MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c299c69b4b36e7201e7be9a10cab2408d3ce770bbca740c83f2f378652dd573f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c299c69b4b36e7201e7be9a10cab2408d3ce770bbca740c83f2f378652dd573f
SHA3-384 hash: 6ec37508cf5a948ce12b818baa80847d0654fb879cfe963bc5bfcbfa94f8ca4fcb410bf1bf3f2f747d64141fe8a69647
SHA1 hash: fbe0e8f258112e90f265738df83aff10cbd35621
MD5 hash: 33204a626b72377e18b3cc82edb8c1d6
humanhash: romeo-oranges-west-fish
File name:c299c69b4b36e7201e7be9a10cab2408d3ce770bbca740c83f2f378652dd573f.sh
Download: download sample
File size:12'942 bytes
First seen:2026-02-22 13:19:23 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:cCuO7sht+O+v1fsn+h4+tIicqbA/GsGCuKNppjrwauZow6fS6f16fK6fz6fOAAZ5:cCuOC4hvZ5mzjqKNpan6S
TLSH T12C427A3721F04B72D7D025C8A2661BA14F72A70B496714B4F4BE57399F2DA0374EBB21
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://5.16.162.140:81/hiddenbin/dvr1.shn/an/aelf ua-wget
http://hxipzknrsojnitzv.zip/bins/bins.sh652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975 Miraibotnetdomain mirai opendir sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
21
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/699b041910e80629d4ed308b/reports/d2795a9c-98d7-4f9c-a94d-5cc597727bef/overview
Verdict:
Malicious
File Type:
text
Link:
https://opentip.kaspersky.com/c299c69b4b36e7201e7be9a10cab2408d3ce770bbca740c83f2f378652dd573f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/d988e9d6-8858-4025-8a62-6b723d932335
Behavior Graph:
Download SVG
%3 guuid=afcc65f8-1b00-0000-f7a5-16fba40d0000 pid=3492 /usr/bin/sudo guuid=30c95ffa-1b00-0000-f7a5-16fba50d0000 pid=3493 /tmp/sample.bin guuid=afcc65f8-1b00-0000-f7a5-16fba40d0000 pid=3492->guuid=30c95ffa-1b00-0000-f7a5-16fba50d0000 pid=3493 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/c299c69b4b36e7201e7be9a10cab2408d3ce770bbca740c83f2f378652dd573f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c299c69b4b36e7201e7be9a10cab2408d3ce770bbca740c83f2f378652dd573f/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ykm4ng2lg3tsaht35gqqzkzebdj445ylxstubsb7f43ymuw5k47q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qlb61sdt6f/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c299c69b4b36e7201e7be9a10cab2408d3ce770bbca740c83f2f378652dd573f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh c299c69b4b36e7201e7be9a10cab2408d3ce770bbca740c83f2f378652dd573f

(this sample)

Mirai

sh 652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975

  
URLhaus
https://urlhaus.abuse.ch/url/3783281/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b8264a3c5d5897320cf7549c149e0052
  
Dropping
SHA256 652285d260515c08cfe146ebdd2f5a4977ec490a608c57007abcb5b6f4fd4975

Comments