MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ccd1493e6fb014dda6feb43af9b2dfae927c2d229489018ee5cd5c1757cdf42e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ccd1493e6fb014dda6feb43af9b2dfae927c2d229489018ee5cd5c1757cdf42e
SHA3-384 hash: 0d56ccbe257861f245889c44bffad5dfcd0e66c6cfb413edf624c21fc4dc932736c8adad86d0417d14f0c2f2f36e27ef
SHA1 hash: bfc43318c1239c2dc527941f76762e9f7288519d
MD5 hash: 3029442c647d115b440c5c3cc4f06f5d
humanhash: london-vermont-kitten-cat
File name:ccd1493e6fb014dda6feb43af9b2dfae927c2d229489018ee5cd5c1757cdf42e.sh
Download: download sample
File size:7'505 bytes
First seen:2026-03-13 20:27:30 UTC
Last seen:2026-03-14 15:56:19 UTC
File type: sh
MIME type:text/plain
ssdeep 96:cCusB6n7sht+O+v1fsn+h4+tIicqbA/GsGqZ4BPxfoF:cCuI6nC4hvZ5mzjHObK
TLSH T12DF1C06B21F08B71D3D421C9526656A54E71A74B992A08B8F4BF973ADF2C90370E3F34
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.225.187.6:81/hiddenbin/dvr1.shn/an/aascii bash sh ua-wget
http://ftp.gmail.3-a.net/httpd2n/an/an/a

Intelligence

File Origin
# of uploads :
3
# of downloads :
64
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/69b4735f493cb7d62dfbf278/reports/7078e433-9bad-4030-86f9-45f9440ee4bf/overview
Verdict:
Malicious
File Type:
text
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/ccd1493e6fb014dda6feb43af9b2dfae927c2d229489018ee5cd5c1757cdf42e/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/9d650ae2-232b-46b3-8904-fd4ede30ce53
Behavior Graph:
Download SVG
%3 guuid=c517d0d6-1900-0000-b3de-6053e1080000 pid=2273 /usr/bin/sudo guuid=4bc9b5d9-1900-0000-b3de-6053e7080000 pid=2279 /tmp/sample.bin guuid=c517d0d6-1900-0000-b3de-6053e1080000 pid=2273->guuid=4bc9b5d9-1900-0000-b3de-6053e7080000 pid=2279 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/ccd1493e6fb014dda6feb43af9b2dfae927c2d229489018ee5cd5c1757cdf42e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ccd1493e6fb014dda6feb43af9b2dfae927c2d229489018ee5cd5c1757cdf42e/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/ccd1493e6fb014dda6feb43af9b2dfae927c2d229489018ee5cd5c1757cdf42e
Threat name:
Script-Shell.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-03-13 20:28:17 UTC
File Type:
Text (HTML)
AV detection:
3 of 24 (12.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ztiusptpwakn3jx6wq5ptmw7v2jhyljcsseqddxfzvobov6n6qxa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260313-y83w9ahv2p/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ccd1493e6fb014dda6feb43af9b2dfae927c2d229489018ee5cd5c1757cdf42e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh ccd1493e6fb014dda6feb43af9b2dfae927c2d229489018ee5cd5c1757cdf42e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3783266/
  
Delivery method
Distributed via web download

Comments