MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 7a0b3da343e9ce3e38bf933fe21b31bea9d0b2c28c381baf59c655d17c2d33fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | 7a0b3da343e9ce3e38bf933fe21b31bea9d0b2c28c381baf59c655d17c2d33fb |
|---|---|
| SHA3-384 hash: | fd52eebffe57305b9012844027d1c340159c0a0aa5b3354e9d72831349090f6bc40fc4deafaf784b6682897217b82dc9 |
| SHA1 hash: | 9a84f0448551cd0294337b2657b175a688fee3f2 |
| MD5 hash: | 468d118d95afd541158485f3c5dfa448 |
| humanhash: | quebec-high-arkansas-mango |
| File name: | curl.sh |
| Download: | download sample |
| File size: | 967 bytes |
| First seen: | 2025-06-27 16:56:43 UTC |
| Last seen: | 2025-06-28 22:39:06 UTC |
| File type: | sh |
| MIME type: | text/plain |
| ssdeep | 24:3J3mD0bD0GD0UGNINID0gKQD0XD00D0RND0oD0Z2D07D0v1U:wMvgvBiB+NTi2Yy1U |
| TLSH | T1671166FB00EDB4822B28CC34F0295C0DB1838AF071B1D781F08EE879E1A97361275769 |
| Magika | shell |
| Reporter |  abuse_ch |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://mafia.trumdvfb.com/skibdi/cutearm | n/a | n/a | n/a |
| http://mafia.trumdvfb.com/skibdi/cutearm5 | n/a | n/a | n/a |
| http://mafia.trumdvfb.com/skibdi/cutearm6 | n/a | n/a | n/a |
| http://mafia.trumdvfb.com/skibdi/cutearm7 | n/a | n/a | n/a |
| http://mafia.trumdvfb.com/skibdi/cutem68k | n/a | n/a | n/a |
| http://mafia.trumdvfb.com/skibdi/cutemips | n/a | n/a | n/a |
| http://mafia.trumdvfb.com/skibdi/cutempsl | n/a | n/a | n/a |
| http://mafia.trumdvfb.com/skibdi/cuteppc | n/a | n/a | n/a |
| http://mafia.trumdvfb.com/skibdi/cutesh4 | n/a | n/a | n/a |
| http://mafia.trumdvfb.com/skibdi/cutex86 | n/a | n/a | n/a |
| http://mafia.trumdvfb.com/skibdi/cutex86_64 | n/a | n/a | n/a |
Intelligence
File Origin
# of uploads :
2
# of downloads :
119
Origin country :
DEVendor Threat Intelligence
Detection(s):
Verdict:
Clean
Score:
99.9%
Link:
Tags:
n/a
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Status:
terminated
Behavior Graph:
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Threat name:
Document-HTML.Downloader.Heuristic
Status:
Malicious
First seen:
2025-06-27 16:57:24 UTC
File Type:
Text (Shell)
AV detection:
8 of 38 (21.05%)
Threat level:
2/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
3/10
Tags:
n/a
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh 7a0b3da343e9ce3e38bf933fe21b31bea9d0b2c28c381baf59c655d17c2d33fb
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.