MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 df324fc70c37ddefcdb74feb66c68a42ece374505eff57e8f2bc49a628bef7b1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: df324fc70c37ddefcdb74feb66c68a42ece374505eff57e8f2bc49a628bef7b1
SHA3-384 hash: ef4506c5252d228dc1cf64119da99848f4c8d4a8aeed1e101a4ba6e97f20cf0df9ff64cae51ee15a170f7f9c74d0b4b0
SHA1 hash: 85a9f21f1aaa561ce48bed74e0445b77baa80987
MD5 hash: 6b0088d089632382d9cfa893a80a3fbd
humanhash: juliet-queen-double-kilo
File name:df324fc70c37ddefcdb74feb66c68a42ece374505eff57e8f2bc49a628bef7b1.sh
Download: download sample
File size:1'017 bytes
First seen:2026-02-22 13:20:50 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:cnnRUR8fA+25ob9HHIuCzCRpYdZeI3fdGL/HUeN:cnRu9+HnB6gI3fdc/X
TLSH T11211E3B001F1086326102680B2372F46BBB2EC474993168C38EE6A296F87F13A19B452
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.202.35.35/lol955832fefb424daef7cde635bc0ad9263986554ea4ec120ce92075d0eb1b8767 MiraiGorilla GorillaBotnet mirai sh ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/699b043410e80629d4ed30a1/reports/b89c9a1c-279d-4370-8d80-4103cfd6caaf/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/6584a4ca-40ca-4a38-b72b-26cfbfab5514
Behavior Graph:
Download SVG
%3 guuid=3100028f-1b00-0000-d931-5ae68f0b0000 pid=2959 /usr/bin/sudo guuid=da400291-1b00-0000-d931-5ae6930b0000 pid=2963 /tmp/sample.bin guuid=3100028f-1b00-0000-d931-5ae68f0b0000 pid=2959->guuid=da400291-1b00-0000-d931-5ae6930b0000 pid=2963 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/df324fc70c37ddefcdb74feb66c68a42ece374505eff57e8f2bc49a628bef7b1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/df324fc70c37ddefcdb74feb66c68a42ece374505eff57e8f2bc49a628bef7b1/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=34ze7rymg7o67tnxj7vwnrukilwog5cql37vp2hsxre2mkf666yq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qnby2adw7b/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh df324fc70c37ddefcdb74feb66c68a42ece374505eff57e8f2bc49a628bef7b1

(this sample)

Mirai

sh 955832fefb424daef7cde635bc0ad9263986554ea4ec120ce92075d0eb1b8767

  
URLhaus
https://urlhaus.abuse.ch/url/3783383/
  
Delivery method
Distributed via web download
  
Dropping
MD5 fb40926d0e73e29f58dfad687acfd232
  
Dropping
SHA256 955832fefb424daef7cde635bc0ad9263986554ea4ec120ce92075d0eb1b8767

Comments