MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a148452aa349d84efccab96b21cca5d74c1179ddf990ffff647310df88069d01. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a148452aa349d84efccab96b21cca5d74c1179ddf990ffff647310df88069d01
SHA3-384 hash: 038e4fcd854dc6d2b82f5493ef7beb83d456e4a48cac7314387cc1d0c284cdc256d52635b57f1cd9d526e9ad2fe49d90
SHA1 hash: ec15be98aff8aa0c8c73b43e2c75abc2e3d8c679
MD5 hash: 1f782a0eb04c3852316b234703bd8bf0
humanhash: wyoming-lithium-mockingbird-skylark
File name:a148452aa349d84efccab96b21cca5d74c1179ddf990ffff647310df88069d01.sh
Download: download sample
File size:19'374 bytes
First seen:2026-02-22 13:18:35 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:cCuisht+O+v1fsn+h4+tIiKkC1ymysuKNpUj4waYvjH8TitVl4JLRTl7RGdEj87b:cCu34hvZ5mN9oKNpivT8GtNb
TLSH T194928B7A20F14A33969056E4B3B31B904F739657459321A8F8BD2A365F1DB0374EBB22
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://78.97.33.45/rvs6n/an/an/a
http://196.190.65.223:81/hiddenbin/dvr1.shn/an/aelf ua-wget
http://194.69.203.32:81/hiddenbin/dvr1.shn/an/ageofenced opendir sh ua-wget USA
http://196.189.96.138:81/hiddenbin/dvr1.shn/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
6
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/699b02b597feb4afd651d93a/reports/2965a139-ff14-437c-b3b7-a2ec6874683b/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/3b47ad09-b3c3-4e92-b364-1440c3345a63
Behavior Graph:
Download SVG
%3 guuid=a9695918-1b00-0000-c355-f28f7e0b0000 pid=2942 /usr/bin/sudo guuid=a5413d1b-1b00-0000-c355-f28f830b0000 pid=2947 /tmp/sample.bin guuid=a9695918-1b00-0000-c355-f28f7e0b0000 pid=2942->guuid=a5413d1b-1b00-0000-c355-f28f830b0000 pid=2947 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/a148452aa349d84efccab96b21cca5d74c1179ddf990ffff647310df88069d01
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a148452aa349d84efccab96b21cca5d74c1179ddf990ffff647310df88069d01/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ufeekkvdjhme57gkxfvsdtff25gbc6o57gip773eomin7cagtuaq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qksglsds7g/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a148452aa349d84efccab96b21cca5d74c1179ddf990ffff647310df88069d01

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh a148452aa349d84efccab96b21cca5d74c1179ddf990ffff647310df88069d01

(this sample)

faf13e715e1d5c7401a341fab9efca5c1754b22a7bcc8f8405ab8e56dec91190

  
URLhaus
https://urlhaus.abuse.ch/url/3783211/
  
Delivery method
Distributed via web download
  
Dropping
MD5 bf9c16fbb53cb2e70df36493dea6180d
  
Dropping
SHA256 faf13e715e1d5c7401a341fab9efca5c1754b22a7bcc8f8405ab8e56dec91190

Comments