MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d8f74b998efbe802ac8ca9a3b66abe104ff01bd71d5e393b186844030ec01deb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d8f74b998efbe802ac8ca9a3b66abe104ff01bd71d5e393b186844030ec01deb
SHA3-384 hash: 1ea6f0ff69c66a931e63dc431224865fb70ee2c772e0d25dea0c5d837ed5dd2d478199a089c03db85cf123101da00f8f
SHA1 hash: 284850db1471f632de71cccf9f21e104ba3a3da9
MD5 hash: 5b14d0b3f2e3629e5b8e0fa04c66a1cd
humanhash: illinois-hamper-delta-avocado
File name:d8f74b998efbe802ac8ca9a3b66abe104ff01bd71d5e393b186844030ec01deb.sh
Download: download sample
File size:15'896 bytes
First seen:2026-02-22 13:21:22 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:cCuisht+O+v1fsn+h4+tIiKqCTyOysYtujtuHKNpUj4waHv6mkQdG/NBr+E+C+OP:cCu34hvZ5m5FG4j4HKNphvUZ/lxuP+L
TLSH T137627A3721F04B339BD055C4A3771BA54FB6A61B456720B8F4FE1A259F1AA0370EBB21
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://38.6.178.140/easy_pass.shn/an/an/a
http://38.6.178.140/easy.shn/an/an/a
http://38.6.178.140/easy_cloud.shn/an/an/a
http://194.156.102.210/bins/bins.shn/an/an/a
http://196.189.96.138:81/hiddenbin/dvr1.shn/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
43
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/699b042fcd25bfe1dfd74b24/reports/abdcc9d8-a50f-4569-a186-0f4d689d7c65/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ecbbf06f-43a1-4021-80e7-137e56198037
Behavior Graph:
Download SVG
%3 guuid=fec2ed41-1b00-0000-2af8-cf65000b0000 pid=2816 /usr/bin/sudo guuid=031c9a44-1b00-0000-2af8-cf65080b0000 pid=2824 /tmp/sample.bin guuid=fec2ed41-1b00-0000-2af8-cf65000b0000 pid=2816->guuid=031c9a44-1b00-0000-2af8-cf65080b0000 pid=2824 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/d8f74b998efbe802ac8ca9a3b66abe104ff01bd71d5e393b186844030ec01deb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d8f74b998efbe802ac8ca9a3b66abe104ff01bd71d5e393b186844030ec01deb/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3d3uxgmo7puaflemvgr3m2v6cbh7ag6xdvpdsoyynbcagdwadxvq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qnth3sdx3f/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh d8f74b998efbe802ac8ca9a3b66abe104ff01bd71d5e393b186844030ec01deb

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3783409/
  
Delivery method
Distributed via web download

Comments