Malicious File Creates Network Socket and Contacts fdh32fsdfhs.shop - Kunai Analysis Report sample - 2d266ab2597c72424aa21bc00718f9a13e5836e8
Malicious File Creates Network Socket and Contacts fdh32fsdfhs.shop - Kunai Analysis Report sample - 2d266ab2597c72424aa21bc00718f9a13e5836e8
AI Analysis
Technical Summary
The analyzed file exhibits behavior consistent with malware by creating a network socket and reaching out to a suspicious domain (fdh32fsdfhs.shop). The source of this information is an OSINT feed with limited certainty, and no further technical details or exploit mechanisms are provided. No affected product versions or vendor advisories are available.
Potential Impact
The potential impact is limited to the file's capability to establish network communication with an external domain, which could be used for command and control or data exfiltration. However, no confirmed exploitation or widespread attacks have been reported, and the overall severity is assessed as low.
Mitigation Recommendations
No patches or official fixes are available for this threat. Given the low certainty and lack of confirmed exploitation, no specific mitigation actions are recommended beyond standard malware detection and network monitoring practices. Organizations should maintain updated endpoint protection and be cautious of files exhibiting suspicious network activity.
Indicators of Compromise
- text: /root/bin
- text: AF_INET
- text: UDP
- ip: 8.8.8.8
- port: 53
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:42:24.490414+00:00
- text: AF_INET
- text: TCP
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- port: 59123
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:42:28.598684+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:42:37.752756+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:42:45.721202+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:42:46.798233+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:42:51.949524+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:42:57.062967+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:43:02.074597+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:43:09.267985+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:43:10.286242+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:43:18.442851+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:43:23.555907+00:00
- file: 634928e6-5d30-4879-817c-475eeb6dc201
- size-in-bytes: 46256
- float: 6.4998981401139
- hash: a231b1d76e93c3c5f2f595bb6ed53e3f
- hash: 2d266ab2597c72424aa21bc00718f9a13e5836e8
- hash: 0d2211b7e92fcc6a9f7c94d4adf8e47f6f97e31dacd3b2ffb6cce3c485fcef26
- hash: a58aed72544a8ac72083e7316aa3e02bd21006460c05e142d8c40f03e93df088b6380830326cb92c265120358a5198c2ce506b7c90a08052ef13ff0c88577e1d
- malware-sample: 634928e6-5d30-4879-817c-475eeb6dc201|a231b1d76e93c3c5f2f595bb6ed53e3f
- file: activity-graph.svg
- file: kunai.json.gz
Malicious File Creates Network Socket and Contacts fdh32fsdfhs.shop - Kunai Analysis Report sample - 2d266ab2597c72424aa21bc00718f9a13e5836e8
Description
Malicious File Creates Network Socket and Contacts fdh32fsdfhs.shop - Kunai Analysis Report sample - 2d266ab2597c72424aa21bc00718f9a13e5836e8
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The analyzed file exhibits behavior consistent with malware by creating a network socket and reaching out to a suspicious domain (fdh32fsdfhs.shop). The source of this information is an OSINT feed with limited certainty, and no further technical details or exploit mechanisms are provided. No affected product versions or vendor advisories are available.
Potential Impact
The potential impact is limited to the file's capability to establish network communication with an external domain, which could be used for command and control or data exfiltration. However, no confirmed exploitation or widespread attacks have been reported, and the overall severity is assessed as low.
Mitigation Recommendations
No patches or official fixes are available for this threat. Given the low certainty and lack of confirmed exploitation, no specific mitigation actions are recommended beyond standard malware detection and network monitoring practices. Organizations should maintain updated endpoint protection and be cautious of files exhibiting suspicious network activity.
Technical Details
- Uuid
- ff2d1e23-caba-4a52-a374-ba223b1e7700
- Original Timestamp
- 1750408053
Indicators of Compromise
Text
| Value | Description | Copy |
|---|---|---|
text/root/bin | — | |
textAF_INET | — | |
textUDP | — | |
textAF_INET | — | |
textTCP | — |
Ip
| Value | Description | Copy |
|---|---|---|
ip8.8.8.8 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — |
Port
| Value | Description | Copy |
|---|---|---|
port53 | — | |
port59123 | — |
Domain
| Value | Description | Copy |
|---|---|---|
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — |
Datetime
| Value | Description | Copy |
|---|---|---|
datetime2025-06-19T11:42:24.490414+00:00 | — | |
datetime2025-06-19T11:42:28.598684+00:00 | — | |
datetime2025-06-19T11:42:37.752756+00:00 | — | |
datetime2025-06-19T11:42:45.721202+00:00 | — | |
datetime2025-06-19T11:42:46.798233+00:00 | — | |
datetime2025-06-19T11:42:51.949524+00:00 | — | |
datetime2025-06-19T11:42:57.062967+00:00 | — | |
datetime2025-06-19T11:43:02.074597+00:00 | — | |
datetime2025-06-19T11:43:09.267985+00:00 | — | |
datetime2025-06-19T11:43:10.286242+00:00 | — | |
datetime2025-06-19T11:43:18.442851+00:00 | — | |
datetime2025-06-19T11:43:23.555907+00:00 | — |
File
| Value | Description | Copy |
|---|---|---|
file634928e6-5d30-4879-817c-475eeb6dc201 | — | |
fileactivity-graph.svg | sample activity graph | |
filekunai.json.gz | kunai logs for sample |
Size in-bytes
| Value | Description | Copy |
|---|---|---|
size-in-bytes46256 | — |
Float
| Value | Description | Copy |
|---|---|---|
float6.4998981401139 | — |
Hash
| Value | Description | Copy |
|---|---|---|
hasha231b1d76e93c3c5f2f595bb6ed53e3f | — | |
hash2d266ab2597c72424aa21bc00718f9a13e5836e8 | — | |
hash0d2211b7e92fcc6a9f7c94d4adf8e47f6f97e31dacd3b2ffb6cce3c485fcef26 | — | |
hasha58aed72544a8ac72083e7316aa3e02bd21006460c05e142d8c40f03e93df088b6380830326cb92c265120358a5198c2ce506b7c90a08052ef13ff0c88577e1d | — |
Malware sample
| Value | Description | Copy |
|---|---|---|
malware-sample634928e6-5d30-4879-817c-475eeb6dc201|a231b1d76e93c3c5f2f595bb6ed53e3f | — |
Threat ID: 685538917ff74dad36a5c34e
Added to database: 6/20/2025, 10:31:45 AM
Last enriched: 4/8/2026, 4:19:55 AM
Last updated: 5/10/2026, 2:20:50 AM
Views: 585
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.