MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5a96e25395408de2cd00a2ffe946c51d0c5c0d70490b2906831f3b38f75d6820. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5a96e25395408de2cd00a2ffe946c51d0c5c0d70490b2906831f3b38f75d6820
SHA3-384 hash: 5489e97ddf6d1110b00b2fc3dbc25c32879c2dbe7944eee18b1beb4e1447f8fae47356010438f9d9ae129111ade234b0
SHA1 hash: 9ccc2dbe28e6f6feb7e827e536e388fbef699abb
MD5 hash: bd2b07a70d035eaf0afc1c5cc3150461
humanhash: sink-uniform-equal-louisiana
File name:wg.sh
Download: download sample
File size:477 bytes
First seen:2024-11-01 00:16:34 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:/CjUu99ibOOFyb8srudGqyipFSGgQrgffYR0wV:0t/ibOOFe8srEVSGRr8+0wV
TLSH T1B5F09E38B43221BB34288472258A7F983D2F3584ED46415AA469B127D46CC9ED430C63
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.2243.22921.15090.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67241ece49e92a05dde22ab6linux22vpnfull_triage
Tags:
agent hype sage
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67241e096f9ec335191c9ede/reports/f96b5959-b375-4758-b3cb-58b6d40055d7/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/5a96e25395408de2cd00a2ffe946c51d0c5c0d70490b2906831f3b38f75d6820
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5a96e25395408de2cd00a2ffe946c51d0c5c0d70490b2906831f3b38f75d6820/
Threat name:
Linux.Trojan.BootNootShell
Create hunting rule
Status:
Malicious
First seen:
2024-11-01 00:17:07 UTC
File Type:
Text
AV detection:
10 of 38 (26.32%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lkloeu4vicg6ftiaul76srwfdugfydlqjefssbudd45tr525naqa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/241101-as7cqstjfz/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5a96e25395408de2cd00a2ffe946c51d0c5c0d70490b2906831f3b38f75d6820

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 5a96e25395408de2cd00a2ffe946c51d0c5c0d70490b2906831f3b38f75d6820

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3268680/
  
Delivery method
Distributed via web download

Comments