MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4dfac6f519d130bc165c1af3a9d9197e8048525750ee4789def32eb04704648e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4dfac6f519d130bc165c1af3a9d9197e8048525750ee4789def32eb04704648e
SHA3-384 hash: fedcd9587005d1d6e61612fbf3581af4cf59914c8eba735cc246029176319817060702039e8f9681277782b0a8835e53
SHA1 hash: 07a3fc021f3563589857ae4f46aca371144c7506
MD5 hash: 50806e84d552294c6f4d539d34aa5f9a
humanhash: saturn-purple-rugby-bravo
File name:wget.sh
Download: download sample
File size:1'177 bytes
First seen:2025-07-10 17:13:55 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:JaC3baBIeauNNIUuiuYcn4K6AUmrnAjGYTNmBYEhSu6jfFWV2fxv:Y2HqPmrAjGmNmBlT6YV2fp
TLSH T1F7212F8D0F23508B96384F32F45B47A91A8F42D2F5F8EE9162CD1C735588714B035E1B
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.116.143/HBTs/HBTs/top1miku.armn/an/aelf ua-wget
http://196.251.116.143/HBTs/HBTs/top1miku.arm5n/an/aelf ua-wget
http://196.251.116.143/HBTs/HBTs/top1miku.arm6n/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.arm7n/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.m68kn/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.mipsn/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.mpsln/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.ppcn/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.sh4n/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.spcn/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.x86n/an/aelf ua-wget
http://196.251.116.143/HBTs/top1miku.x86_64n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
25
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=686ff4eac9eb974737681e76linux22vpnfull_triage
Tags:
agent hype sage
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/686ff4ff30bf733323369a02/reports/fef8254e-9058-4179-a346-c05aff985805/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f64583af-8585-4ae5-bb2a-277f53040168
Behavior Graph:
Download SVG
%3 guuid=b038299e-1a00-0000-2f03-ec0d6c0b0000 pid=2924 /usr/bin/sudo guuid=152e88a0-1a00-0000-2f03-ec0d730b0000 pid=2931 /tmp/sample.bin guuid=b038299e-1a00-0000-2f03-ec0d6c0b0000 pid=2924->guuid=152e88a0-1a00-0000-2f03-ec0d730b0000 pid=2931 execve guuid=ee5930a1-1a00-0000-2f03-ec0d740b0000 pid=2932 /usr/bin/wget guuid=152e88a0-1a00-0000-2f03-ec0d730b0000 pid=2931->guuid=ee5930a1-1a00-0000-2f03-ec0d740b0000 pid=2932 execve
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/4dfac6f519d130bc165c1af3a9d9197e8048525750ee4789def32eb04704648e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4dfac6f519d130bc165c1af3a9d9197e8048525750ee4789def32eb04704648e/
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-07-10 17:14:13 UTC
File Type:
Text (Shell)
AV detection:
14 of 23 (60.87%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=jx5mn5iz2eylyfs4dlz2twizp2aequsxkdxepco66mxlaryemsha._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250710-vr39xavmt9/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4dfac6f519d130bc165c1af3a9d9197e8048525750ee4789def32eb04704648e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 4dfac6f519d130bc165c1af3a9d9197e8048525750ee4789def32eb04704648e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3579487/
  
Delivery method
Distributed via web download

Comments