MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa661cd6457e783a30a4be81b281af73228a93f5ca23d1ec2639237f4599e4fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa661cd6457e783a30a4be81b281af73228a93f5ca23d1ec2639237f4599e4fe
SHA3-384 hash: b7d9c09f54dc9f39090b0a59af89c4b37b06c58fd00374550b6f63047255c43b7545f9a5753b72e0903cd3a39d996a67
SHA1 hash: d8fbd81937fcc2f96b447d610fcf3341d786744b
MD5 hash: e94486d96c822589ddafd85e4606d386
humanhash: magazine-fillet-bravo-maryland
File name:aa661cd6457e783a30a4be81b281af73228a93f5ca23d1ec2639237f4599e4fe.sh
Download: download sample
File size:2'217 bytes
First seen:2026-02-22 13:21:33 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:cniRxuGRys0/iPdFHPwWYclwnECPZmDl27lwnp6Elwns:cWu4SioVdZqzQs
TLSH T1D441AB7450F14D732A586440B6B32B856F73CA13415322D875EE4E6A5F8AB0266AF821
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.20:36695/cat.sh40bec1ee86a5ba5ed620bbe546b09d072481d71356ba2025974c08a0e3f3fb0c Miraigeofenced mirai sh ua-wget USA
http://60.250.143.121:880/ln/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
44
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/699b03f89eaae846593d9673/reports/505683e5-43d0-4b90-a7e6-852bb8315b95/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/6149fa69-55fe-4995-9e13-ca172e05ffc7
Behavior Graph:
Download SVG
%3 guuid=665e97ae-1f00-0000-5a80-a5edae0a0000 pid=2734 /usr/bin/sudo guuid=81f5afb0-1f00-0000-5a80-a5edb50a0000 pid=2741 /tmp/sample.bin guuid=665e97ae-1f00-0000-5a80-a5edae0a0000 pid=2734->guuid=81f5afb0-1f00-0000-5a80-a5edb50a0000 pid=2741 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/aa661cd6457e783a30a4be81b281af73228a93f5ca23d1ec2639237f4599e4fe
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aa661cd6457e783a30a4be81b281af73228a93f5ca23d1ec2639237f4599e4fe/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vjtbzvsfpz4dumfex2a3fanpomrive7vzir5d3bgherx6rmz4t7a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qpljvsdx7d/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh aa661cd6457e783a30a4be81b281af73228a93f5ca23d1ec2639237f4599e4fe

(this sample)

Mirai

elf afd23239ac37840687f51cdc8cc0e5c1ab0f62bfcc861427a092bd21e07d8dee

Mirai

sh 40bec1ee86a5ba5ed620bbe546b09d072481d71356ba2025974c08a0e3f3fb0c

  
URLhaus
https://urlhaus.abuse.ch/url/3783431/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6127b5deaa894bb3ee1ff144fa36c945
  
Dropping
SHA256 40bec1ee86a5ba5ed620bbe546b09d072481d71356ba2025974c08a0e3f3fb0c

Comments