MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 cf7187570cfaebab52d02fb4ea128e415604b32c7654c9b94e9b9a33745b038d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 4
| SHA256 hash: | cf7187570cfaebab52d02fb4ea128e415604b32c7654c9b94e9b9a33745b038d |
|---|---|
| SHA3-384 hash: | 275a59eb852ca76140f1710d305ffc95fc80be916a88a7778b4ec456fab3744ade90ad8593f993a1f11d4b7db34a77ac |
| SHA1 hash: | 2253739b8ed97ce04e31ac7f2e131017d282f783 |
| MD5 hash: | e89c97793cecc0288b0c56d404b90e7f |
| humanhash: | table-cup-november-texas |
| File name: | cf7187570cfaebab52d02fb4ea128e415604b32c7654c9b94e9b9a33745b038d.sh |
| Download: | download sample |
| File size: | 15'894 bytes |
| First seen: | 2026-02-27 14:14:31 UTC |
| Last seen: | Never |
| File type: | sh |
| MIME type: | text/plain |
| ssdeep | 96:cCuisht+O+v1fsn+h4+tIiKqCTyOysYtujtuHKNpUj4waHv6mkQdG/NBr+E+C+O/:cCu34hvZ5m5FG4j4HKNphvUZ/lxuP+D |
| TLSH | T11E62893721F08B3397D055C4A3771BA54FB6A61B456720B8F4FE1A259F1AA0370EBB21 |
| Magika | xml |
| Reporter | |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://38.6.178.140/easy_pass.sh | n/a | n/a | n/a |
| http://38.6.178.140/easy.sh | n/a | n/a | n/a |
| http://38.6.178.140/easy_cloud.sh | n/a | n/a | n/a |
| http://194.156.102.210/bins/bins.sh | n/a | n/a | n/a |
| http://116.129.7.63:81/hiddenbin/dvr1.sh | n/a | n/a | n/a |
Intelligence
File Origin
# of uploads :
1
# of downloads :
84
Origin country :
DEVendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
evasive
Result
Gathering data
Status:
Failed
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Threat name:
Text.Trojan.Generic
Status:
Suspicious
First seen:
2026-02-27 14:15:37 UTC
File Type:
Text (HTML)
AV detection:
2 of 36 (5.56%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
3/10
Tags:
n/a
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh cf7187570cfaebab52d02fb4ea128e415604b32c7654c9b94e9b9a33745b038d
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.