MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a76252fb3847bc1eec8ade602e18dce1a8d7fdd46d43ac60d2fb17f0a9c91d9b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a76252fb3847bc1eec8ade602e18dce1a8d7fdd46d43ac60d2fb17f0a9c91d9b
SHA3-384 hash: ee25884fc88bcbedf1b0dccbeb63cfa846368d547b848bd2d55bfbeb85840ee505a17b06cbec3ceaa6f35a18b50bd11b
SHA1 hash: e60b6db81fb4da2705ea2f6fcd650575b54c8a74
MD5 hash: 5d6b1f910815ab128fc6625a1dc92826
humanhash: pluto-stairway-purple-cola
File name:a76252fb3847bc1eec8ade602e18dce1a8d7fdd46d43ac60d2fb17f0a9c91d9b.sh
Download: download sample
File size:12'848 bytes
First seen:2026-02-22 13:19:50 UTC
Last seen:2026-02-23 11:05:38 UTC
File type: sh
MIME type:text/plain
ssdeep 96:cRrqB6uL/7pydbpleU1eUGpE9pNZeUF/eU6inFdLeUndpZdNdVdtdWddd1uPuFum:cRrO6XeweOeke4eF
TLSH T1F342D4B435F14C731E611A40B23727B56BB7945749E3218C39DD2F39AFA6B02A4FE421
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.190.65.223:81/hiddenbin/dvr1.shn/an/aelf ua-wget
http://194.69.203.32:81/hiddenbin/dvr1.shn/an/ageofenced opendir sh ua-wget USA
http://194.69.203.32:81/hiddenbin/raisecom.shn/an/ageofenced opendir sh ua-wget USA
http://5.16.162.140:81/hiddenbin/dvr1.shn/an/aelf ua-wget
http://196.189.96.138:81/hiddenbin/dvr1.shn/an/aua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
40
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/699b03f697feb4afd651dadf/reports/ca857193-6eaa-4d2a-9379-7b3c0e91dd9a/overview
Verdict:
Clean
File Type:
text
Link:
https://opentip.kaspersky.com/a76252fb3847bc1eec8ade602e18dce1a8d7fdd46d43ac60d2fb17f0a9c91d9b/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/c3a02a61-e2a2-4112-82da-b9a09d02cb79
Behavior Graph:
Download SVG
%3 guuid=2208dea3-1c00-0000-b0dd-174b140a0000 pid=2580 /usr/bin/sudo guuid=9707afa6-1c00-0000-b0dd-174b1d0a0000 pid=2589 /tmp/sample.bin guuid=2208dea3-1c00-0000-b0dd-174b140a0000 pid=2580->guuid=9707afa6-1c00-0000-b0dd-174b1d0a0000 pid=2589 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/a76252fb3847bc1eec8ade602e18dce1a8d7fdd46d43ac60d2fb17f0a9c91d9b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a76252fb3847bc1eec8ade602e18dce1a8d7fdd46d43ac60d2fb17f0a9c91d9b/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/a76252fb3847bc1eec8ade602e18dce1a8d7fdd46d43ac60d2fb17f0a9c91d9b
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-22 13:26:31 UTC
File Type:
Text (HTML)
AV detection:
5 of 24 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=u5rff6zyi66b53ek3zqc4gg44gunp7ounvb2yygs7ml7bkojdwnq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-ql544adv4f/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a76252fb3847bc1eec8ade602e18dce1a8d7fdd46d43ac60d2fb17f0a9c91d9b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh a76252fb3847bc1eec8ade602e18dce1a8d7fdd46d43ac60d2fb17f0a9c91d9b

(this sample)

faf13e715e1d5c7401a341fab9efca5c1754b22a7bcc8f8405ab8e56dec91190

  
URLhaus
https://urlhaus.abuse.ch/url/3783306/
  
Delivery method
Distributed via web download
  
Dropping
MD5 bf9c16fbb53cb2e70df36493dea6180d
  
Dropping
SHA256 faf13e715e1d5c7401a341fab9efca5c1754b22a7bcc8f8405ab8e56dec91190

Comments