MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd46906d64f2f7999dcf0e1f6620e27e53480cc6a4baf2770dcd4c67527c3246. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd46906d64f2f7999dcf0e1f6620e27e53480cc6a4baf2770dcd4c67527c3246
SHA3-384 hash: df948c522de1956240e4f9a17aa7017f9c95c3d908284e43150a64620ded653765eb94ef75244881b229bc0ffdbfac3a
SHA1 hash: 37614f0c60b2d5d3def122c5dd4416b3be1ab44c
MD5 hash: 8cf588b798abac7028a4eea66ec4e03f
humanhash: zebra-network-florida-pluto
File name:bd46906d64f2f7999dcf0e1f6620e27e53480cc6a4baf2770dcd4c67527c3246.sh
Download: download sample
File size:10'474 bytes
First seen:2026-02-22 13:21:13 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:cRu4sjOUw5v+lkab1P14XsrGhtojq55+Whm6Q6fu6fX6fC2d0:cRuVWhh5
TLSH T108226E7025F04C732E316580F3772BA6ABB7A85749A3318C35DE1E265F87B42A5BF412
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.225.74.161/ahn/an/an/a
http://58.152.186.135:880/d.shn/an/an/a
http://196.189.96.138:81/hiddenbin/dvr1.shn/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/699b040c97feb4afd651db10/reports/6d5da622-2651-4de2-932d-4467576c8b1b/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/97ca387a-9455-4c87-87dc-f7531fbfd340
Behavior Graph:
Download SVG
%3 guuid=f57d67aa-1900-0000-fe47-af04610a0000 pid=2657 /usr/bin/sudo guuid=f510d8ad-1900-0000-fe47-af046b0a0000 pid=2667 /tmp/sample.bin guuid=f57d67aa-1900-0000-fe47-af04610a0000 pid=2657->guuid=f510d8ad-1900-0000-fe47-af046b0a0000 pid=2667 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/bd46906d64f2f7999dcf0e1f6620e27e53480cc6a4baf2770dcd4c67527c3246
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd46906d64f2f7999dcf0e1f6620e27e53480cc6a4baf2770dcd4c67527c3246/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/bd46906d64f2f7999dcf0e1f6620e27e53480cc6a4baf2770dcd4c67527c3246
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xvdja3le6l3zthopbypwmihcpzjuqdggus5pe5ynzvggout4gjda._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qnsa1sdx2e/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh bd46906d64f2f7999dcf0e1f6620e27e53480cc6a4baf2770dcd4c67527c3246

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3783400/
  
Delivery method
Distributed via web download

Comments