MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6de34ac1b49f1f6866276063c506c5abfd134432f33baa4469a06b5b8c2c257c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6de34ac1b49f1f6866276063c506c5abfd134432f33baa4469a06b5b8c2c257c
SHA3-384 hash: 3f6b2101c8dc9bb43ef8ea6543b219b2814684930aa21cc658cfd37bf0d86558d7d7e33a2ed700e781ec12f34fdd5f9c
SHA1 hash: ce54a05400cb9f0209afb70dc42a25343574d016
MD5 hash: c4dc35ce7548552f53694b22e2d8aa3b
humanhash: happy-violet-sad-ack
File name:m
Download: download sample
File size:554 bytes
First seen:2026-03-01 01:37:38 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:MquhRnFxvhsxFSJFo6WHdvE6pB0g11YHj6X:MfnnDh06vW9v/7gD6X
TLSH T1F9F0EB6400E13C2077FD592C50A0960F5177BF33669B3E2871E1CBF49A6BD803159BD1
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://ext-checkdin.vercel.app/api/tokenln/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/6de34ac1b49f1f6866276063c506c5abfd134432f33baa4469a06b5b8c2c257c
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/6de34ac1b49f1f6866276063c506c5abfd134432f33baa4469a06b5b8c2c257c/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/99015bb5-9a40-442b-82df-a038804dc4ad
Behavior Graph:
Download SVG
%3 guuid=7a294c56-1b00-0000-04c5-6825870c0000 pid=3207 /usr/bin/sudo guuid=d69c8459-1b00-0000-04c5-68258b0c0000 pid=3211 /tmp/sample.bin guuid=7a294c56-1b00-0000-04c5-6825870c0000 pid=3207->guuid=d69c8459-1b00-0000-04c5-68258b0c0000 pid=3211 execve guuid=419dd959-1b00-0000-04c5-68258e0c0000 pid=3214 /usr/bin/mkdir guuid=d69c8459-1b00-0000-04c5-68258b0c0000 pid=3211->guuid=419dd959-1b00-0000-04c5-68258e0c0000 pid=3214 execve guuid=40c3335a-1b00-0000-04c5-68258f0c0000 pid=3215 /usr/bin/clear guuid=d69c8459-1b00-0000-04c5-68258b0c0000 pid=3211->guuid=40c3335a-1b00-0000-04c5-68258f0c0000 pid=3215 execve
Score:
32%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/6de34ac1b49f1f6866276063c506c5abfd134432f33baa4469a06b5b8c2c257c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6de34ac1b49f1f6866276063c506c5abfd134432f33baa4469a06b5b8c2c257c/
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-03-01 02:11:07 UTC
File Type:
Text (Shell)
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nxruvqnut4pwqzrhmbr4kbwfvp6rgrbs6m52urdjubvvxdbmev6a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260301-jjrqcsds5e/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6de34ac1b49f1f6866276063c506c5abfd134432f33baa4469a06b5b8c2c257c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 6de34ac1b49f1f6866276063c506c5abfd134432f33baa4469a06b5b8c2c257c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3787692/
  
Delivery method
Distributed via web download

Comments