MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb5acc3bacf046bc094492b9435737bf1713f445a9b3c18fc22c94babef63f99. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb5acc3bacf046bc094492b9435737bf1713f445a9b3c18fc22c94babef63f99
SHA3-384 hash: 39f319edd014fe64d1af326560c162f4986dcb9de9080933c04fb89350cdf3e5b22d840a0294461ef5eb8a8cb264b1c6
SHA1 hash: 3ff4c646e5a7ef4ebd6bdd2fa9e36bf7278193c0
MD5 hash: 96af1e488dd634edd3032308f3ab96fd
humanhash: pizza-wyoming-triple-cup
File name:l
Download: download sample
File size:186 bytes
First seen:2026-05-16 16:26:29 UTC
Last seen:2026-05-17 05:47:14 UTC
File type: sh
MIME type:text/plain
ssdeep 3:QnQza1KKjvBffnxEUnTSpDK547/1N0WzOdNN0qXTWOtFIrfft:lOAKjxo/UkqqO2
TLSH T197C0805B0CD104F86C9C19D6F51100506D5AE1EB5451978FA04CF495C4EDC2CF16B553
Magika batch
Reporter BlinkzSec
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://85.11.167.89/bot_mipseln/an/a85-11-167-89 ua-wget

Intelligence

File Origin
# of uploads :
371
# of downloads :
4
Origin country :
ES ES
Vendor Threat Intelligence
No detections
Result
Gathering data
Verdict:
Malicious
File Type:
text
First seen:
2026-05-16T14:16:00Z UTC
Last seen:
2026-05-16T14:35:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/bb5acc3bacf046bc094492b9435737bf1713f445a9b3c18fc22c94babef63f99/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/7cae4ccb-287d-4054-9256-42990d2a8e7c
Behavior Graph:
Download SVG
%3 guuid=4c35070e-1b00-0000-fcbc-5b09f8090000 pid=2552 /usr/bin/sudo guuid=33daa210-1b00-0000-fcbc-5b09ff090000 pid=2559 /tmp/sample.bin guuid=4c35070e-1b00-0000-fcbc-5b09f8090000 pid=2552->guuid=33daa210-1b00-0000-fcbc-5b09ff090000 pid=2559 execve guuid=756afb10-1b00-0000-fcbc-5b09000a0000 pid=2560 /usr/bin/rm guuid=33daa210-1b00-0000-fcbc-5b09ff090000 pid=2559->guuid=756afb10-1b00-0000-fcbc-5b09000a0000 pid=2560 execve guuid=79727311-1b00-0000-fcbc-5b09020a0000 pid=2562 /usr/bin/wget guuid=33daa210-1b00-0000-fcbc-5b09ff090000 pid=2559->guuid=79727311-1b00-0000-fcbc-5b09020a0000 pid=2562 execve
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/bb5acc3bacf046bc094492b9435737bf1713f445a9b3c18fc22c94babef63f99
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xnnmyo5m6bdlyckesk4ugvzxx4lrh5cfvgz4dd6cfsklvpxwh6mq._file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh bb5acc3bacf046bc094492b9435737bf1713f445a9b3c18fc22c94babef63f99

(this sample)

elf f66c76fc096a578444410174ac5bffa1e6dd43f8dfd284bb1a57d53eb6967f11

  
URLhaus
https://urlhaus.abuse.ch/url/3847874/
  
Delivery method
Distributed via web download
  
Dropping
MD5 35b6aca6f75360b78c6d4946aab01483
  
Dropping
SHA256 f66c76fc096a578444410174ac5bffa1e6dd43f8dfd284bb1a57d53eb6967f11

Comments