MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4548bb1c97de07f52e2e962b6f3c2f389f693cea2adef01447fc4fd2f8686e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	c4548bb1c97de07f52e2e962b6f3c2f389f693cea2adef01447fc4fd2f8686e1
SHA3-384 hash:	d86123635a3519905daf37dc8183c82c5dabb38d83540b6908ffe6453a4c0d7ba575907fd5b1e8c3b9401feaa000744b
SHA1 hash:	729195bcf7d58706fb3090e7fa255565390bb849
MD5 hash:	ad78f368107b262519a674564e471b14
humanhash:	maine-freddie-seventeen-social
File name:	n3881.sh
Download:	download sample
File size:	570 bytes
First seen:	2025-02-24 08:47:23 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:5+E8bfj8QGkEd8JlcjEkKyEXMqcEqX3AWezCKNIxEnXSHkt3+EkX/5:5+E8rj8QGkEGJlOEkScZEqntez3NIxE6
TLSH	T11DF044CC0123260648DCACE2F1F351A53552C6CD96AF4ECBED455038844AA34F975A8C
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://193.143.1.116/nabmips	n/a	n/a	n/a
http://193.143.1.116/nabmpsl	n/a	n/a	n/a
http://193.143.1.116/nabarm	n/a	n/a	n/a
http://193.143.1.116/nabarm5	n/a	n/a	n/a
http://193.143.1.116/nabarm6	n/a	n/a	n/a
http://193.143.1.116/nabarm7	n/a	n/a	n/a

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL

Verdict:

Clean

Score:

89.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67bc324a28ab76d43a5cd243linux22vpnfull_triage

Tags:

n/a

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive

Link:

https://www.filescan.io/uploads/67bc32516222db7f23d9be48/reports/c20882ab-0b3d-4796-b8b3-51787910e133/overview

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/c4548bb1c97de07f52e2e962b6f3c2f389f693cea2adef01447fc4fd2f8686e1

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c4548bb1c97de07f52e2e962b6f3c2f389f693cea2adef01447fc4fd2f8686e1/

Threat name:

Document-HTML.Trojan.Heuristic

Status:

Malicious

First seen:

2025-02-24 08:48:10 UTC

File Type:

Text (Shell)

AV detection:

14 of 23 (60.87%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=yrkixmojpxqh6uxc5frln46c6oe7ne6oukw66akep7cp2l4gq3qq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250224-kqhayatkfn/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/c4548bb1c97de07f52e2e962b6f3c2f389f693cea2adef01447fc4fd2f8686e1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh c4548bb1c97de07f52e2e962b6f3c2f389f693cea2adef01447fc4fd2f8686e1

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3446531/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3446539/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample