MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f976ae996647cda870ae5c6c434b89f6b576fba159ec79bbb458cde81f3c51bb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f976ae996647cda870ae5c6c434b89f6b576fba159ec79bbb458cde81f3c51bb
SHA3-384 hash: 3785d2fe4d14322610a9e3e0aaa9e241270be5d517518aed1f80204947e031287147803e1a0372ac0604add15ef106f5
SHA1 hash: 2422fea46db523690fb1ff4ce17fb6dc2285754b
MD5 hash: 867bdf85feb610ded383bba6736d4768
humanhash: yankee-network-video-ack
File name:payload.txt
Download: download sample
File size:387 bytes
First seen:2026-01-11 06:57:23 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:hI7qKI7q0Iu52LrFHhtSu50S4bu+B5iQDIu5iQybu+B5yNu549:hAoPWHFHh0fx8W
TLSH T18AE092ECE9248073319EC93C314CD13E1CBB08EA185E35845567EBF1202D44CDA0AAB5
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
35
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox masquerade
Link:
https://www.filescan.io/uploads/696359fc30368802bb7fe717/reports/f1b1f1a6-758a-4b0d-a2ed-1c9e286b8bf5/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/f976ae996647cda870ae5c6c434b89f6b576fba159ec79bbb458cde81f3c51bb
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/fc1c9d97-8005-4c0c-91dc-677fe24ea513
Behavior Graph:
Download SVG
%3 guuid=1195a736-1b00-0000-403e-15429c0b0000 pid=2972 /usr/bin/sudo guuid=c59ba839-1b00-0000-403e-1542a30b0000 pid=2979 /tmp/sample.bin guuid=1195a736-1b00-0000-403e-15429c0b0000 pid=2972->guuid=c59ba839-1b00-0000-403e-1542a30b0000 pid=2979 execve guuid=0b80f239-1b00-0000-403e-1542a50b0000 pid=2981 /usr/bin/wget dns net send-data guuid=c59ba839-1b00-0000-403e-1542a30b0000 pid=2979->guuid=0b80f239-1b00-0000-403e-1542a50b0000 pid=2981 execve guuid=18c61d41-1b00-0000-403e-1542b80b0000 pid=3000 /usr/bin/curl guuid=c59ba839-1b00-0000-403e-1542a30b0000 pid=2979->guuid=18c61d41-1b00-0000-403e-1542b80b0000 pid=3000 execve guuid=63ac144f-1b00-0000-403e-1542d60b0000 pid=3030 /usr/bin/busybox dns net send-data guuid=c59ba839-1b00-0000-403e-1542a30b0000 pid=2979->guuid=63ac144f-1b00-0000-403e-1542d60b0000 pid=3030 execve guuid=f9d46253-1b00-0000-403e-1542e60b0000 pid=3046 /usr/bin/busybox dns net send-data guuid=c59ba839-1b00-0000-403e-1542a30b0000 pid=2979->guuid=f9d46253-1b00-0000-403e-1542e60b0000 pid=3046 execve guuid=e9e65a57-1b00-0000-403e-1542f30b0000 pid=3059 /usr/bin/chmod guuid=c59ba839-1b00-0000-403e-1542a30b0000 pid=2979->guuid=e9e65a57-1b00-0000-403e-1542f30b0000 pid=3059 execve guuid=a561a957-1b00-0000-403e-1542f50b0000 pid=3061 /tmp/gay.sh guuid=c59ba839-1b00-0000-403e-1542a30b0000 pid=2979->guuid=a561a957-1b00-0000-403e-1542f50b0000 pid=3061 execve 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=0b80f239-1b00-0000-403e-1542a50b0000 pid=2981->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 172B guuid=18c61d41-1b00-0000-403e-1542b80b0000 pid=3012 /usr/bin/curl dns net send-data guuid=18c61d41-1b00-0000-403e-1542b80b0000 pid=3000->guuid=18c61d41-1b00-0000-403e-1542b80b0000 pid=3012 clone guuid=18c61d41-1b00-0000-403e-1542b80b0000 pid=3012->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 172B guuid=63ac144f-1b00-0000-403e-1542d60b0000 pid=3030->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 172B guuid=f9d46253-1b00-0000-403e-1542e60b0000 pid=3046->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 172B
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f976ae996647cda870ae5c6c434b89f6b576fba159ec79bbb458cde81f3c51bb/
Threat name:
Text.Browser.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-01-11 07:10:31 UTC
File Type:
Text (Shell)
AV detection:
1 of 36 (2.78%)
Threat level:
  4/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7f3k5glgi7g2q4folrwegs4j622xn65blhwhto5uldg6qhz4kg5q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260111-jzka8aew6h/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f976ae996647cda870ae5c6c434b89f6b576fba159ec79bbb458cde81f3c51bb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh f976ae996647cda870ae5c6c434b89f6b576fba159ec79bbb458cde81f3c51bb

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3756062/
  
Delivery method
Distributed via web download

Comments