MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 99232e0223c71c2eef20bfa4a0709201f25d4ed58d083f23e77b719b76172205. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 4
| SHA256 hash: | 99232e0223c71c2eef20bfa4a0709201f25d4ed58d083f23e77b719b76172205 |
|---|---|
| SHA3-384 hash: | 5b20106ca9209ad051a6dc3e41e6577dbe8c943a68b5d7064da4602b929b33f8cc873d06485cacbe499dec6c9502cb65 |
| SHA1 hash: | da189d1b0b28014af3577638b034624073b29633 |
| MD5 hash: | ec5e7dec92f5d8a51f6dd2157e49999f |
| humanhash: | equal-nebraska-pasta-december |
| File name: | 99232e0223c71c2eef20bfa4a0709201f25d4ed58d083f23e77b719b76172205.sh |
| Download: | download sample |
| File size: | 11'052 bytes |
| First seen: | 2026-02-22 13:18:51 UTC |
| Last seen: | Never |
| File type: | sh |
| MIME type: | text/plain |
| ssdeep | 96:cCu4B6csht+O+v1fsn+h4+tIiKqC1yOysuKNpUj4waYvjHUVTuzXlITPioVRJAs:cCuk6p4hvZ5mrFoKNpivbUVazXlITPVP |
| TLSH | T1C532663B11F08B32D3C460D952A65A610E72AB0B452614F5F4FEA72AAF2C90335E7F71 |
| Magika | xml |
| Reporter | |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://130.12.180.20:36695/cat.sh | 40bec1ee86a5ba5ed620bbe546b09d072481d71356ba2025974c08a0e3f3fb0c | Mirai | geofenced mirai sh ua-wget USA |
| http://194.69.203.32:81/hiddenbin/dvr1.sh | n/a | n/a | geofenced opendir sh ua-wget USA |
Intelligence
File Origin
# of uploads :
1
# of downloads :
9
Origin country :
DEVendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
busybox evasive
Verdict:
Unknown
File Type:
text
Status:
terminated
Behavior Graph:
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Threat name:
Text.Trojan.Generic
Status:
Suspicious
First seen:
2026-02-22 13:21:23 UTC
File Type:
Text (HTML)
AV detection:
4 of 38 (10.53%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
3/10
Tags:
n/a
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh 99232e0223c71c2eef20bfa4a0709201f25d4ed58d083f23e77b719b76172205
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.