MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8f5596aa92afb1658451983bb8c01529e97ad5bce91513dcff1e6d9317affc8d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	8f5596aa92afb1658451983bb8c01529e97ad5bce91513dcff1e6d9317affc8d
SHA3-384 hash:	80a9e8788ac739e42fd3a2ec3659d42216657d0edf399352aaa317e6b6327fe719ed56fbf060749d89d6c537d9666ef6
SHA1 hash:	f564c1881f5c89da9853690e9bf368f028c986bf
MD5 hash:	e318e551721319418aa4bd3ecc73d4b0
humanhash:	avocado-delta-sixteen-summer
File name:	zok
Download:	download sample
File size:	477 bytes
First seen:	2026-06-09 01:09:35 UTC
Last seen:	2026-06-09 05:59:16 UTC
File type:	sh
MIME type:	text/plain
ssdeep	12:/VJ+TNLI5zqiYzkbfEiuy4ghsesFrFBEGghgu+hYuTyisJF8EpASNyiiuyw:NwTNLI5zq7zgyZrTBEGCnuoLpvH
TLSH	T124F0270AE88844BFA03FC89FBBE63DCD110F51552A8B2E2D96B92C47B8B9C4850D1433
Magika	shell
Reporter	abuse_ch
Tags:	sh

Intelligence

File Origin

# of uploads :

236

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Detection(s):

SecuriteInfo.com.Linux.DownLoader.2243.7175.25257.UNOFFICIAL

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6a27ac13bf16337e43bda5c7/reports/a3dac51a-38f6-4278-8706-55f4ef903891/overview

Verdict:

Malicious

File Type:

text

First seen:

2026-06-02T03:55:00Z UTC

Last seen:

2026-06-09T12:58:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/8f5596aa92afb1658451983bb8c01529e97ad5bce91513dcff1e6d9317affc8d/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/78180b53-925d-4f05-8ce1-e61761c2d7f2

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/8f5596aa92afb1658451983bb8c01529e97ad5bce91513dcff1e6d9317affc8d

Gathering data

Threat name:

Script-Shell.Trojan.Geninst

Status:

Malicious

First seen:

2026-06-02 06:41:30 UTC

File Type:

Text (Shell)

AV detection:

14 of 36 (38.89%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=r5kznkusv6ywlbcrta53rqavfhuxvvn45ekrhxh7dzwzgf5p7sgq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260609-gqq2asd15r/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/8f5596aa92afb1658451983bb8c01529e97ad5bce91513dcff1e6d9317affc8d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 8f5596aa92afb1658451983bb8c01529e97ad5bce91513dcff1e6d9317affc8d

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3861372/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample