MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ab3b01abbe49ea654f946e3c5a50e6ee996a2e4d8fdabf91146a788db9949245. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ab3b01abbe49ea654f946e3c5a50e6ee996a2e4d8fdabf91146a788db9949245
SHA3-384 hash: 0811c14586806e0dc19a848e3d0d7c75011a499681a689ffd462b21d55ada2e05e97e4d4631dbec5a9adfb86a8b42254
SHA1 hash: da541e1681b05c9819b7f6276ee4e1c9c83001e1
MD5 hash: db05bff8cb2e3d3a6fdecf63a4606512
humanhash: fanta-minnesota-venus-kilo
File name:ab3b01abbe49ea654f946e3c5a50e6ee996a2e4d8fdabf91146a788db9949245.sh
Download: download sample
File size:21'872 bytes
First seen:2026-02-22 13:20:06 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 384:6L4hvZ5mN9oKNpivjF9+gukIFzITNTXG6:6LUiPN8Hvx
TLSH T12FA27C7620F08A735A9015C4B33317A15F72955745A320B8B4FE2B39AF6AB03B4FF621
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.190.65.223:81/hiddenbin/dvr1.shn/an/aelf ua-wget
http://194.69.203.32:81/hiddenbin/dvr1.shn/an/ageofenced opendir sh ua-wget USA
http://194.69.203.32:81/hiddenbin/raisecom.shn/an/ageofenced opendir sh ua-wget USA
http://196.189.96.138:81/hiddenbin/dvr1.shn/an/an/a
http://hxipzknrsojnitzv.zip/bins/bins.sh652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975 Miraibotnetdomain mirai opendir sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/699b03ffcd25bfe1dfd74b00/reports/09ad77b5-b61e-476c-9705-3d3eb7e1a75e/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/20e652ff-c4de-4d3b-9b15-e4f1cdbec71f
Behavior Graph:
Download SVG
%3 guuid=ea76c462-1900-0000-222c-95ce4b090000 pid=2379 /usr/bin/sudo guuid=cfc02965-1900-0000-222c-95ce50090000 pid=2384 /tmp/sample.bin guuid=ea76c462-1900-0000-222c-95ce4b090000 pid=2379->guuid=cfc02965-1900-0000-222c-95ce50090000 pid=2384 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/ab3b01abbe49ea654f946e3c5a50e6ee996a2e4d8fdabf91146a788db9949245
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ab3b01abbe49ea654f946e3c5a50e6ee996a2e4d8fdabf91146a788db9949245/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vm5qdk56jhvgkt4uny6fuuhg52mwulsnr7nl7eiunj4i3omusjcq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qmjbqadv7e/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ab3b01abbe49ea654f946e3c5a50e6ee996a2e4d8fdabf91146a788db9949245

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh ab3b01abbe49ea654f946e3c5a50e6ee996a2e4d8fdabf91146a788db9949245

(this sample)

faf13e715e1d5c7401a341fab9efca5c1754b22a7bcc8f8405ab8e56dec91190

  
URLhaus
https://urlhaus.abuse.ch/url/3783332/
  
Delivery method
Distributed via web download
  
Dropping
MD5 bf9c16fbb53cb2e70df36493dea6180d
  
Dropping
SHA256 faf13e715e1d5c7401a341fab9efca5c1754b22a7bcc8f8405ab8e56dec91190

Comments