MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 76e93f078788bea53d954030785191a2cb75326fbb1d0caa9b91b9bfdc3b7572. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 76e93f078788bea53d954030785191a2cb75326fbb1d0caa9b91b9bfdc3b7572
SHA3-384 hash: d1b475ca0b4995767b0d2d81f8a7f0b6d675ef0304e52f7c38d32df2bb6e6e0c4f1cd20bd208891bc9d324f132a5bb52
SHA1 hash: 63c2949380ef9d18a79e1a913e0b622108faf15b
MD5 hash: 57f2bd1ac8e1ac82e5d6e0724ab95f0f
humanhash: princess-seven-twenty-vermont
File name:ftpget.sh
Download: download sample
File size:541 bytes
First seen:2026-03-25 03:57:44 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:eJfXayM9ayMNIgayVwayVoVa+dka+d9mBa+nIva+nn4a+NCHla+Nna0LKiev:eJfKBEBeValao8kquNuntNsMa0LKVv
TLSH T152F04F91BBF13B338A4CEC5AD73706C7118BB04484028ED9248E727BBE748C4D8988A9
Magika txt
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
49
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.BV.Downloader-AEH.97244561.UNOFFICIAL
Create hunting rule

Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/9ebfa873-df3c-44f6-9190-04566615509f
Behavior Graph:
Download SVG
%3 guuid=f2ded3ef-1900-0000-c734-ffb1bc0c0000 pid=3260 /usr/bin/sudo guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268 /tmp/sample.bin guuid=f2ded3ef-1900-0000-c734-ffb1bc0c0000 pid=3260->guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268 execve guuid=61bf17f2-1900-0000-c734-ffb1c60c0000 pid=3270 /usr/bin/rm guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=61bf17f2-1900-0000-c734-ffb1c60c0000 pid=3270 execve guuid=08a766f2-1900-0000-c734-ffb1c70c0000 pid=3271 /usr/bin/busybox net send-data write-file guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=08a766f2-1900-0000-c734-ffb1c70c0000 pid=3271 execve guuid=55ddb115-1a00-0000-c734-ffb1060d0000 pid=3334 /usr/bin/chmod guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=55ddb115-1a00-0000-c734-ffb1060d0000 pid=3334 execve guuid=f00b0e16-1a00-0000-c734-ffb1090d0000 pid=3337 /usr/bin/dash guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=f00b0e16-1a00-0000-c734-ffb1090d0000 pid=3337 clone guuid=221cf517-1a00-0000-c734-ffb10d0d0000 pid=3341 /usr/bin/busybox net send-data write-file guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=221cf517-1a00-0000-c734-ffb10d0d0000 pid=3341 execve guuid=cb72c33c-1a00-0000-c734-ffb1430d0000 pid=3395 /usr/bin/chmod guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=cb72c33c-1a00-0000-c734-ffb1430d0000 pid=3395 execve guuid=6b3d5d3d-1a00-0000-c734-ffb1440d0000 pid=3396 /usr/bin/dash guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=6b3d5d3d-1a00-0000-c734-ffb1440d0000 pid=3396 clone guuid=47f04e3e-1a00-0000-c734-ffb1480d0000 pid=3400 /usr/bin/busybox net send-data write-file guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=47f04e3e-1a00-0000-c734-ffb1480d0000 pid=3400 execve guuid=1c9f6a62-1a00-0000-c734-ffb1890d0000 pid=3465 /usr/bin/chmod guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=1c9f6a62-1a00-0000-c734-ffb1890d0000 pid=3465 execve guuid=18a66b63-1a00-0000-c734-ffb18c0d0000 pid=3468 /usr/bin/dash guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=18a66b63-1a00-0000-c734-ffb18c0d0000 pid=3468 clone guuid=6a3f3564-1a00-0000-c734-ffb1900d0000 pid=3472 /usr/bin/busybox net send-data write-file guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=6a3f3564-1a00-0000-c734-ffb1900d0000 pid=3472 execve guuid=0d94ec84-1a00-0000-c734-ffb1ba0d0000 pid=3514 /usr/bin/chmod guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=0d94ec84-1a00-0000-c734-ffb1ba0d0000 pid=3514 execve guuid=27f56c85-1a00-0000-c734-ffb1bc0d0000 pid=3516 /usr/bin/dash guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=27f56c85-1a00-0000-c734-ffb1bc0d0000 pid=3516 clone guuid=26760188-1a00-0000-c734-ffb1c00d0000 pid=3520 /usr/bin/busybox net send-data write-file guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=26760188-1a00-0000-c734-ffb1c00d0000 pid=3520 execve guuid=c37ebbab-1a00-0000-c734-ffb1f00d0000 pid=3568 /usr/bin/chmod guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=c37ebbab-1a00-0000-c734-ffb1f00d0000 pid=3568 execve guuid=daa130ac-1a00-0000-c734-ffb1f20d0000 pid=3570 /usr/bin/dash guuid=6b01e5f1-1900-0000-c734-ffb1c40c0000 pid=3268->guuid=daa130ac-1a00-0000-c734-ffb1f20d0000 pid=3570 clone 3b5d256f-1c73-5117-a101-dfc6b7ef2c42 91.92.241.94:21 guuid=08a766f2-1900-0000-c734-ffb1c70c0000 pid=3271->3b5d256f-1c73-5117-a101-dfc6b7ef2c42 send: 78B 2c097882-eff3-5838-86e1-f6587d1b78ed 91.92.241.94:45089 guuid=08a766f2-1900-0000-c734-ffb1c70c0000 pid=3271->2c097882-eff3-5838-86e1-f6587d1b78ed con guuid=221cf517-1a00-0000-c734-ffb10d0d0000 pid=3341->3b5d256f-1c73-5117-a101-dfc6b7ef2c42 send: 78B f8bf630a-4049-5380-8e78-912772dcc720 91.92.241.94:35557 guuid=221cf517-1a00-0000-c734-ffb10d0d0000 pid=3341->f8bf630a-4049-5380-8e78-912772dcc720 con guuid=47f04e3e-1a00-0000-c734-ffb1480d0000 pid=3400->3b5d256f-1c73-5117-a101-dfc6b7ef2c42 send: 78B e4ce2bb3-ca36-559c-8f49-b587919250c3 91.92.241.94:37495 guuid=47f04e3e-1a00-0000-c734-ffb1480d0000 pid=3400->e4ce2bb3-ca36-559c-8f49-b587919250c3 con guuid=6a3f3564-1a00-0000-c734-ffb1900d0000 pid=3472->3b5d256f-1c73-5117-a101-dfc6b7ef2c42 send: 78B 8d1607a4-d9e8-5ec1-99ae-af355277d747 91.92.241.94:40485 guuid=6a3f3564-1a00-0000-c734-ffb1900d0000 pid=3472->8d1607a4-d9e8-5ec1-99ae-af355277d747 con guuid=26760188-1a00-0000-c734-ffb1c00d0000 pid=3520->3b5d256f-1c73-5117-a101-dfc6b7ef2c42 send: 78B bab9459d-d8df-541f-b558-e0f58fd72890 91.92.241.94:34999 guuid=26760188-1a00-0000-c734-ffb1c00d0000 pid=3520->bab9459d-d8df-541f-b558-e0f58fd72890 con
Score:
18%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/76e93f078788bea53d954030785191a2cb75326fbb1d0caa9b91b9bfdc3b7572
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/76e93f078788bea53d954030785191a2cb75326fbb1d0caa9b91b9bfdc3b7572/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/76e93f078788bea53d954030785191a2cb75326fbb1d0caa9b91b9bfdc3b7572
Threat name:
Text.Browser.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-03-25 03:58:24 UTC
File Type:
Text (Shell)
AV detection:
1 of 36 (2.78%)
Threat level:
  4/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o3ut6b4hrc7kkpmviayhqumrulfxkmtpxmoqzku3sg437xb3ovza._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260325-ejmzyse12k/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/76e93f078788bea53d954030785191a2cb75326fbb1d0caa9b91b9bfdc3b7572

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 76e93f078788bea53d954030785191a2cb75326fbb1d0caa9b91b9bfdc3b7572

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3804538/
  
Delivery method
Distributed via web download

Comments