MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d665d6cfe484c70fd7aa66fbb2cc050a2d1d3ec7a8d524e745bdd3e534913c15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	d665d6cfe484c70fd7aa66fbb2cc050a2d1d3ec7a8d524e745bdd3e534913c15
SHA3-384 hash:	3153de34cea8025abb777ecec4b19d3be453c9ee307022f243739051e1e0e44e5f06f3df8275fdd8a88f4e23e1532e16
SHA1 hash:	3d7b9128b6aff86679e268dc298a8e45fe337765
MD5 hash:	4a68e3dcb833f392cd1d283dd5539677
humanhash:	alanine-monkey-lemon-fanta
File name:	d665d6cfe484c70fd7aa66fbb2cc050a2d1d3ec7a8d524e745bdd3e534913c15.sh
Download:	download sample
File size:	1'908 bytes
First seen:	2026-04-01 10:28:08 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:2HjKZ+DF6205Mlh/WLzoNuI6tz4D0J0yQO4s:2TD9a4/Oow9tz4D40LTs
TLSH	T1784144F2B6385830734E90EDE95471B2B8534BBF05A9BE80F0E29F4C061D56C10767AA
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	JAMESWT_WT
Tags:	miappl-com sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
https://miappl.com/api/debug/event	n/a	n/a	n/a
https://miappl.com/debug/payload.applescript	n/a	n/a	n/a

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Gathering data

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

fingerprint threat unknown

Link:

https://www.filescan.io/uploads/69cd23942346b9da57b6f2ab/reports/3c017a1d-7346-4ae7-8062-0b7bc10e9bd4/overview

Verdict:

Unknown

File Type:

unix shell

Link:

https://opentip.kaspersky.com/d665d6cfe484c70fd7aa66fbb2cc050a2d1d3ec7a8d524e745bdd3e534913c15/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/4edcc2b5-912f-4be6-8d9b-5a82cd9e739e

Behavior Graph:

Download SVG

Score:

10%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/d665d6cfe484c70fd7aa66fbb2cc050a2d1d3ec7a8d524e745bdd3e534913c15

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d665d6cfe484c70fd7aa66fbb2cc050a2d1d3ec7a8d524e745bdd3e534913c15/

Threat name:

Script.Infostealer.Heuristic

Status:

Malicious

First seen:

2026-03-26 12:21:03 UTC

File Type:

Text (Shell)

AV detection:

8 of 36 (22.22%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=2zs5nt7eqtdq7v5km353ftafbiwr2pwhvdksjz2fxxj6knerhqkq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/260401-q7pn8sc15m/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.05

Link:

https://yomi.yoroi.company/submissions/d665d6cfe484c70fd7aa66fbb2cc050a2d1d3ec7a8d524e745bdd3e534913c15

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample