MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bdec7d984271432108939a6364481bc52065ae266ff692169951838c178af10f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bdec7d984271432108939a6364481bc52065ae266ff692169951838c178af10f
SHA3-384 hash: ea53c12b7885be3bbd8e1f8c2f0e9c645082a4c87d1e5381b41c70e1fc3ca5603d55832228dc1731569a5b8158b9c91c
SHA1 hash: b6d4ecc1b308b53e2dd24e47f9d1957d958e1613
MD5 hash: 35361da2020078c5f766cfb9cc0a4b54
humanhash: uncle-mockingbird-spaghetti-one
File name:bdec7d984271432108939a6364481bc52065ae266ff692169951838c178af10f.sh
Download: download sample
File size:1'508 bytes
First seen:2026-02-22 13:18:26 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:cniRHRURCxO0tbmN2M1sLobHxlc9HHE/XDCol3H/+5oXDCol3HVeN:cniRxuGRys01lwnE/+ol3m5o+ol3s
TLSH T1B03103B035F188332AA06A40F3732B6A7BB2984744E3218C75EE1A355F87B02B5FF411
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.57.112.130/a7le0n/an/an/a
http://217.12.199.67/avtech.shn/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
14
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/699b02bbd967dbda74ee81c1/reports/88a85294-05e6-4f34-b004-5c9736623194/overview
Verdict:
Malicious
File Type:
text
Link:
https://opentip.kaspersky.com/bdec7d984271432108939a6364481bc52065ae266ff692169951838c178af10f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f18746c7-390b-471c-83a7-4aecc9a8cc35
Behavior Graph:
Download SVG
%3 guuid=667ead15-1900-0000-efd8-1b4dcc090000 pid=2508 /usr/bin/sudo guuid=b76bdb18-1900-0000-efd8-1b4dd3090000 pid=2515 /tmp/sample.bin guuid=667ead15-1900-0000-efd8-1b4dcc090000 pid=2508->guuid=b76bdb18-1900-0000-efd8-1b4dd3090000 pid=2515 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/bdec7d984271432108939a6364481bc52065ae266ff692169951838c178af10f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bdec7d984271432108939a6364481bc52065ae266ff692169951838c178af10f/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xxwh3gccofbsccettjrwisa3yuqgllrgn73jefuzkgbyyf4k6ehq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qkq9jsds6f/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bdec7d984271432108939a6364481bc52065ae266ff692169951838c178af10f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh bdec7d984271432108939a6364481bc52065ae266ff692169951838c178af10f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3783209/
  
Delivery method
Distributed via web download

Comments