MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 52d77381556bbf65f9e348b343cd94f30e2f450c6eb027a325d6ac63c2457761. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 52d77381556bbf65f9e348b343cd94f30e2f450c6eb027a325d6ac63c2457761
SHA3-384 hash: da831ae9fbed3bf776d2e3eb35606b741b5f2393a7a7014721a58a566011df52a75d90a37e8d4e5e1445f5a523dd04a5
SHA1 hash: ae256ca1431fb8222d291b535faa57acc29a3f57
MD5 hash: 23723c45e69a95b90013912fc3cc5d39
humanhash: moon-arizona-delta-pasta
File name:brr
Download: download sample
File size:588 bytes
First seen:2025-02-24 08:57:25 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:5+E8bpyK8QGkEd86ecjEkKyEXmGcEqX3MSTKNIxEnX93+EkX9:5+E8v8QGkEG6eOEkSW9EqnMSWNIxEnQV
TLSH T1C8F0F4891202220748EC6DF1F0F154A5B302C6CD93AF4EDFED844535894AE30ED319D8
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.143.1.116/nabmipsn/an/an/a
http://193.143.1.116/nabmpsln/an/an/a
http://193.143.1.116/nabarmn/an/an/a
http://193.143.1.116/nabarm5n/an/an/a
http://193.143.1.116/nabarm6n/an/an/a
http://193.143.1.116/nabarm7n/an/an/a

Intelligence


File Origin
# of uploads :
1
# of downloads :
23
Origin country :
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.1%
Tags:
mirai agent virus shell
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Result
Verdict:
UNKNOWN
Threat name:
Linux.Downloader.Generic
Status:
Suspicious
First seen:
2025-02-24 10:08:09 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  3/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 52d77381556bbf65f9e348b343cd94f30e2f450c6eb027a325d6ac63c2457761

(this sample)

  
Delivery method
Distributed via web download

Comments