Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Malicious File Creates Network Socket and Contacts fdh32fsdfhs.shop - Kunai Analysis Report sample - 2d266ab2597c72424aa21bc00718f9a13e5836e8

0
Low
Published: Fri Jun 20 2025 (06/20/2025, 00:00:00 UTC)
Source: CIRCL OSINT Feed
Vendor/Project: type
Product: osint

Description

Malicious File Creates Network Socket and Contacts fdh32fsdfhs.shop - Kunai Analysis Report sample - 2d266ab2597c72424aa21bc00718f9a13e5836e8

AI-Powered Analysis

AILast updated: 01/28/2026, 20:26:03 UTC

Technical Analysis

The reported threat involves a malicious file that creates a network socket and attempts to communicate with the domain fdh32fsdfhs.shop. This behavior is typical of malware establishing command and control (C2) channels or attempting to exfiltrate data. However, the report lacks detailed technical indicators such as file hashes, specific malware family names, or attack vectors. The threat is sourced from the CIRCL OSINT feed and is tagged with a 50% certainty level, indicating that the analysis or detection confidence is moderate. No affected software versions or products are listed, and there are no known exploits in the wild or patches available, suggesting this may be a newly observed or low-impact threat. The absence of CWE identifiers and minimal technical details limit the ability to fully characterize the threat. The malicious file's network activity is the primary observable behavior, which could be detected via network monitoring tools. The threat's low severity rating reflects the limited information and the current lack of evidence for widespread exploitation or significant impact. Given the domain contacted appears suspicious and potentially malicious, this could be part of a broader malware campaign or targeted attack, but further intelligence is needed to confirm.

Potential Impact

For European organizations, the primary impact of this threat would be unauthorized outbound network connections potentially leading to data exfiltration or remote control of infected systems. If the malicious file is executed within enterprise environments, it could compromise confidentiality by leaking sensitive information. Integrity and availability impacts are less clear due to limited technical details, but the establishment of unauthorized network sockets could facilitate further malicious activities. The low severity and lack of known exploits suggest the immediate risk is limited; however, organizations with high-value data or critical infrastructure could face increased risk if this threat evolves. Network-based detection and blocking can mitigate the impact, but failure to detect such communications could lead to persistent infections and lateral movement within networks. The threat's low certainty and absence of patches imply that traditional endpoint protection may not fully detect or prevent this activity without updated threat intelligence and network monitoring.

Mitigation Recommendations

European organizations should implement network monitoring solutions capable of detecting unusual outbound connections, especially to suspicious or unknown domains like fdh32fsdfhs.shop. Deploy DNS filtering and web proxy controls to block access to known malicious domains. Endpoint detection and response (EDR) tools should be configured to alert on processes creating unexpected network sockets. Regularly update threat intelligence feeds to incorporate emerging indicators of compromise related to this threat. Conduct user awareness training to reduce the risk of executing unknown or suspicious files. Employ network segmentation to limit the spread of infections if a device is compromised. Since no patches are available, focus on detection and containment strategies. Incident response plans should include procedures for isolating affected systems and conducting forensic analysis to identify the scope of compromise. Collaborate with national cybersecurity centers for updated intelligence and coordinated response efforts.

Need more detailed analysis?Upgrade to Pro Console

Technical Details

Uuid
ff2d1e23-caba-4a52-a374-ba223b1e7700
Original Timestamp
1750408053

Indicators of Compromise

Text

ValueDescriptionCopy
text/root/bin
textAF_INET
textUDP
textAF_INET
textTCP

Ip

ValueDescriptionCopy
ip8.8.8.8
ip196.251.88.165
ip196.251.88.165
ip196.251.88.165
ip196.251.88.165
ip196.251.88.165
ip196.251.88.165
ip196.251.88.165
ip196.251.88.165
ip196.251.88.165
ip196.251.88.165
ip196.251.88.165
ip196.251.88.165
ip196.251.88.165

Port

ValueDescriptionCopy
port53
port59123

Domain

ValueDescriptionCopy
domainfdh32fsdfhs.shop
domainfdh32fsdfhs.shop
domainfdh32fsdfhs.shop
domainfdh32fsdfhs.shop
domainfdh32fsdfhs.shop
domainfdh32fsdfhs.shop
domainfdh32fsdfhs.shop
domainfdh32fsdfhs.shop
domainfdh32fsdfhs.shop
domainfdh32fsdfhs.shop
domainfdh32fsdfhs.shop
domainfdh32fsdfhs.shop
domainfdh32fsdfhs.shop

Datetime

ValueDescriptionCopy
datetime2025-06-19T11:42:24.490414+00:00
datetime2025-06-19T11:42:28.598684+00:00
datetime2025-06-19T11:42:37.752756+00:00
datetime2025-06-19T11:42:45.721202+00:00
datetime2025-06-19T11:42:46.798233+00:00
datetime2025-06-19T11:42:51.949524+00:00
datetime2025-06-19T11:42:57.062967+00:00
datetime2025-06-19T11:43:02.074597+00:00
datetime2025-06-19T11:43:09.267985+00:00
datetime2025-06-19T11:43:10.286242+00:00
datetime2025-06-19T11:43:18.442851+00:00
datetime2025-06-19T11:43:23.555907+00:00

File

ValueDescriptionCopy
file634928e6-5d30-4879-817c-475eeb6dc201
fileactivity-graph.svg
sample activity graph
filekunai.json.gz
kunai logs for sample

Size in-bytes

ValueDescriptionCopy
size-in-bytes46256

Float

ValueDescriptionCopy
float6.4998981401139

Hash

ValueDescriptionCopy
hasha231b1d76e93c3c5f2f595bb6ed53e3f
hash2d266ab2597c72424aa21bc00718f9a13e5836e8
hash0d2211b7e92fcc6a9f7c94d4adf8e47f6f97e31dacd3b2ffb6cce3c485fcef26
hasha58aed72544a8ac72083e7316aa3e02bd21006460c05e142d8c40f03e93df088b6380830326cb92c265120358a5198c2ce506b7c90a08052ef13ff0c88577e1d

Malware sample

ValueDescriptionCopy
malware-sample634928e6-5d30-4879-817c-475eeb6dc201|a231b1d76e93c3c5f2f595bb6ed53e3f

Threat ID: 685538917ff74dad36a5c34e

Added to database: 6/20/2025, 10:31:45 AM

Last enriched: 1/28/2026, 8:26:03 PM

Last updated: 2/4/2026, 8:43:46 AM

Views: 486

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Actions

PRO

Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.

Please log in to the Console to use AI analysis features.

External Links

Need more coverage?

Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats