MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e052bfab59ab1e074b7f2a998190e6d6094979bef2e93b59f32ffef096a24d83. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	e052bfab59ab1e074b7f2a998190e6d6094979bef2e93b59f32ffef096a24d83
SHA3-384 hash:	8c309ef78cd00d018e56a931f5333b28143e1d6d9f8bf3a9e365ebbdf4170a1c8f523bc10979c3a72e0e409e7fc2ed5b
SHA1 hash:	e7114e32a05fcd1a8a286e175757f792a3fa21bd
MD5 hash:	efc201a0642ae0c1a1733eebf9f92b9d
humanhash:	fourteen-oranges-zebra-cola
File name:	curl.sh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	1'515 bytes
First seen:	2026-06-24 02:12:07 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:VBvHBq25vFBMxqBCoBtBzBdT4qBxjB5B4b0BTf3ByqtBUgByUx3BpubW:rvhXd7MECcztds6x9f5tyUDycx8C
TLSH	T1293158C822B017FBCED4DD527932E9EE606D84D7BE5758E4640884E36F886C5FC182A5
Magika	shell
Reporter	abuse_ch
Tags:	sh

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

108

Origin country :

DE

Vendor Threat Intelligence

ACCE Unknown

No detections

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

busybox evasive

Link:

https://www.filescan.io/uploads/6a3b3d0f90632a45f7375fe3/reports/68d6a649-9b63-4b5d-9b1e-06044741a3bf/overview

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

text

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p

Link:

https://opentip.kaspersky.com/e052bfab59ab1e074b7f2a998190e6d6094979bef2e93b59f32ffef096a24d83/results?tab=lookup

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/d72082d0-c1ad-4f3e-85e0-d14ef4653175

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/e052bfab59ab1e074b7f2a998190e6d6094979bef2e93b59f32ffef096a24d83

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e052bfab59ab1e074b7f2a998190e6d6094979bef2e93b59f32ffef096a24d83/

Neiki Trojan-Downloader.Shell.Agent

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/e052bfab59ab1e074b7f2a998190e6d6094979bef2e93b59f32ffef096a24d83

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4bjl7k2zvmpaos37fkmydehg2yeus6n66lutwwptf77pbfvcjwbq._file

Hatching Triage Malicious

Result

Malware family:

n/a

Score:

  8/10

Tags:

adware persistence ransomware spyware

Link:

https://tria.ge/reports/260624-cm5cashy3w/

Behaviour

Checks SCSI registry key(s)

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Uses Volume Shadow Copy WMI provider

Uses Volume Shadow Copy service COM API

Enumerates physical storage devices

Enumerates connected drives

Boot or Logon Autostart Execution: Active Setup

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/e052bfab59ab1e074b7f2a998190e6d6094979bef2e93b59f32ffef096a24d83