MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99232e0223c71c2eef20bfa4a0709201f25d4ed58d083f23e77b719b76172205. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99232e0223c71c2eef20bfa4a0709201f25d4ed58d083f23e77b719b76172205
SHA3-384 hash: 5b20106ca9209ad051a6dc3e41e6577dbe8c943a68b5d7064da4602b929b33f8cc873d06485cacbe499dec6c9502cb65
SHA1 hash: da189d1b0b28014af3577638b034624073b29633
MD5 hash: ec5e7dec92f5d8a51f6dd2157e49999f
humanhash: equal-nebraska-pasta-december
File name:99232e0223c71c2eef20bfa4a0709201f25d4ed58d083f23e77b719b76172205.sh
Download: download sample
File size:11'052 bytes
First seen:2026-02-22 13:18:51 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:cCu4B6csht+O+v1fsn+h4+tIiKqC1yOysuKNpUj4waYvjHUVTuzXlITPioVRJAs:cCuk6p4hvZ5mrFoKNpivbUVazXlITPVP
TLSH T1C532663B11F08B32D3C460D952A65A610E72AB0B452614F5F4FEA72AAF2C90335E7F71
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.20:36695/cat.sh40bec1ee86a5ba5ed620bbe546b09d072481d71356ba2025974c08a0e3f3fb0c Miraigeofenced mirai sh ua-wget USA
http://194.69.203.32:81/hiddenbin/dvr1.shn/an/ageofenced opendir sh ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
9
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/699b02ab97feb4afd651d934/reports/a16b0390-cfc6-4214-8cd1-503bedc84581/overview
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/99232e0223c71c2eef20bfa4a0709201f25d4ed58d083f23e77b719b76172205/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f63604fb-bbd1-4c5b-8c63-abe547364c1f
Behavior Graph:
Download SVG
%3 guuid=8a83f1eb-1b00-0000-6952-1a4c1a0c0000 pid=3098 /usr/bin/sudo guuid=744258ee-1b00-0000-6952-1a4c1f0c0000 pid=3103 /tmp/sample.bin guuid=8a83f1eb-1b00-0000-6952-1a4c1a0c0000 pid=3098->guuid=744258ee-1b00-0000-6952-1a4c1f0c0000 pid=3103 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/99232e0223c71c2eef20bfa4a0709201f25d4ed58d083f23e77b719b76172205
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/99232e0223c71c2eef20bfa4a0709201f25d4ed58d083f23e77b719b76172205/
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-22 13:21:23 UTC
File Type:
Text (HTML)
AV detection:
4 of 38 (10.53%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ters4ardy4oc53zax6ska4esahzf2twvrued6i7hpnyzw5qxeicq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qkwh9sds9h/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/99232e0223c71c2eef20bfa4a0709201f25d4ed58d083f23e77b719b76172205

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 99232e0223c71c2eef20bfa4a0709201f25d4ed58d083f23e77b719b76172205

(this sample)

Mirai

elf afd23239ac37840687f51cdc8cc0e5c1ab0f62bfcc861427a092bd21e07d8dee

Mirai

sh 40bec1ee86a5ba5ed620bbe546b09d072481d71356ba2025974c08a0e3f3fb0c

  
URLhaus
https://urlhaus.abuse.ch/url/3783241/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6127b5deaa894bb3ee1ff144fa36c945
  
Dropping
SHA256 40bec1ee86a5ba5ed620bbe546b09d072481d71356ba2025974c08a0e3f3fb0c

Comments