MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e1f562de3b415bcca5b5fbbae59cb76b1514330a7e6393a0b2f2eea4b92b6e6c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e1f562de3b415bcca5b5fbbae59cb76b1514330a7e6393a0b2f2eea4b92b6e6c
SHA3-384 hash: 05fa03272328e88a7d0939f4742438e3b525714fd17b333b34d003fb294708ec01cd7b0787705f0a55080a0f721d4987
SHA1 hash: f3dbc190959821ec316e3ed3e4a2a8f175a16131
MD5 hash: f03d09e398e0e6de4c897785286b2f4f
humanhash: finch-white-black-nevada
File name:e1f562de3b415bcca5b5fbbae59cb76b1514330a7e6393a0b2f2eea4b92b6e6c.sh
Download: download sample
File size:12'195 bytes
First seen:2026-02-22 13:20:14 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:cCuiB6csht+O+v1fsn+h4+tIiKqCTyOysYtujtuHKNpUj4waHv6NCxml1lJje4Vx:cCuW6p4hvZ5m5FG4j4HKNphvMNLx
TLSH T10742487B21F08B3297D010C962B61BA14F72970B456614B9F4FE6736AF2DA0371E7B60
Magika xml
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://144.202.68.196/te2n/an/an/a
http://144.202.68.196/ht2n/an/an/a
http://85.209.40.116/az2n/an/an/a
http://45.141.157.124/arrn/an/an/a
http://38.6.178.140/easy_lan.shn/an/an/a
http://ztccds.freesfocss.com/zt_armn/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/699b043ccd25bfe1dfd74b2b/reports/1e6f32be-f288-4344-87f4-90eb0878ba16/overview
Verdict:
Clean
File Type:
text
Link:
https://opentip.kaspersky.com/e1f562de3b415bcca5b5fbbae59cb76b1514330a7e6393a0b2f2eea4b92b6e6c/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/40f67ecb-f8dd-489f-8d2c-b898e65c9ba4
Behavior Graph:
Download SVG
%3 guuid=81c13554-2100-0000-5164-3376de090000 pid=2526 /usr/bin/sudo guuid=7fadcc56-2100-0000-5164-3376e2090000 pid=2530 /tmp/sample.bin guuid=81c13554-2100-0000-5164-3376de090000 pid=2526->guuid=7fadcc56-2100-0000-5164-3376e2090000 pid=2530 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/e1f562de3b415bcca5b5fbbae59cb76b1514330a7e6393a0b2f2eea4b92b6e6c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e1f562de3b415bcca5b5fbbae59cb76b1514330a7e6393a0b2f2eea4b92b6e6c/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/e1f562de3b415bcca5b5fbbae59cb76b1514330a7e6393a0b2f2eea4b92b6e6c
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4h2wfxr3ifn4zjnv7o5olhfxnmkrimykpzrzhifs6lxkjojlnzwa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260222-qmq2kadv9c/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e1f562de3b415bcca5b5fbbae59cb76b1514330a7e6393a0b2f2eea4b92b6e6c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh e1f562de3b415bcca5b5fbbae59cb76b1514330a7e6393a0b2f2eea4b92b6e6c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3783355/
  
Delivery method
Distributed via web download

Comments