MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c3c5a97e9917175dcd22e388e6f9cc60ab85f90e9d4a57dc0228920e456355d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c3c5a97e9917175dcd22e388e6f9cc60ab85f90e9d4a57dc0228920e456355d7
SHA3-384 hash: 1dec125c2c96a1682e7b655a66d031115bc64baca8b8e654044df718de486c4c5dcc269ecce6364d6ce3082aee4b2587
SHA1 hash: 1ad0c2415dd4a94a8860071bb3a313d19490ab95
MD5 hash: be8e14cd2b3591f98c8e0c3600dfb5b3
humanhash: beryllium-earth-maryland-batman
File name:o
Download: download sample
File size:91 bytes
First seen:2025-12-21 09:31:39 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:L6FT7KDQNUCZXLE1aGBzSEyLTUWOevn:L6FTODWloI5v
TLSH T192B0129730543300C404FC087CB71F9C1053C2C134544A1C69F90231CD681043C80D09
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.132.180.48/mipsn/an/aelf geofenced mips ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
29
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/6948124de126b9ff438ad39c/reports/a24029c8-a8c8-4b24-be75-647e6e3e7b36/overview
Verdict:
Suspicious
Labled as:
TrojanDownloader/Linux.Shell
Link:
https://www.hybrid-analysis.com/sample/c3c5a97e9917175dcd22e388e6f9cc60ab85f90e9d4a57dc0228920e456355d7
Verdict:
Malicious
File Type:
text
First seen:
2025-12-21T07:43:00Z UTC
Last seen:
2025-12-21T14:41:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/c3c5a97e9917175dcd22e388e6f9cc60ab85f90e9d4a57dc0228920e456355d7/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/6befee73-8f97-49d8-9a3f-f93e0b067d35
Behavior Graph:
Download SVG
%3 guuid=b4fae611-1a00-0000-9b00-6706170c0000 pid=3095 /usr/bin/sudo guuid=300c0414-1a00-0000-9b00-67061f0c0000 pid=3103 /tmp/sample.bin guuid=b4fae611-1a00-0000-9b00-6706170c0000 pid=3095->guuid=300c0414-1a00-0000-9b00-67061f0c0000 pid=3103 execve guuid=19014014-1a00-0000-9b00-6706200c0000 pid=3104 /usr/bin/rm guuid=300c0414-1a00-0000-9b00-67061f0c0000 pid=3103->guuid=19014014-1a00-0000-9b00-6706200c0000 pid=3104 execve guuid=345fa014-1a00-0000-9b00-6706220c0000 pid=3106 /usr/bin/dash guuid=300c0414-1a00-0000-9b00-67061f0c0000 pid=3103->guuid=345fa014-1a00-0000-9b00-6706220c0000 pid=3106 clone guuid=68b9bd14-1a00-0000-9b00-6706230c0000 pid=3107 /usr/bin/chmod guuid=300c0414-1a00-0000-9b00-67061f0c0000 pid=3103->guuid=68b9bd14-1a00-0000-9b00-6706230c0000 pid=3107 execve guuid=afa32415-1a00-0000-9b00-6706240c0000 pid=3108 /usr/bin/dash guuid=300c0414-1a00-0000-9b00-67061f0c0000 pid=3103->guuid=afa32415-1a00-0000-9b00-6706240c0000 pid=3108 clone
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/c3c5a97e9917175dcd22e388e6f9cc60ab85f90e9d4a57dc0228920e456355d7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c3c5a97e9917175dcd22e388e6f9cc60ab85f90e9d4a57dc0228920e456355d7/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ypc2s7uzc4lv3tjc4oeon6ommcvyl6iotvffpxacfcja4rldkxlq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-lb35ja1pgw/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/c3c5a97e9917175dcd22e388e6f9cc60ab85f90e9d4a57dc0228920e456355d7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh c3c5a97e9917175dcd22e388e6f9cc60ab85f90e9d4a57dc0228920e456355d7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3738762/
  
Delivery method
Distributed via web download

Comments