MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b8884a5bf023d35920a8554d4b3d56deeaf9c5ca8b629bd691e22e25a22c8be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4b8884a5bf023d35920a8554d4b3d56deeaf9c5ca8b629bd691e22e25a22c8be
SHA3-384 hash: a5c1fe0b40c9b0e84e4659ca8e213383e67cd9b6c55e8cf6ea3e1c387afa3c7f6f99ff077808d7f21ed73ed260b7ac3e
SHA1 hash: 306687edeed5d9c95f8b7a65b74384cd705a8081
MD5 hash: 5e46fd3497480b4cecdbe52088935782
humanhash: grey-music-asparagus-river
File name:payload_wget.txt
Download: download sample
File size:120 bytes
First seen:2026-01-11 06:38:38 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:GRFJNCiKNRUQ1Vgk9u2QyBFOde9u2QfVKCE99:SJo7qG3u5yNu549
TLSH T19FB092EDD6208253314FD538304D94381CBB589A10AC35099053ABF210BA08DE20ABE5
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://boberkurwa.phoneparts.icu:80/gay.shn/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/69635a3b30368802bb7fe73c/reports/e0e2af27-8943-4e6f-8c94-2f8e361903be/overview
Verdict:
Suspicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/4b8884a5bf023d35920a8554d4b3d56deeaf9c5ca8b629bd691e22e25a22c8be
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/fac3bfab-4b5d-4cac-be9b-a93ac58c8860
Behavior Graph:
Download SVG
%3 guuid=ec5fabe4-1a00-0000-7910-0fa8300b0000 pid=2864 /usr/bin/sudo guuid=518795e6-1a00-0000-7910-0fa8360b0000 pid=2870 /tmp/sample.bin guuid=ec5fabe4-1a00-0000-7910-0fa8300b0000 pid=2864->guuid=518795e6-1a00-0000-7910-0fa8360b0000 pid=2870 execve guuid=b9d2d8e6-1a00-0000-7910-0fa8380b0000 pid=2872 /usr/bin/wget dns net send-data guuid=518795e6-1a00-0000-7910-0fa8360b0000 pid=2870->guuid=b9d2d8e6-1a00-0000-7910-0fa8380b0000 pid=2872 execve guuid=6d1746f0-1a00-0000-7910-0fa84f0b0000 pid=2895 /usr/bin/chmod guuid=518795e6-1a00-0000-7910-0fa8360b0000 pid=2870->guuid=6d1746f0-1a00-0000-7910-0fa84f0b0000 pid=2895 execve guuid=fee499f0-1a00-0000-7910-0fa8500b0000 pid=2896 /tmp/gay.sh guuid=518795e6-1a00-0000-7910-0fa8360b0000 pid=2870->guuid=fee499f0-1a00-0000-7910-0fa8500b0000 pid=2896 execve 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=b9d2d8e6-1a00-0000-7910-0fa8380b0000 pid=2872->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 172B
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4b8884a5bf023d35920a8554d4b3d56deeaf9c5ca8b629bd691e22e25a22c8be/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=joeijjn7ai6tleqkqvknjm6vnxxk7hc4vc3ctpljdyroewrczc7a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260111-jz58paew8c/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4b8884a5bf023d35920a8554d4b3d56deeaf9c5ca8b629bd691e22e25a22c8be

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 4b8884a5bf023d35920a8554d4b3d56deeaf9c5ca8b629bd691e22e25a22c8be

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3755903/
  
Delivery method
Distributed via web download

Comments