MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b01cd96e5f4399a616968ee1b551c58ba914d238531ce570f99491c2e5e7963e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ngioweb


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b01cd96e5f4399a616968ee1b551c58ba914d238531ce570f99491c2e5e7963e
SHA3-384 hash: dbefe38ce6ceb84dfbf36baa497cbb7a46cc5642f1300e314fbd2c65e7366bdd61bcf31a11d18675eccc97f12f6f6864
SHA1 hash: 736eecb3c931ddf5e3cbc17f6c784707f8d7dc42
MD5 hash: 0df5496a28af4eb2fc9763521e5d41f9
humanhash: east-finch-mississippi-mountain
File name:dvr.jaws.sh
Download: download sample
Signature Ngioweb
Create hunting rule
File size:776 bytes
First seen:2025-11-12 23:56:01 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:FsOFgUsOagUsOfgUsOZgUsOEgUsOBgUsOvmgUsO4mgJ:F7FH7aH7fH7ZH7EH7BH7eH77s
TLSH T19A01009E31707121C468CFC5745DCA386506C3D36599AF15928D5832AECFB0B7267F4E
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.148.153/frost.armv75bd31c712bc667714d6abf1823c3abd23c909831aa83e5597d9e4c8a280da029 Ngiowebelf geofenced Ngioweb ua-wget USA
http://176.65.148.153/frost.armv684f4fd11e3eb8e4202daebe02e1e45f132a8081df97d6ec853fcebe8d1b47c5f Ngiowebelf geofenced Ngioweb ua-wget USA
http://176.65.148.153/frost.armv50ca4e6fd9ab8da9824cc1ef5dd30d5635f505b15f115b12aaf1fad3cc946c5aa Ngiowebelf geofenced Ngioweb ua-wget USA
http://176.65.148.153/frost.mips7e7b6974e650aa30dbc3e3c399ea9f2aeba9c3ede0fa65b4ca12589b95dd8912 Ngiowebelf geofenced Ngioweb ua-wget USA
http://176.65.148.153/frost.mipselb748778a3d29f9927144d643783933a5a72775cf125b27924bcad4ada27a6269 Ngiowebelf geofenced Ngioweb ua-wget USA
http://176.65.148.153/frost.aarch646e506f968ff88fb4eddbc0b99d3c24627b5b8d64a4d8f72e6003586e40f6b37b Ngiowebelf geofenced Ngioweb ua-wget USA
http://176.65.148.153/frost.x863ac2952c0a1f755baa86d7acbac01a08be67beec8cf286a5f59fc9ca2f4e0231 Ngiowebelf geofenced Ngioweb ua-wget USA
http://176.65.148.153/frost.x86_64e4a963b5164ee3baa9afd4ef69c469fa640816742bc232c9c5cbc47f42f2e352 Ngiowebelf geofenced Ngioweb ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
43
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive masquerade mirai
Link:
https://www.filescan.io/uploads/69151eadf9c7a2b9fa609fa8/reports/7b7fe472-3de0-4af4-b033-b65572a90ae6/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-11-12T21:15:00Z UTC
Last seen:
2025-11-12T21:46:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/b01cd96e5f4399a616968ee1b551c58ba914d238531ce570f99491c2e5e7963e/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b01cd96e5f4399a616968ee1b551c58ba914d238531ce570f99491c2e5e7963e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b01cd96e5f4399a616968ee1b551c58ba914d238531ce570f99491c2e5e7963e/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-11-12 23:56:31 UTC
File Type:
Text (Shell)
AV detection:
14 of 37 (37.84%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=waons3s7iom2mfuwr3q3kuofrourjurykmook4hzssi4fzphsy7a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b01cd96e5f4399a616968ee1b551c58ba914d238531ce570f99491c2e5e7963e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Ngioweb

sh b01cd96e5f4399a616968ee1b551c58ba914d238531ce570f99491c2e5e7963e

(this sample)

Ngioweb

elf 5bd31c712bc667714d6abf1823c3abd23c909831aa83e5597d9e4c8a280da029

  
URLhaus
https://urlhaus.abuse.ch/url/3703951/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5cbbdcb216cc97e1fa2d739287e1d9e0
  
Dropping
SHA256 5bd31c712bc667714d6abf1823c3abd23c909831aa83e5597d9e4c8a280da029

Comments