MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf7187570cfaebab52d02fb4ea128e415604b32c7654c9b94e9b9a33745b038d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	cf7187570cfaebab52d02fb4ea128e415604b32c7654c9b94e9b9a33745b038d
SHA3-384 hash:	275a59eb852ca76140f1710d305ffc95fc80be916a88a7778b4ec456fab3744ade90ad8593f993a1f11d4b7db34a77ac
SHA1 hash:	2253739b8ed97ce04e31ac7f2e131017d282f783
MD5 hash:	e89c97793cecc0288b0c56d404b90e7f
humanhash:	table-cup-november-texas
File name:	cf7187570cfaebab52d02fb4ea128e415604b32c7654c9b94e9b9a33745b038d.sh
Download:	download sample
File size:	15'894 bytes
First seen:	2026-02-27 14:14:31 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	96:cCuisht+O+v1fsn+h4+tIiKqCTyOysYtujtuHKNpUj4waHv6mkQdG/NBr+E+C+O/:cCu34hvZ5m5FG4j4HKNphvUZ/lxuP+D
TLSH	T11E62893721F08B3397D055C4A3771BA54FB6A61B456720B8F4FE1A259F1AA0370EBB21
Magika	xml
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://38.6.178.140/easy_pass.sh	n/a	n/a	n/a
http://38.6.178.140/easy.sh	n/a	n/a	n/a
http://38.6.178.140/easy_cloud.sh	n/a	n/a	n/a
http://194.156.102.210/bins/bins.sh	n/a	n/a	n/a
http://116.129.7.63:81/hiddenbin/dvr1.sh	n/a	n/a	n/a

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive

Link:

https://www.filescan.io/uploads/69a1a70497feb4afd65f6b44/reports/cea87882-914a-493a-92ca-80779e2abf6d/overview

Result

Gathering data

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/b0269b03-9db4-4e80-82a7-531c4c3c8d62

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/cf7187570cfaebab52d02fb4ea128e415604b32c7654c9b94e9b9a33745b038d

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/cf7187570cfaebab52d02fb4ea128e415604b32c7654c9b94e9b9a33745b038d/

Verdict:

Clean

Link:

https://tip.neiki.dev/file/cf7187570cfaebab52d02fb4ea128e415604b32c7654c9b94e9b9a33745b038d

Threat name:

Text.Trojan.Generic

Status:

Suspicious

First seen:

2026-02-27 14:15:37 UTC

File Type:

Text (HTML)

AV detection:

2 of 36 (5.56%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=z5yyovym7lv2wuwqf62oueuoiflajmzmozkmtokotondg5c3aogq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260227-rktkcaaz9a/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/cf7187570cfaebab52d02fb4ea128e415604b32c7654c9b94e9b9a33745b038d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh cf7187570cfaebab52d02fb4ea128e415604b32c7654c9b94e9b9a33745b038d

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3783409/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample