Malicious File Creates Network Socket and Contacts fdh32fsdfhs.shop - Kunai Analysis Report sample - 2d266ab2597c72424aa21bc00718f9a13e5836e8
This report describes a malicious file that creates a network socket and attempts to contact the domain fdh32fsdfhs. shop. The information is derived from an OSINT feed with moderate certainty (50%). There is no indication of known exploits in the wild or available patches. The severity is assessed as low based on the limited impact and lack of exploitation evidence.
AI Analysis
Technical Summary
The analyzed malicious file establishes a network socket connection to the domain fdh32fsdfhs.shop, potentially indicating command and control or data exfiltration activity. The report is based on open-source intelligence with moderate confidence but lacks detailed technical indicators or exploit information. No affected product versions or vendor advisories are provided, and no patch is available.
Potential Impact
The impact appears limited as there are no known exploits in the wild and no evidence of widespread compromise. The file's network activity could enable unauthorized communication, but without further context, the actual risk remains low.
Mitigation Recommendations
No patch is available for this threat. Given the low severity and lack of known exploitation, standard network monitoring for suspicious connections to unknown domains like fdh32fsdfhs.shop is advisable. No urgent remediation actions are indicated by the source data.
Indicators of Compromise
- text: /root/bin
- text: AF_INET
- text: UDP
- ip: 8.8.8.8
- port: 53
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:42:24.490414+00:00
- text: AF_INET
- text: TCP
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- port: 59123
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:42:28.598684+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:42:37.752756+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:42:45.721202+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:42:46.798233+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:42:51.949524+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:42:57.062967+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:43:02.074597+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:43:09.267985+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:43:10.286242+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:43:18.442851+00:00
- domain: fdh32fsdfhs.shop
- ip: 196.251.88.165
- datetime: 2025-06-19T11:43:23.555907+00:00
- file: 634928e6-5d30-4879-817c-475eeb6dc201
- size-in-bytes: 46256
- float: 6.4998981401139
- hash: a231b1d76e93c3c5f2f595bb6ed53e3f
- hash: 2d266ab2597c72424aa21bc00718f9a13e5836e8
- hash: 0d2211b7e92fcc6a9f7c94d4adf8e47f6f97e31dacd3b2ffb6cce3c485fcef26
- hash: a58aed72544a8ac72083e7316aa3e02bd21006460c05e142d8c40f03e93df088b6380830326cb92c265120358a5198c2ce506b7c90a08052ef13ff0c88577e1d
- malware-sample: 634928e6-5d30-4879-817c-475eeb6dc201|a231b1d76e93c3c5f2f595bb6ed53e3f
- file: activity-graph.svg
- file: kunai.json.gz
Malicious File Creates Network Socket and Contacts fdh32fsdfhs.shop - Kunai Analysis Report sample - 2d266ab2597c72424aa21bc00718f9a13e5836e8
Description
This report describes a malicious file that creates a network socket and attempts to contact the domain fdh32fsdfhs. shop. The information is derived from an OSINT feed with moderate certainty (50%). There is no indication of known exploits in the wild or available patches. The severity is assessed as low based on the limited impact and lack of exploitation evidence.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The analyzed malicious file establishes a network socket connection to the domain fdh32fsdfhs.shop, potentially indicating command and control or data exfiltration activity. The report is based on open-source intelligence with moderate confidence but lacks detailed technical indicators or exploit information. No affected product versions or vendor advisories are provided, and no patch is available.
Potential Impact
The impact appears limited as there are no known exploits in the wild and no evidence of widespread compromise. The file's network activity could enable unauthorized communication, but without further context, the actual risk remains low.
Mitigation Recommendations
No patch is available for this threat. Given the low severity and lack of known exploitation, standard network monitoring for suspicious connections to unknown domains like fdh32fsdfhs.shop is advisable. No urgent remediation actions are indicated by the source data.
Technical Details
- Uuid
- ff2d1e23-caba-4a52-a374-ba223b1e7700
- Original Timestamp
- 1750408053
Indicators of Compromise
Text
| Value | Description | Copy |
|---|---|---|
text/root/bin | — | |
textAF_INET | — | |
textUDP | — | |
textAF_INET | — | |
textTCP | — |
Ip
| Value | Description | Copy |
|---|---|---|
ip8.8.8.8 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — | |
ip196.251.88.165 | — |
Port
| Value | Description | Copy |
|---|---|---|
port53 | — | |
port59123 | — |
Domain
| Value | Description | Copy |
|---|---|---|
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — | |
domainfdh32fsdfhs.shop | — |
Datetime
| Value | Description | Copy |
|---|---|---|
datetime2025-06-19T11:42:24.490414+00:00 | — | |
datetime2025-06-19T11:42:28.598684+00:00 | — | |
datetime2025-06-19T11:42:37.752756+00:00 | — | |
datetime2025-06-19T11:42:45.721202+00:00 | — | |
datetime2025-06-19T11:42:46.798233+00:00 | — | |
datetime2025-06-19T11:42:51.949524+00:00 | — | |
datetime2025-06-19T11:42:57.062967+00:00 | — | |
datetime2025-06-19T11:43:02.074597+00:00 | — | |
datetime2025-06-19T11:43:09.267985+00:00 | — | |
datetime2025-06-19T11:43:10.286242+00:00 | — | |
datetime2025-06-19T11:43:18.442851+00:00 | — | |
datetime2025-06-19T11:43:23.555907+00:00 | — |
File
| Value | Description | Copy |
|---|---|---|
file634928e6-5d30-4879-817c-475eeb6dc201 | — | |
fileactivity-graph.svg | sample activity graph | |
filekunai.json.gz | kunai logs for sample |
Size in-bytes
| Value | Description | Copy |
|---|---|---|
size-in-bytes46256 | — |
Float
| Value | Description | Copy |
|---|---|---|
float6.4998981401139 | — |
Hash
| Value | Description | Copy |
|---|---|---|
hasha231b1d76e93c3c5f2f595bb6ed53e3f | — | |
hash2d266ab2597c72424aa21bc00718f9a13e5836e8 | — | |
hash0d2211b7e92fcc6a9f7c94d4adf8e47f6f97e31dacd3b2ffb6cce3c485fcef26 | — | |
hasha58aed72544a8ac72083e7316aa3e02bd21006460c05e142d8c40f03e93df088b6380830326cb92c265120358a5198c2ce506b7c90a08052ef13ff0c88577e1d | — |
Malware sample
| Value | Description | Copy |
|---|---|---|
malware-sample634928e6-5d30-4879-817c-475eeb6dc201|a231b1d76e93c3c5f2f595bb6ed53e3f | — |
Threat ID: 685538917ff74dad36a5c34e
Added to database: 6/20/2025, 10:31:45 AM
Last enriched: 5/10/2026, 2:24:07 AM
Last updated: 5/10/2026, 1:04:08 PM
Views: 586
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.