MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d91ffd1013a8a494e36e8862729d0ed60ffa97b4cbb99122560df8904e6423e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d91ffd1013a8a494e36e8862729d0ed60ffa97b4cbb99122560df8904e6423e
SHA3-384 hash: 35bedbe42d02bc90a7cab434692793782aee11e8951f6288c05a5702fcfc27122d7d9d426b78acfe8ff0d0288f743ac3
SHA1 hash: 3f287066206f46e8c7848ddc63d017fe14b25b6a
MD5 hash: 51a34a59f7c54f06fba5d24aad41267a
humanhash: artist-charlie-delaware-mississippi
File name:4d91ffd1013a8a494e36e8862729d0ed60ffa97b4cbb99122560df8904e6423e.sh
Download: download sample
File size:11'969 bytes
First seen:2026-02-27 13:52:49 UTC
Last seen:2026-02-28 09:39:23 UTC
File type: sh
MIME type:text/plain
ssdeep 96:cCuolB6csht+O+v1fsn+h4+tIiKkC1ymysuKNpUj4waYvjKlWXaEXHArCAr8yIok:cCua6p4hvZ5mN9oKNpivAwRD
TLSH T1EC32567B21F08B32D7D410C963B61A614E72A70B496614B9F4FE5739AF2DA0370E7B21
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.132.125.229/av.shn/an/an/a
http://194.156.102.210/bins/bins.shn/an/an/a
http://2.192.102.162:81/bins/bins.shn/an/an/a
http://116.129.7.63:81/hiddenbin/dvr1.shn/an/an/a
http://hxipzknrsojnitzv.zip/bins/bins.sh652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975 Miraibotnetdomain mirai opendir sh

Intelligence

File Origin
# of uploads :
2
# of downloads :
69
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/69a1a1d197feb4afd65f6013/reports/2a6b2d3d-5fd4-4056-a387-4fa0347601cf/overview
Result
Gathering data
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/4d91ffd1013a8a494e36e8862729d0ed60ffa97b4cbb99122560df8904e6423e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d91ffd1013a8a494e36e8862729d0ed60ffa97b4cbb99122560df8904e6423e/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/4d91ffd1013a8a494e36e8862729d0ed60ffa97b4cbb99122560df8904e6423e
Threat name:
Script-Shell.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-02-27 13:53:23 UTC
File Type:
Text (HTML)
AV detection:
3 of 36 (8.33%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jwi77uibhkfestrw5cdcokoq5vqp7kl3js5zserfmdpysbhgii7a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260227-q643jaay4d/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4d91ffd1013a8a494e36e8862729d0ed60ffa97b4cbb99122560df8904e6423e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 4d91ffd1013a8a494e36e8862729d0ed60ffa97b4cbb99122560df8904e6423e

(this sample)

Mirai

sh 652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975

  
URLhaus
https://urlhaus.abuse.ch/url/3783362/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b8264a3c5d5897320cf7549c149e0052
  
Dropping
SHA256 652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975

Comments