MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b2ea28f14feaf432bf830399cf98469708992ff025503f67053d561cd20c2bf6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b2ea28f14feaf432bf830399cf98469708992ff025503f67053d561cd20c2bf6
SHA3-384 hash: 0ca1abe9e9827e19b87dad500fa9b3417e73f1cc26e03177e3f2e3912f09dd28197f41bd6319f53fc7147b86cb5c73fc
SHA1 hash: 9ff30575ba1d027ba8b2c88e214cd8ce1122ab5b
MD5 hash: f0ef83d20e729fd589b6747c7deed0f7
humanhash: twelve-cardinal-india-kilo
File name:b2ea28f14feaf432bf830399cf98469708992ff025503f67053d561cd20c2bf6.sh
Download: download sample
File size:14'652 bytes
First seen:2026-02-22 13:20:37 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 192:cCu/K6nC4hvZ5mzj7V7jiDDDM79E44+Tt:+C4hvZ5mzjB7joDg79E4J
TLSH T1AF626B7621F08A335B9465C4A33717915FB2A61744A720E8F4FE1E359F5AB03B0FBA21
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://38.6.178.140/easy.shn/an/an/a
http://38.6.178.140/easy_cloud.shn/an/an/a
http://38.6.178.140/sh/easy_av_curl.shn/an/an/a
http://109.205.213.2/download.shn/an/abash curl elf mirai Mozi sh wget
http://194.156.102.210/bins/bins.shn/an/aascii bash sh ua-wget
http://2.192.102.162:81/bins/bins.shn/an/aascii bash sh ua-wget
http://hxipzknrsojnitzv.zip/bins/bins.sh652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975 Miraibotnetdomain mirai opendir sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
48
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/699b040497feb4afd651daf9/reports/417ecf6f-9981-4c04-aa9e-a3152bbf4aae/overview
Verdict:
Malicious
File Type:
text
Link:
https://opentip.kaspersky.com/b2ea28f14feaf432bf830399cf98469708992ff025503f67053d561cd20c2bf6/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/acba86e0-77d0-4e2f-b7fb-d6ae3a68007d
Behavior Graph:
Download SVG
%3 guuid=08d9ab03-2200-0000-5bd4-e0a93e0d0000 pid=3390 /usr/bin/sudo guuid=94950706-2200-0000-5bd4-e0a9460d0000 pid=3398 /tmp/sample.bin guuid=08d9ab03-2200-0000-5bd4-e0a93e0d0000 pid=3390->guuid=94950706-2200-0000-5bd4-e0a9460d0000 pid=3398 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/b2ea28f14feaf432bf830399cf98469708992ff025503f67053d561cd20c2bf6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b2ea28f14feaf432bf830399cf98469708992ff025503f67053d561cd20c2bf6/
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-22 13:27:25 UTC
File Type:
Text (HTML)
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wlvcr4kp5l2dfp4daom47gcgs4ejsl7qevid6zyfhvlbzuqmfp3a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qm6r1sdw5c/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh b2ea28f14feaf432bf830399cf98469708992ff025503f67053d561cd20c2bf6

(this sample)

Mirai

sh 652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975

  
URLhaus
https://urlhaus.abuse.ch/url/3783365/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b8264a3c5d5897320cf7549c149e0052
  
Dropping
SHA256 652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975

Comments