MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5f95aba9daf68ef5a35b7b9c995f0fad4108e5cf3f3c18bf79186aba786aa21a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5f95aba9daf68ef5a35b7b9c995f0fad4108e5cf3f3c18bf79186aba786aa21a
SHA3-384 hash: b580f909960d3665e7f187b3ec4bc5d0a20372a2562b567a70b87704c3e3f4d7343be2b5b5f0b53ddb24b5c137401b88
SHA1 hash: 327b853479b4241ce9ac7bc9e2b1295d28ed9c15
MD5 hash: 651fdd805226237234cd6886a5bd8d76
humanhash: november-lithium-sink-bulldog
File name:5f95aba9daf68ef5a35b7b9c995f0fad4108e5cf3f3c18bf79186aba786aa21a.sh
Download: download sample
File size:1'339 bytes
First seen:2026-02-22 13:21:25 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:chnRUR8fAR25s9HHIuCzCRpYdZeMbHxlc9HH/+6Elc9HHVeN:chRu9RjnB6gM1lwnm6Elwns
TLSH T14921DD7011F11C7326206680B3772F967FB2DD4749A3618C34DE5D396F87B02A2AB452
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.57.112.130/a7le0n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/699b039fcd25bfe1dfd74ab3/reports/b5f8ea25-f98c-4ed6-a432-4b2bb617eed2/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1e76b56a-35fd-4c74-94db-ee2fdb820d5d
Behavior Graph:
Download SVG
%3 guuid=d8e1302a-2200-0000-fe80-0f0da40a0000 pid=2724 /usr/bin/sudo guuid=e46a0c2d-2200-0000-fe80-0f0da90a0000 pid=2729 /tmp/sample.bin guuid=d8e1302a-2200-0000-fe80-0f0da40a0000 pid=2724->guuid=e46a0c2d-2200-0000-fe80-0f0da90a0000 pid=2729 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/5f95aba9daf68ef5a35b7b9c995f0fad4108e5cf3f3c18bf79186aba786aa21a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5f95aba9daf68ef5a35b7b9c995f0fad4108e5cf3f3c18bf79186aba786aa21a/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/5f95aba9daf68ef5a35b7b9c995f0fad4108e5cf3f3c18bf79186aba786aa21a
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=l6k2xko262hpli23poojsxypvvaqrzoph46brp3zdbvlu6dkuina._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qnth3sdx3h/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 5f95aba9daf68ef5a35b7b9c995f0fad4108e5cf3f3c18bf79186aba786aa21a

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3783413/
  
Delivery method
Distributed via web download

Comments