MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a4db924fa5418bdcbd22114b0bdba489b40569c4bcc256b99bcae874d8dcfbec. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a4db924fa5418bdcbd22114b0bdba489b40569c4bcc256b99bcae874d8dcfbec
SHA3-384 hash: ab92a5b12c6395242ea9e76ab58ab9ae7b88175ae803e1117ee3ce0eaa57d13e19786d401a225304f5996a731c8a236c
SHA1 hash: cf4f50d82c42d466f8dec2e6c0902f35ec17b115
MD5 hash: 9370d725ca8b004ebcf2f23c0f73d473
humanhash: bakerloo-east-mississippi-thirteen
File name:tftp.sh
Download: download sample
File size:1'693 bytes
First seen:2025-09-03 04:18:44 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:sp6CZEyf6hyp69By367pynx6fkQyrL6ZLy96aNAyz6Ry369ZxyWJh86eGyRt65f:A646869S67Y68N6Zq6ab6+6xJh86eb65
TLSH T1D2319E9055A20971EDA994CB3B4A8C59386768FD0EC7CF7124DC32F2A1ADC40B852357
Magika batch
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/68b7c27b1c81c34281dc7f1f/reports/413c3dcc-a866-45b7-b137-405c33930525/overview
Verdict:
Clean
File Type:
text
Link:
https://opentip.kaspersky.com/a4db924fa5418bdcbd22114b0bdba489b40569c4bcc256b99bcae874d8dcfbec/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/bcf5353b-f155-439e-9f88-dcdd567b5dd6
Behavior Graph:
Download SVG
%3 guuid=d86d444e-1a00-0000-cc30-1b16f1080000 pid=2289 /usr/bin/sudo guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293 /tmp/sample.bin guuid=d86d444e-1a00-0000-cc30-1b16f1080000 pid=2289->guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293 execve guuid=ae1c6450-1a00-0000-cc30-1b16f7080000 pid=2295 /usr/bin/rm guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=ae1c6450-1a00-0000-cc30-1b16f7080000 pid=2295 execve guuid=2a92d550-1a00-0000-cc30-1b16f9080000 pid=2297 /usr/bin/busybox send-data guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=2a92d550-1a00-0000-cc30-1b16f9080000 pid=2297 execve guuid=37dfa053-1d00-0000-cc30-1b16930f0000 pid=3987 /usr/bin/chmod guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=37dfa053-1d00-0000-cc30-1b16930f0000 pid=3987 execve guuid=5949ed53-1d00-0000-cc30-1b16950f0000 pid=3989 /usr/bin/dash guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=5949ed53-1d00-0000-cc30-1b16950f0000 pid=3989 clone guuid=4c4afc53-1d00-0000-cc30-1b16960f0000 pid=3990 /usr/bin/rm guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=4c4afc53-1d00-0000-cc30-1b16960f0000 pid=3990 execve guuid=14025a54-1d00-0000-cc30-1b16980f0000 pid=3992 /usr/bin/busybox send-data guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=14025a54-1d00-0000-cc30-1b16980f0000 pid=3992 execve guuid=77405b57-2000-0000-cc30-1b166a140000 pid=5226 /usr/bin/chmod guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=77405b57-2000-0000-cc30-1b166a140000 pid=5226 execve guuid=decfc058-2000-0000-cc30-1b166b140000 pid=5227 /usr/bin/dash guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=decfc058-2000-0000-cc30-1b166b140000 pid=5227 clone guuid=388bef58-2000-0000-cc30-1b166c140000 pid=5228 /usr/bin/rm guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=388bef58-2000-0000-cc30-1b166c140000 pid=5228 execve guuid=e9abbf59-2000-0000-cc30-1b166d140000 pid=5229 /usr/bin/busybox send-data guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=e9abbf59-2000-0000-cc30-1b166d140000 pid=5229 execve guuid=67411d5d-2300-0000-cc30-1b168e140000 pid=5262 /usr/bin/chmod guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=67411d5d-2300-0000-cc30-1b168e140000 pid=5262 execve guuid=b274aa5d-2300-0000-cc30-1b168f140000 pid=5263 /usr/bin/dash guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=b274aa5d-2300-0000-cc30-1b168f140000 pid=5263 clone guuid=2f26d35d-2300-0000-cc30-1b1690140000 pid=5264 /usr/bin/rm guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=2f26d35d-2300-0000-cc30-1b1690140000 pid=5264 execve guuid=226e4a5e-2300-0000-cc30-1b1691140000 pid=5265 /usr/bin/busybox send-data guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=226e4a5e-2300-0000-cc30-1b1691140000 pid=5265 execve guuid=c6a9bd61-2600-0000-cc30-1b1692140000 pid=5266 /usr/bin/chmod guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=c6a9bd61-2600-0000-cc30-1b1692140000 pid=5266 execve guuid=18504662-2600-0000-cc30-1b1693140000 pid=5267 /usr/bin/dash guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=18504662-2600-0000-cc30-1b1693140000 pid=5267 clone guuid=7d096462-2600-0000-cc30-1b1694140000 pid=5268 /usr/bin/rm guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=7d096462-2600-0000-cc30-1b1694140000 pid=5268 execve guuid=ca6fe062-2600-0000-cc30-1b1695140000 pid=5269 /usr/bin/busybox send-data guuid=e79b1e50-1a00-0000-cc30-1b16f5080000 pid=2293->guuid=ca6fe062-2600-0000-cc30-1b1695140000 pid=5269 execve 52f7e4a8-33bd-535d-9713-083567eabebc 77.83.240.93:69 guuid=2a92d550-1a00-0000-cc30-1b16f9080000 pid=2297->52f7e4a8-33bd-535d-9713-083567eabebc send: 300B guuid=14025a54-1d00-0000-cc30-1b16980f0000 pid=3992->52f7e4a8-33bd-535d-9713-083567eabebc send: 324B guuid=e9abbf59-2000-0000-cc30-1b166d140000 pid=5229->52f7e4a8-33bd-535d-9713-083567eabebc send: 300B guuid=226e4a5e-2300-0000-cc30-1b1691140000 pid=5265->52f7e4a8-33bd-535d-9713-083567eabebc send: 324B guuid=ca6fe062-2600-0000-cc30-1b1695140000 pid=5269->52f7e4a8-33bd-535d-9713-083567eabebc send: 270B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a4db924fa5418bdcbd22114b0bdba489b40569c4bcc256b99bcae874d8dcfbec
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a4db924fa5418bdcbd22114b0bdba489b40569c4bcc256b99bcae874d8dcfbec/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/a4db924fa5418bdcbd22114b0bdba489b40569c4bcc256b99bcae874d8dcfbec
Threat name:
Script.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-09-03 04:05:34 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=utnzet5figf5zpjccffqxw5erg2ak2oextbfnom3zluhjwg47pwa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250903-ex2eha1jy9/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a4db924fa5418bdcbd22114b0bdba489b40569c4bcc256b99bcae874d8dcfbec

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh a4db924fa5418bdcbd22114b0bdba489b40569c4bcc256b99bcae874d8dcfbec

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3615977/
  
Delivery method
Distributed via web download

Comments