MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 666abe7af5c43351abba61abe9eda5f99f6b84d7702ee36faefc345eddc54384. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 666abe7af5c43351abba61abe9eda5f99f6b84d7702ee36faefc345eddc54384
SHA3-384 hash: cc067d24dd12292516bbd199d8771ef89825876f672127d9a554fe70a4a5890b958fab53bf589a440f7815a7241d190a
SHA1 hash: 0d3a8d7531556a56b1b3f2367a3fc24acdbb1485
MD5 hash: be7261f4b8536d8a4d7ca92eb249c60e
humanhash: nine-march-lake-uniform
File name:a.sh
Download: download sample
File size:223 bytes
First seen:2026-06-20 20:50:41 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:GRFoLSDFSOdVMsMXuxAjoLSiOOdVv6axAjoLSfIOOdVYgxLoaxAjoLS6fDOdVVEL:SoLW6luSoLxB6aSoLKI+gNoaSoLfmi
TLSH T12AD0C2A4736380DF042AEF58E441689110AB72C822B2D6BDB8165B6E9878D063DA495A
Magika txt
Reporter BlinkzSec

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.2650.31538.22739.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/13abdf11-a2bb-4407-8a02-06a009bba51e
Behavior Graph:
Download SVG
%3 guuid=0b8988f9-1e00-0000-028d-6fe23e140000 pid=5182 /usr/bin/sudo guuid=7d85cbff-1e00-0000-028d-6fe23f140000 pid=5183 /tmp/sample.bin guuid=0b8988f9-1e00-0000-028d-6fe23e140000 pid=5182->guuid=7d85cbff-1e00-0000-028d-6fe23f140000 pid=5183 execve guuid=77897a00-1f00-0000-028d-6fe240140000 pid=5184 /usr/bin/wget net send-data write-file guuid=7d85cbff-1e00-0000-028d-6fe23f140000 pid=5183->guuid=77897a00-1f00-0000-028d-6fe240140000 pid=5184 execve guuid=b8cece13-1f00-0000-028d-6fe241140000 pid=5185 /usr/bin/chmod guuid=7d85cbff-1e00-0000-028d-6fe23f140000 pid=5183->guuid=b8cece13-1f00-0000-028d-6fe241140000 pid=5185 execve guuid=8ca30d15-1f00-0000-028d-6fe242140000 pid=5186 /usr/bin/dash guuid=7d85cbff-1e00-0000-028d-6fe23f140000 pid=5183->guuid=8ca30d15-1f00-0000-028d-6fe242140000 pid=5186 clone guuid=cb606417-1f00-0000-028d-6fe244140000 pid=5188 /usr/bin/wget net send-data write-file guuid=7d85cbff-1e00-0000-028d-6fe23f140000 pid=5183->guuid=cb606417-1f00-0000-028d-6fe244140000 pid=5188 execve guuid=ba01c02d-1f00-0000-028d-6fe245140000 pid=5189 /usr/bin/chmod guuid=7d85cbff-1e00-0000-028d-6fe23f140000 pid=5183->guuid=ba01c02d-1f00-0000-028d-6fe245140000 pid=5189 execve guuid=a1e2ba30-1f00-0000-028d-6fe246140000 pid=5190 /usr/bin/dash guuid=7d85cbff-1e00-0000-028d-6fe23f140000 pid=5183->guuid=a1e2ba30-1f00-0000-028d-6fe246140000 pid=5190 clone guuid=eb1e4a34-1f00-0000-028d-6fe248140000 pid=5192 /usr/bin/wget net send-data write-file guuid=7d85cbff-1e00-0000-028d-6fe23f140000 pid=5183->guuid=eb1e4a34-1f00-0000-028d-6fe248140000 pid=5192 execve guuid=cb9ddb3c-1f00-0000-028d-6fe249140000 pid=5193 /usr/bin/chmod guuid=7d85cbff-1e00-0000-028d-6fe23f140000 pid=5183->guuid=cb9ddb3c-1f00-0000-028d-6fe249140000 pid=5193 execve guuid=ae09a23d-1f00-0000-028d-6fe24a140000 pid=5194 /usr/bin/dash guuid=7d85cbff-1e00-0000-028d-6fe23f140000 pid=5183->guuid=ae09a23d-1f00-0000-028d-6fe24a140000 pid=5194 clone guuid=6513a73e-1f00-0000-028d-6fe24c140000 pid=5196 /usr/bin/wget net send-data write-file guuid=7d85cbff-1e00-0000-028d-6fe23f140000 pid=5183->guuid=6513a73e-1f00-0000-028d-6fe24c140000 pid=5196 execve guuid=f4283744-1f00-0000-028d-6fe24d140000 pid=5197 /usr/bin/chmod guuid=7d85cbff-1e00-0000-028d-6fe23f140000 pid=5183->guuid=f4283744-1f00-0000-028d-6fe24d140000 pid=5197 execve guuid=ae6d5c4b-1f00-0000-028d-6fe24e140000 pid=5198 /usr/bin/dash guuid=7d85cbff-1e00-0000-028d-6fe23f140000 pid=5183->guuid=ae6d5c4b-1f00-0000-028d-6fe24e140000 pid=5198 clone de74995d-5fa7-5949-acf2-23f984ef8d57 87.121.79.223:80 guuid=77897a00-1f00-0000-028d-6fe240140000 pid=5184->de74995d-5fa7-5949-acf2-23f984ef8d57 send: 131B guuid=cb606417-1f00-0000-028d-6fe244140000 pid=5188->de74995d-5fa7-5949-acf2-23f984ef8d57 send: 132B guuid=eb1e4a34-1f00-0000-028d-6fe248140000 pid=5192->de74995d-5fa7-5949-acf2-23f984ef8d57 send: 132B guuid=6513a73e-1f00-0000-028d-6fe24c140000 pid=5196->de74995d-5fa7-5949-acf2-23f984ef8d57 send: 132B
Score:
17%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/666abe7af5c43351abba61abe9eda5f99f6b84d7702ee36faefc345eddc54384
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/666abe7af5c43351abba61abe9eda5f99f6b84d7702ee36faefc345eddc54384/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/666abe7af5c43351abba61abe9eda5f99f6b84d7702ee36faefc345eddc54384
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mzvl46xvyqzvdk52mgv6t3nf7gpwxbgxoaxog35o7q2f5xofioca._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260620-zmzs5shw6l/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/666abe7af5c43351abba61abe9eda5f99f6b84d7702ee36faefc345eddc54384

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments