MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 9d6d9ee96034ec7ebe1b191dae0ae84916e9cf783bb21a026a9b9ba859d8f76b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 4
| SHA256 hash: | 9d6d9ee96034ec7ebe1b191dae0ae84916e9cf783bb21a026a9b9ba859d8f76b |
|---|---|
| SHA3-384 hash: | 3a76aae79f79192dc3c5542e1e2ceb7211c9b109ea00ec291f1f5283515268fc61931aaef12b3b67f5f094c827159b0a |
| SHA1 hash: | 391ec399f3ef5d9124e9f7f6dd48dda2d11b72d9 |
| MD5 hash: | 0b49f539b834dd3bc6b612b710aab722 |
| humanhash: | failed-one-tango-three |
| File name: | 9d6d9ee96034ec7ebe1b191dae0ae84916e9cf783bb21a026a9b9ba859d8f76b.sh |
| Download: | download sample |
| File size: | 12'355 bytes |
| First seen: | 2026-02-27 13:44:43 UTC |
| Last seen: | Never |
| File type: | sh |
| MIME type: | text/plain |
| ssdeep | 96:cCu3k0B6n7sht+O+v1fsn+h4+tIicqbA/GsGCuKNppjrwaaIBRIB0IBT7IBbJYJN:cCu0g6nC4hvZ5mzjqKNp02LG7hxm+T |
| TLSH | T1DB42357721F08B3297C055C8A2771B614F72970B456714B8F4BE5B2A9F2DA0370EBB61 |
| Magika | xml |
| Reporter | |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://38.6.178.140/easy_pass.sh | n/a | n/a | n/a |
| http://38.6.178.140/easy_cloud.sh | n/a | n/a | n/a |
| http://38.6.178.140/easy_lan.sh | n/a | n/a | n/a |
| http://109.205.213.2/download.sh | n/a | n/a | n/a |
| http://194.156.102.210/bins/bins.sh | n/a | n/a | n/a |
| http://116.129.7.63:81/hiddenbin/dvr1.sh | n/a | n/a | n/a |
Intelligence
File Origin
# of uploads :
1
# of downloads :
66
Origin country :
DEVendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
evasive
Result
Gathering data
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Threat name:
Script-Shell.Trojan.Heuristic
Status:
Malicious
First seen:
2026-02-27 13:45:50 UTC
File Type:
Text (HTML)
AV detection:
3 of 36 (8.33%)
Threat level:
2/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
3/10
Tags:
n/a
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh 9d6d9ee96034ec7ebe1b191dae0ae84916e9cf783bb21a026a9b9ba859d8f76b
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.