MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 5fb7ef38e1397c6bd636bd31de186865e91d7cca9e20701dd1a594468f424c90. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | 5fb7ef38e1397c6bd636bd31de186865e91d7cca9e20701dd1a594468f424c90 |
|---|---|
| SHA3-384 hash: | d03b1f6a8ee798abd72005036161cdfa86787ff845e301b3c126339a11241c463899b026fb67af0e4febfcaac2853f5b |
| SHA1 hash: | e49b30ca528c504dd1e2c0b618e5829ef0959bce |
| MD5 hash: | 34146748430de6f3de86aedda1b2a380 |
| humanhash: | virginia-oregon-monkey-quiet |
| File name: | wget.sh |
| Download: | download sample |
| File size: | 957 bytes |
| First seen: | 2025-06-22 11:48:34 UTC |
| Last seen: | 2025-06-22 19:26:44 UTC |
| File type: | sh |
| MIME type: | text/plain |
| ssdeep | 24:o6I76IC6IRGNINX6InKP6I96Ig6IGM6I3V6IaR6If6I6f:op7pCpXpn4p9pgpGMp3VpaRpfp6f |
| TLSH | T18311BCEA4019740644259C30703D2E41E68BC7E076A8DB45F4CAD4F7D5A9A3A63B9F4F |
| Magika | shell |
| Reporter |  abuse_ch |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://api.trumdvfb.com/skibidi/cutearm | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutearm5 | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutearm6 | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutearm7 | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutem68k | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutemips | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutempsl | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutepowerpc | n/a | n/a | botnetdomain elf ua-wget |
| http://api.trumdvfb.com/skibidi/cutesh4 | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutex86 | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutex86_64 | n/a | n/a | n/a |
Intelligence
File Origin
# of uploads :
2
# of downloads :
57
Origin country :
DEVendor Threat Intelligence
Verdict:
Clean
Score:
99.9%
Link:
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Tags:
lolbin mirai remote
Status:
terminated
Behavior Graph:
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Threat name:
Document-HTML.Downloader.Heuristic
Status:
Malicious
First seen:
2025-06-22 11:49:31 UTC
File Type:
Text (Shell)
AV detection:
9 of 38 (23.68%)
Threat level:
2/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
3/10
Tags:
n/a
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh 5fb7ef38e1397c6bd636bd31de186865e91d7cca9e20701dd1a594468f424c90
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.