MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 e50e554554633f74465b089271f9a818f53fcd8e66146fb8f556b34cedae7147. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 7
| SHA256 hash: | e50e554554633f74465b089271f9a818f53fcd8e66146fb8f556b34cedae7147 |
|---|---|
| SHA3-384 hash: | e76a62492557ee38bfe4b08f5ff12ed9a2be62fa9cdec90875610a0436673e20fe656554e5ea296ee324fb3e852a67b6 |
| SHA1 hash: | 2e24beee3c1959e3fb4851daa1cc152674313c8d |
| MD5 hash: | 36f7dd146191c3f2f76d1a42343eeacb |
| humanhash: | may-salami-connecticut-cold |
| File name: | curl.sh |
| Download: | download sample |
| File size: | 926 bytes |
| First seen: | 2025-06-24 22:28:33 UTC |
| Last seen: | 2025-06-25 11:44:39 UTC |
| File type: | sh |
| MIME type: | text/plain |
| ssdeep | 24:3J3h6IEU6I36IRGNINJ6InKu6IFL6In6IGC6I31H6If6IZ6I4:Lpxp3pJpnTpFLpnpGCp31pfpZp4 |
| TLSH | T1C311E0FD8499B4036661AC30F039A849E01AC9E03694D780F0EFD8B7C1BD63A1374399 |
| Magika | shell |
| Reporter |  abuse_ch |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://api.trumdvfb.com/skibidi/cutearm | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutearm5 | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutearm6 | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutearm7 | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutem68k | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutemips | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutempsl | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutepowerpc | n/a | n/a | botnetdomain elf ua-wget |
| http://api.trumdvfb.com/skibidi/cutesh4 | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutex86 | n/a | n/a | n/a |
| http://api.trumdvfb.com/skibidi/cutex86_64 | n/a | n/a | n/a |
Intelligence
File Origin
# of uploads :
4
# of downloads :
99
Origin country :
DEVendor Threat Intelligence
Detection(s):
Verdict:
Malicious
Score:
81.4%
Link:
Tags:
malware
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
evasive
Status:
terminated
Behavior Graph:
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Threat name:
Document-HTML.Trojan.Heuristic
Status:
Malicious
First seen:
2025-06-24 22:29:45 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
2/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
3/10
Tags:
n/a
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh e50e554554633f74465b089271f9a818f53fcd8e66146fb8f556b34cedae7147
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.