MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a250561ca65c5f2dfda31b2023438463ce1133d350937949908af44118c4a43. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 3

Intelligence 3 IOCs YARA File information Comments

SHA256 hash:	0a250561ca65c5f2dfda31b2023438463ce1133d350937949908af44118c4a43
SHA3-384 hash:	33619cb706a7cf76287bd957179d42972f8dd9d4c78695858bd8a4048f99b8466b187f2c9ff3cc73aedf17eb4818b735
SHA1 hash:	93e82598a742029d62856e67d0e020b25a333652
MD5 hash:	2ee620371105f60b122d4253ea9d995a
humanhash:	stairway-solar-juliet-video
File name:	run-ss.sh
Download:	download sample
File size:	3'658 bytes
First seen:	2025-07-16 02:41:59 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:vL/5miMcHzybWgRHZ+d/T4pKhnShcAanliDz+yQhK44T7D02K42cgMQzd/uAE:1miJzom7ZhnShcAal1yv7D1K42crAVE
TLSH	T1E8713216788092BD111AC4B4A2CE94553A04C11B0B483E3C7AEED4361F757F4B7FA7E6
Magika	shell
Reporter	abuse_ch
Tags:	sh

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/190b789c-6a29-4366-9194-3e5743d3960f

Behavior Graph:

Download SVG

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/0a250561ca65c5f2dfda31b2023438463ce1133d350937949908af44118c4a43

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0a250561ca65c5f2dfda31b2023438463ce1133d350937949908af44118c4a43/

Threat name:

Win32.Trojan.Generic

Status:

Suspicious

First seen:

2025-07-16 02:42:26 UTC

File Type:

Text (Shell)

AV detection:

5 of 24 (20.83%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bisqkyokmxc7fx62ggzaenbyiy6ocez5guetpfezbcxuiemmjjbq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

antivm credential_access defense_evasion discovery execution linux privilege_escalation

Link:

https://tria.ge/reports/250716-c67xjahn3x/

Behaviour

Software Deployment Tools

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Deobfuscate/Decode Files or Information

Changes its process name

Checks CPU configuration

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

Legitimate hosting services abused for malware hosting/C2

Reads Bash history

File and Directory Permissions Modification

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.28

Link:

https://yomi.yoroi.company/submissions/0a250561ca65c5f2dfda31b2023438463ce1133d350937949908af44118c4a43

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 0a250561ca65c5f2dfda31b2023438463ce1133d350937949908af44118c4a43

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3584203/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample