MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48d078161342fa5030a912421ba342e710e1123b2329e87b661917f530633811. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48d078161342fa5030a912421ba342e710e1123b2329e87b661917f530633811
SHA3-384 hash: 9cdda64d81ef350cc18c0a688fd1fda9606ccb1af3c828e7a6a808b57d1653cf045d510ebae4cf16a2727cb5b42c6009
SHA1 hash: a8a326085dc17dcb9371fdd2a240227b3e270690
MD5 hash: 674571922b008ee2a968ec05088a17f7
humanhash: august-steak-failed-uniform
File name:payload_universal.txt
Download: download sample
File size:634 bytes
First seen:2026-01-11 06:42:18 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:SJo7qGvj5qFHpo7qGSGj5kHS7gK7qCvcXo7qGvj56HS7gK7qCvcRGj5fj5pj5S5H:ggpcFHpgpVxvUgpbxvMCRy
TLSH T176F0FBFAF530806271D955FEB98DF4342FAB4CAF98A829091147CAB1504C58DD40C675
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://boberkurwa.phoneparts.icu:80/gay.shn/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox masquerade
Link:
https://www.filescan.io/uploads/69635a3a07ef5fa68e842840/reports/424f0195-be08-4bc7-b90f-3eb26743d779/overview
Verdict:
Suspicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/48d078161342fa5030a912421ba342e710e1123b2329e87b661917f530633811
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a7e03a4c-3653-46c5-921b-9112531d1f4c
Behavior Graph:
Download SVG
%3 guuid=258cd6ce-1a00-0000-4107-2a5d5a0d0000 pid=3418 /usr/bin/sudo guuid=8b2a37d1-1a00-0000-4107-2a5d620d0000 pid=3426 /tmp/sample.bin guuid=258cd6ce-1a00-0000-4107-2a5d5a0d0000 pid=3418->guuid=8b2a37d1-1a00-0000-4107-2a5d620d0000 pid=3426 execve guuid=93219ed1-1a00-0000-4107-2a5d630d0000 pid=3427 /usr/bin/wget dns net send-data guuid=8b2a37d1-1a00-0000-4107-2a5d620d0000 pid=3426->guuid=93219ed1-1a00-0000-4107-2a5d630d0000 pid=3427 execve guuid=9e5ae6d7-1a00-0000-4107-2a5d780d0000 pid=3448 /usr/bin/curl guuid=8b2a37d1-1a00-0000-4107-2a5d620d0000 pid=3426->guuid=9e5ae6d7-1a00-0000-4107-2a5d780d0000 pid=3448 execve guuid=363a3fe2-1a00-0000-4107-2a5d900d0000 pid=3472 /usr/bin/busybox dns net send-data guuid=8b2a37d1-1a00-0000-4107-2a5d620d0000 pid=3426->guuid=363a3fe2-1a00-0000-4107-2a5d900d0000 pid=3472 execve guuid=f318d5e6-1a00-0000-4107-2a5d9f0d0000 pid=3487 /usr/bin/busybox dns net send-data guuid=8b2a37d1-1a00-0000-4107-2a5d620d0000 pid=3426->guuid=f318d5e6-1a00-0000-4107-2a5d9f0d0000 pid=3487 execve guuid=756861eb-1a00-0000-4107-2a5dae0d0000 pid=3502 /usr/bin/chmod guuid=8b2a37d1-1a00-0000-4107-2a5d620d0000 pid=3426->guuid=756861eb-1a00-0000-4107-2a5dae0d0000 pid=3502 execve guuid=21beb6eb-1a00-0000-4107-2a5daf0d0000 pid=3503 /tmp/bins.sh guuid=8b2a37d1-1a00-0000-4107-2a5d620d0000 pid=3426->guuid=21beb6eb-1a00-0000-4107-2a5daf0d0000 pid=3503 execve 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=93219ed1-1a00-0000-4107-2a5d630d0000 pid=3427->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 172B guuid=9e5ae6d7-1a00-0000-4107-2a5d780d0000 pid=3461 /usr/bin/curl dns net send-data guuid=9e5ae6d7-1a00-0000-4107-2a5d780d0000 pid=3448->guuid=9e5ae6d7-1a00-0000-4107-2a5d780d0000 pid=3461 clone guuid=9e5ae6d7-1a00-0000-4107-2a5d780d0000 pid=3461->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 172B guuid=363a3fe2-1a00-0000-4107-2a5d900d0000 pid=3472->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 172B guuid=f318d5e6-1a00-0000-4107-2a5d9f0d0000 pid=3487->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 172B
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/48d078161342fa5030a912421ba342e710e1123b2329e87b661917f530633811/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jdihqfqtil5famfjcjbbxi2c44iocer3emu6q63gdel7kmddhaiq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260111-jz6jfsew8e/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/48d078161342fa5030a912421ba342e710e1123b2329e87b661917f530633811

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 48d078161342fa5030a912421ba342e710e1123b2329e87b661917f530633811

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3755948/
  
Delivery method
Distributed via web download

Comments