MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e359935af4f7bc74ecb302eb7c49978c5e1c822d86f55c115cb99af12d09d4fa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

ConnectBack

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	e359935af4f7bc74ecb302eb7c49978c5e1c822d86f55c115cb99af12d09d4fa
SHA3-384 hash:	90e0d367fa676f52dd090c9c30685226df9ce6fb3e3d714095609a1f212fea1e01523c77c210081285227afb5a790f14
SHA1 hash:	62d1e00402cd1d65fcb14b7b9ca3ae12540ba89f
MD5 hash:	27661cd79ab7cdbe91ede691cb3290ff
humanhash:	red-neptune-stairway-mars
File name:	aaa.sh
Download:	download sample
Signature	ConnectBack Create hunting rule
File size:	628 bytes
First seen:	2025-08-05 20:45:49 UTC
Last seen:	2025-08-06 04:29:04 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	12:lR3FiygEMX9gu2blGZxNJhnEHre8Og0uFF/BGNMBywN2niH+:fhcX9guKmnEHre8CKNBGNKH+
TLSH	T12CF07D8C010A347719F96638632A463CEAC494A744E57C30F795477478644AAD3B8F95
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://103.43.18.19:16788/mshell	83292aeef70102ce9350de34fbb6be40a2eb17aa4f3b9a30322ae8f208c79e44	ConnectBack	ConnectBack ua-wget

Intelligence

File Origin

# of uploads :

2

# of downloads :

34

Origin country :

DE

Vendor Threat Intelligence

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/68926d9f2fbe0788fb1a38a9/reports/6bf5ba30-7f53-48ec-af68-a3edc3d8a31e/overview

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/2a2f67e1-64b3-489f-b472-ce076d8e9645

Behavior Graph:

Score:

5%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/e359935af4f7bc74ecb302eb7c49978c5e1c822d86f55c115cb99af12d09d4fa

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/e359935af4f7bc74ecb302eb7c49978c5e1c822d86f55c115cb99af12d09d4fa/

Verdict:

Clean

Link:

https://tip.neiki.dev/file/e359935af4f7bc74ecb302eb7c49978c5e1c822d86f55c115cb99af12d09d4fa

Threat name:

Linux.Hacktool.MetaSploit

Status:

Malicious

First seen:

2025-08-05 20:38:50 UTC

File Type:

Text (Shell)

AV detection:

3 of 38 (7.89%)

Threat level:

1/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=4nmzgwxu666hj3ftalvxysmxrrpbzarnq32vyek4xgnpclij2t5a._file

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/250805-zkfmgsgq4w/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/e359935af4f7bc74ecb302eb7c49978c5e1c822d86f55c115cb99af12d09d4fa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh e359935af4f7bc74ecb302eb7c49978c5e1c822d86f55c115cb99af12d09d4fa

(this sample)

elf 83292aeef70102ce9350de34fbb6be40a2eb17aa4f3b9a30322ae8f208c79e44

URLhaus

https://urlhaus.abuse.ch/url/3597111/

Delivery method

Distributed via web download

Dropping

MD5 0bca53b4a81b8f9a4624c997659fdf63

Dropping

SHA256 83292aeef70102ce9350de34fbb6be40a2eb17aa4f3b9a30322ae8f208c79e44

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample