MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fab37cff9ba659a31e49083ed0a2ed9bab15925b122bf5b1bb0dce7ab33b54a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	fab37cff9ba659a31e49083ed0a2ed9bab15925b122bf5b1bb0dce7ab33b54a2
SHA3-384 hash:	89ce169e9874744b621efa06ad49f10b2328021e315a0783f03d59e24f7328ea43d6bd0924252da3d4819ade9feb2249
SHA1 hash:	a124ecda899bec12bd9ef897451e725a39c6c0c9
MD5 hash:	aefc0f1cd486cd1a1e0244b18f0e7588
humanhash:	august-ink-artist-london
File name:	run.sh
Download:	download sample
File size:	410 bytes
First seen:	2026-05-05 00:05:44 UTC
Last seen:	2026-05-05 15:27:53 UTC
File type:	sh
MIME type:	text/plain
ssdeep	12:OGG6fPa96fP26fP16fPz6fPl6fPv6fP+6fPBD2EHxn:I+y9+u+t+b+N+3+2+JqEHxn
TLSH	T147E075C5D1C4B153E5AAFA94BB79A28CA20552D754FE2F1ECE413861DD88860F157702
Magika	txt
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://176.65.139.166/ppc64	n/a	n/a	176-65-139-166 elf ua-wget

Intelligence

File Origin

# of uploads :

2

# of downloads :

46

Origin country :

DE

Vendor Threat Intelligence

Gathering data

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/69f9347c86e92bda701e887d/reports/dcabffe3-a785-489f-a860-65b6dc3297bd/overview

Result

Gathering data

Verdict:

Unknown

File Type:

Link:

https://opentip.kaspersky.com/fab37cff9ba659a31e49083ed0a2ed9bab15925b122bf5b1bb0dce7ab33b54a2/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/4b36f7e8-cb2d-476a-bd6a-8a6781109a88

Behavior Graph:

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/fab37cff9ba659a31e49083ed0a2ed9bab15925b122bf5b1bb0dce7ab33b54a2

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fab37cff9ba659a31e49083ed0a2ed9bab15925b122bf5b1bb0dce7ab33b54a2/

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/fab37cff9ba659a31e49083ed0a2ed9bab15925b122bf5b1bb0dce7ab33b54a2

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7kzxz743uzm2ghsjba7nbixntovrles3civ7lmn3bxhhvmz3ksra._file

Result

Malware family:

n/a

Score:

3/10

Tags:

n/a

Link:

https://tria.ge/reports/260505-ads7kady3w/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/fab37cff9ba659a31e49083ed0a2ed9bab15925b122bf5b1bb0dce7ab33b54a2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh fab37cff9ba659a31e49083ed0a2ed9bab15925b122bf5b1bb0dce7ab33b54a2

(this sample)

elf d286289e326785bfbf145743a3e004e002292e7f6555a38ad74ebaf310621ebe

URLhaus

https://urlhaus.abuse.ch/url/3837149/

Delivery method

Distributed via web download

Dropping

MD5 9199e33ed721e64195e76ba2206ddcf0

Dropping

SHA256 d286289e326785bfbf145743a3e004e002292e7f6555a38ad74ebaf310621ebe

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample