MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6be66a8360ccd4411b4216c875501b77a034e35a9a2888edb2910ce0689bd8f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6be66a8360ccd4411b4216c875501b77a034e35a9a2888edb2910ce0689bd8f8
SHA3-384 hash: 30908fc0ba62aeb496cee638e37255edab3d0a4f210b51dff041d1e241baeb3ef05e2bfc6096ddebeaaf841ddeb4ef4a
SHA1 hash: 7fba0f682eb9f2e75b27d91691fc11c434efc641
MD5 hash: bc73955f75a526ed1bd27a2e438bc38c
humanhash: high-solar-wyoming-burger
File name:6be66a8360ccd4411b4216c875501b77a034e35a9a2888edb2910ce0689bd8f8.sh
Download: download sample
File size:9'479 bytes
First seen:2026-02-22 13:21:32 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:cLu7B6y6fOSwxkEgI4GKg+CIBcIBZIBDoYsEKEV/ENE0rEAEpuEFElCvd:cLul6wlXFX2lv+MDxX+r
TLSH T18B12B57125F14C332A605A84B3772BA6ABB7D95385E3318C35DE2E256F87B02B1BF411
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://154.216.17.176/mass.shn/an/an/a
http://38.6.178.140/easy.shn/an/an/a
http://38.6.178.140/easy_cloud.shn/an/an/a
http://38.6.178.140/sh/easy_av_wget.shn/an/an/a
http://154.9.30.146/srb.shn/an/aelf mirai
http://194.156.102.210/bins/bins.shn/an/an/a
http://222.186.52.155:21541/sh/AV.shn/an/abash
http://222.186.52.155:21541/sh/5053.shn/an/an/a
http://59.127.196.190:880/d.shn/an/an/a
http://196.189.96.138:81/hiddenbin/dvr1.shn/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
44
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/699b03a997feb4afd651da4f/reports/91c39c81-007b-4de4-a0ef-0237149603ac/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/01e0a773-6af3-4702-8ba1-62a0528937f1
Behavior Graph:
Download SVG
%3 guuid=8cdd6d93-1900-0000-1645-0c5588090000 pid=2440 /usr/bin/sudo guuid=fcc94396-1900-0000-1645-0c5590090000 pid=2448 /tmp/sample.bin guuid=8cdd6d93-1900-0000-1645-0c5588090000 pid=2440->guuid=fcc94396-1900-0000-1645-0c5590090000 pid=2448 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/6be66a8360ccd4411b4216c875501b77a034e35a9a2888edb2910ce0689bd8f8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6be66a8360ccd4411b4216c875501b77a034e35a9a2888edb2910ce0689bd8f8/
Threat name:
Text.Browser.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-22 13:25:45 UTC
File Type:
Text (HTML)
AV detection:
1 of 36 (2.78%)
Threat level:
  4/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nptgva3aztkecg2cc3ehkua3o6qdjy22tiuir3nssegoa2e33d4a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qpjehadx7c/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 6be66a8360ccd4411b4216c875501b77a034e35a9a2888edb2910ce0689bd8f8

(this sample)

007f065e58d07a799a21a2849a3907334abca1a31392e638d9343126079ca9b5

  
URLhaus
https://urlhaus.abuse.ch/url/3783429/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c488c5f8367ad4612d371973e8aed705
  
Dropping
SHA256 007f065e58d07a799a21a2849a3907334abca1a31392e638d9343126079ca9b5

Comments