd19c64c4662235dbc105ca6ebc63bceed890ef760860c1dfe496be62a3/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-07-10 17:42:16 UTC
File Type:
Text (Shell)
AV detection:
13 of 23 (56.52%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=i2lhzum4mtcgmirv3paqlstoxrr3z3wysdxxmcdayhp6jfv6mkrq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250710-v94cmaxvbs/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/46967cd19c64c4662235dbc105ca6ebc63bceed890ef760860c1dfe496be62a3

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 46967cd19c64c4662235dbc105ca6ebc63bceed890ef760860c1dfe496be62a3

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3579513/
  
Delivery method
Distributed via web download

Comments