MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 853f57f10f84ee3693b67fd18dc67346fa6ad735f8950ecf33443600322c874b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	853f57f10f84ee3693b67fd18dc67346fa6ad735f8950ecf33443600322c874b
SHA3-384 hash:	5003a8d43b010ee83bac31843858edd8cf71940afc5de1ee63a9c2d7d14f7a4f2e88d1f9b52ff377f1038d969b011228
SHA1 hash:	398624d48f4e562c7c2fa8ef99d77abe4696256a
MD5 hash:	625cafe4c186f09ebce1f0f323c1ccf6
humanhash:	freddie-william-thirteen-moon
File name:	shr
Download:	download sample
File size:	472 bytes
First seen:	2026-03-26 03:58:25 UTC
Last seen:	2026-03-26 07:12:51 UTC
File type:	sh
MIME type:	text/plain
ssdeep	12:/VJ+TNLI5epY6iuy4ghsesFrFBEGghgu+hYuTyisJF8EpASNyiiuyw:NwTNLI5e2sZrTBEGCnuoLpvH
TLSH	T1BFF02E19D88448BEA07FC89FBBE73DCE110F5150464B2E2D96B61C03B4BDD185091433
Magika	shell
Reporter	adliwahid
Tags:	sh

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.Linux.DownLoader.2243.32104.28698.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/69c4dcee2346b9da57a7c0a1/reports/39aa177c-cbb7-4d4a-98f3-a1b4c0e99663/overview

Result

Gathering data

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/4ed092ff-87bc-47d0-b797-116e06ed3088

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/853f57f10f84ee3693b67fd18dc67346fa6ad735f8950ecf33443600322c874b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/853f57f10f84ee3693b67fd18dc67346fa6ad735f8950ecf33443600322c874b/

Threat name:

Script-Shell.Trojan.Geninst

Status:

Malicious

First seen:

2026-03-26 04:42:49 UTC

File Type:

Text (Shell)

AV detection:

13 of 36 (36.11%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qu7vp4ipqtxdne5wp7iy3rtti35gvvzv7ckq5tztiq3aamrmq5fq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260326-h2x5escx8t/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/853f57f10f84ee3693b67fd18dc67346fa6ad735f8950ecf33443600322c874b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 853f57f10f84ee3693b67fd18dc67346fa6ad735f8950ecf33443600322c874b

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3805280/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample