MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2ec21c77fc0ad318efadc8a5accd1d0ed42ccc46b02a15f12a75b11c2ab8aae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a2ec21c77fc0ad318efadc8a5accd1d0ed42ccc46b02a15f12a75b11c2ab8aae
SHA3-384 hash: e0f0505862ddaed46cd7e42a9a399000e5b637ec6efcbabf30afc98597b1d5663a1d84340f8f9e56a3dc45cfdf00ca1f
SHA1 hash: bad379473efbe31a128f2be2afade4b6f0114167
MD5 hash: e95d6050431b86c0639fd10b0f5a2457
humanhash: minnesota-quebec-december-potato
File name:a2ec21c77fc0ad318efadc8a5accd1d0ed42ccc46b02a15f12a75b11c2ab8aae.sh
Download: download sample
File size:15'721 bytes
First seen:2026-02-22 13:20:54 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:cCuolB6Lsht+O+v1fsn+h4+tIiKkC1ymyRyzuKNpUj4waYvjJlVv38Zo8zJwD6fW:cCua6S4hvZ5mN9i/KNpiv2ZkvsMQ+Vd
TLSH T17562563721F04B3297D415C8A3671BA54F76A60B456724B8F4BE5B399F1DA0370EBB20
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.132.125.229/av.shn/an/an/a
http://194.156.102.210/bins/bins.shn/an/an/a
http://182.234.183.31:880/ln/an/an/a
http://196.189.96.138:81/hiddenbin/dvr1.shn/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
35
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive zero-day
Link:
https://www.filescan.io/uploads/699b03e510e80629d4ed303a/reports/3ba3fc6c-c4be-40d4-88a0-b57f00f2f0e1/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a91bdad9-0eb9-46fc-baa6-afb61da56b1b
Behavior Graph:
Download SVG
%3 guuid=d3f636a5-1800-0000-1619-124e550a0000 pid=2645 /usr/bin/sudo guuid=5ae9d4a6-1800-0000-1619-124e5b0a0000 pid=2651 /tmp/sample.bin guuid=d3f636a5-1800-0000-1619-124e550a0000 pid=2645->guuid=5ae9d4a6-1800-0000-1619-124e5b0a0000 pid=2651 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/a2ec21c77fc0ad318efadc8a5accd1d0ed42ccc46b02a15f12a75b11c2ab8aae
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a2ec21c77fc0ad318efadc8a5accd1d0ed42ccc46b02a15f12a75b11c2ab8aae/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/a2ec21c77fc0ad318efadc8a5accd1d0ed42ccc46b02a15f12a75b11c2ab8aae
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ulwcdr37ycwtddx23sffvtgr2dwuftgenmbkcxysu5nrdqvlrkxa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qnfl8adw7g/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh a2ec21c77fc0ad318efadc8a5accd1d0ed42ccc46b02a15f12a75b11c2ab8aae

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3783384/
  
Delivery method
Distributed via web download

Comments