MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b34241006b130412756e834250f2f73da11f895183040618e030b50b5951da9a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

AMOS

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	b34241006b130412756e834250f2f73da11f895183040618e030b50b5951da9a
SHA3-384 hash:	0f1cb451ec5026fd1fef22ce1b75633f74f66a8ef374be415c399a046fcf6fcbb7a4bfec2b06ea90d3baecd97ca623f4
SHA1 hash:	4be451826ff82123cfcef0cad87903bdf1ae0bbb
MD5 hash:	6a24e208c3bf580408cf34b12531a5fe
humanhash:	thirteen-potato-zulu-chicken
File name:	hbjo8tc0uv.sh
Download:	download sample
Signature	AMOS Create hunting rule
File size:	162 bytes
First seen:	2025-10-27 13:55:46 UTC
Last seen:	2025-10-28 05:48:14 UTC
File type:	sh
MIME type:	text/plain
ssdeep	3:WFBIx8sv3uy9Fb+dNMft9FXOAzLeeymHgmQmk0QQHFxaFOd6HhC:/9vrbsMfbFLebpZnoxa0
TLSH	T178C08CC2863CD471523D0E4EF290E0F4AE4658240BB078A1D805CA8020244B80C0F73C
Magika	shell
Reporter	abuse_ch
Tags:	AMOS sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
https://715.relocatejacket.com/apps.bin	n/a	n/a	n/a

Intelligence

File Origin

# of uploads :

2

# of downloads :

141

Origin country :

DE

Vendor Threat Intelligence

Verdict:

Unknown

File Type:

text

Link:

https://opentip.kaspersky.com/b34241006b130412756e834250f2f73da11f895183040618e030b50b5951da9a/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/fba1c723-caf6-4cbc-9d29-04f1a0737820

Behavior Graph:

Score:

7%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/b34241006b130412756e834250f2f73da11f895183040618e030b50b5951da9a

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b34241006b130412756e834250f2f73da11f895183040618e030b50b5951da9a/

Threat name:

Linux.Downloader.Amos

Status:

Malicious

First seen:

2025-10-27 13:56:37 UTC

File Type:

Text (Shell)

AV detection:

7 of 38 (18.42%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=wnbecadlcmcbe5loqnbfb4xxhwqr7ckrqmcamghagc2qwwkr3kna._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/251027-q8lc7sxmaw/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/b34241006b130412756e834250f2f73da11f895183040618e030b50b5951da9a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh b34241006b130412756e834250f2f73da11f895183040618e030b50b5951da9a

(this sample)

macho 7a8fc48ce4df4448b91a1e6b66410cca6993ac072cb12860b9cfa6438b25ed8e

URLhaus

https://urlhaus.abuse.ch/url/3688668/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3688675/

Dropping

MD5 4e054db5ce4e7c2227fe1ea892b90076

Dropping

SHA256 7a8fc48ce4df4448b91a1e6b66410cca6993ac072cb12860b9cfa6438b25ed8e

URLhaus

https://urlhaus.abuse.ch/url/3688677/

URLhaus

https://urlhaus.abuse.ch/url/3688693/

URLhaus

https://urlhaus.abuse.ch/url/3688695/

URLhaus

https://urlhaus.abuse.ch/url/3688704/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample