MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf527adffd3f8f2c4c96e0815174c97899041243a39cce816909765c859d64ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf527adffd3f8f2c4c96e0815174c97899041243a39cce816909765c859d64ce
SHA3-384 hash: 0411d577bf5e6c3874e7efd8f44efc91f31518f5da4161c6cb4c3afcb2393a9dc226a70336edd97446ed8b6fc1eb13c8
SHA1 hash: a815d780195ddcf3ebc1f32eb125d9876f1c1cf3
MD5 hash: b3481213b5ffa7b1b95d591c9b569b2e
humanhash: cold-dakota-romeo-wisconsin
File name:p.sh
Download: download sample
File size:100 bytes
First seen:2026-03-27 15:17:31 UTC
Last seen:2026-03-28 01:26:19 UTC
File type: sh
MIME type:text/plain
ssdeep 3:zBMXBglIa0lIeP4vSXacweFGBzSEyLTUWLY:tfD0trXbgIc
TLSH T1FFB012A720307200C30CB4409C3B8A1E6023C3D111741F0C78ED0730CD44400F810E54
Magika txt
Reporter BlinkzSec
URLMalware sample (SHA256 hash)SignatureTags
http://147.45.60.206/mipsn/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
2
# of downloads :
54
Origin country :
GB GB
Vendor Threat Intelligence
No detections
Result
Gathering data
Verdict:
Malicious
File Type:
text
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/bf527adffd3f8f2c4c96e0815174c97899041243a39cce816909765c859d64ce/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2c428f7f-e687-4f5e-88bf-0b79e258a674
Behavior Graph:
Download SVG
%3 guuid=13edce53-1800-0000-e80c-6e49c50c0000 pid=3269 /usr/bin/sudo guuid=feb54756-1800-0000-e80c-6e49cb0c0000 pid=3275 /tmp/sample.bin guuid=13edce53-1800-0000-e80c-6e49c50c0000 pid=3269->guuid=feb54756-1800-0000-e80c-6e49cb0c0000 pid=3275 execve guuid=7eb8ab56-1800-0000-e80c-6e49cd0c0000 pid=3277 /usr/bin/mkdir guuid=feb54756-1800-0000-e80c-6e49cb0c0000 pid=3275->guuid=7eb8ab56-1800-0000-e80c-6e49cd0c0000 pid=3277 execve guuid=4593f256-1800-0000-e80c-6e49ce0c0000 pid=3278 /usr/bin/rm guuid=feb54756-1800-0000-e80c-6e49cb0c0000 pid=3275->guuid=4593f256-1800-0000-e80c-6e49ce0c0000 pid=3278 execve guuid=98db3757-1800-0000-e80c-6e49d00c0000 pid=3280 /usr/bin/wget net send-data write-file guuid=feb54756-1800-0000-e80c-6e49cb0c0000 pid=3275->guuid=98db3757-1800-0000-e80c-6e49d00c0000 pid=3280 execve guuid=b8c7c685-1800-0000-e80c-6e49230d0000 pid=3363 /usr/bin/chmod guuid=feb54756-1800-0000-e80c-6e49cb0c0000 pid=3275->guuid=b8c7c685-1800-0000-e80c-6e49230d0000 pid=3363 execve guuid=76a32e86-1800-0000-e80c-6e49250d0000 pid=3365 /usr/bin/dash guuid=feb54756-1800-0000-e80c-6e49cb0c0000 pid=3275->guuid=76a32e86-1800-0000-e80c-6e49250d0000 pid=3365 clone 74581207-1437-540f-921e-06f7eaf2023d 147.45.60.206:80 guuid=98db3757-1800-0000-e80c-6e49d00c0000 pid=3280->74581207-1437-540f-921e-06f7eaf2023d send: 132B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/bf527adffd3f8f2c4c96e0815174c97899041243a39cce816909765c859d64ce
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf527adffd3f8f2c4c96e0815174c97899041243a39cce816909765c859d64ce/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/bf527adffd3f8f2c4c96e0815174c97899041243a39cce816909765c859d64ce
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x5jhvx75h6hsytew4cavc5gjpcmqiesduoom5aljbf3fzbm5mtha._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260327-sppydsbz3r/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bf527adffd3f8f2c4c96e0815174c97899041243a39cce816909765c859d64ce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh bf527adffd3f8f2c4c96e0815174c97899041243a39cce816909765c859d64ce

(this sample)

elf 53a9a68387c211ed7e901d98fb2b44437627ec68acbe9f7ac399e5fd0e37026e

  
URLhaus
https://urlhaus.abuse.ch/url/3806382/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f75e922f91c60d37f327d402459995c2
  
Dropping
SHA256 53a9a68387c211ed7e901d98fb2b44437627ec68acbe9f7ac399e5fd0e37026e

Comments