MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b0bf190c3d68ead801da7152302540fa34f2ca5d81c8263dd2da0b3faf0bdc4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments

SHA256 hash: 0b0bf190c3d68ead801da7152302540fa34f2ca5d81c8263dd2da0b3faf0bdc4
SHA3-384 hash: 6d12e0b2b28e4e108d47d8d92ba02d67461b228518b3cf3c8a652555f6777cd502231d78f0336380ca82c6929031c361
SHA1 hash: 0d8a66ffd60eb27b52bfb6faeede119740d4fc86
MD5 hash: 1db3e73ca525221c53ffdfb422bbef5e
humanhash: grey-golf-equal-mockingbird
File name:c.sh
Download: download sample
File size:936 bytes
First seen:2026-07-03 00:15:56 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3Tm3zBxm3Tkm3xNIIpm3dKSKm3jT0m35uqaOm3pl9Am3f9rm3Dqxm3z/0m3rE4:FwBxUkGpqxKgT0cuqaOA9A29rAqxU/06
TLSH T1B6118C8D02A05A3E6FFCCC6CB06FD208AC71E5C430B14F15DA64D42395A71606C15F3E
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence


File Origin
# of uploads :
1
# of downloads :
51
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
downloader mirai
Status:
terminated
Behavior Graph:
%3 guuid=520cb0d5-1900-0000-983d-cbe3d40e0000 pid=3796 /usr/bin/sudo guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807 /tmp/sample.bin guuid=520cb0d5-1900-0000-983d-cbe3d40e0000 pid=3796->guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807 execve guuid=65e5bed8-1900-0000-983d-cbe3e10e0000 pid=3809 /usr/bin/curl net send-data guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=65e5bed8-1900-0000-983d-cbe3e10e0000 pid=3809 execve guuid=f2d824e3-1900-0000-983d-cbe30a0f0000 pid=3850 /usr/bin/chmod guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=f2d824e3-1900-0000-983d-cbe30a0f0000 pid=3850 execve guuid=b04e67e3-1900-0000-983d-cbe30b0f0000 pid=3851 /usr/bin/dash guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=b04e67e3-1900-0000-983d-cbe30b0f0000 pid=3851 clone guuid=36e275e3-1900-0000-983d-cbe30c0f0000 pid=3852 /usr/bin/curl net send-data guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=36e275e3-1900-0000-983d-cbe30c0f0000 pid=3852 execve guuid=4aa20fe7-1900-0000-983d-cbe3140f0000 pid=3860 /usr/bin/chmod guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=4aa20fe7-1900-0000-983d-cbe3140f0000 pid=3860 execve guuid=8a3557e7-1900-0000-983d-cbe3160f0000 pid=3862 /usr/bin/dash guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=8a3557e7-1900-0000-983d-cbe3160f0000 pid=3862 clone guuid=ba3f67e7-1900-0000-983d-cbe3170f0000 pid=3863 /usr/bin/curl net send-data guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=ba3f67e7-1900-0000-983d-cbe3170f0000 pid=3863 execve guuid=976b31f1-1900-0000-983d-cbe3380f0000 pid=3896 /usr/bin/chmod guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=976b31f1-1900-0000-983d-cbe3380f0000 pid=3896 execve guuid=00b181f1-1900-0000-983d-cbe33a0f0000 pid=3898 /usr/bin/dash guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=00b181f1-1900-0000-983d-cbe33a0f0000 pid=3898 clone guuid=6dc987f1-1900-0000-983d-cbe33b0f0000 pid=3899 /usr/bin/curl net send-data guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=6dc987f1-1900-0000-983d-cbe33b0f0000 pid=3899 execve guuid=2ec592fa-1900-0000-983d-cbe35c0f0000 pid=3932 /usr/bin/chmod guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=2ec592fa-1900-0000-983d-cbe35c0f0000 pid=3932 execve guuid=7a151efb-1900-0000-983d-cbe3600f0000 pid=3936 /usr/bin/dash guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=7a151efb-1900-0000-983d-cbe3600f0000 pid=3936 clone guuid=ca6e30fb-1900-0000-983d-cbe3610f0000 pid=3937 /usr/bin/curl net send-data guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=ca6e30fb-1900-0000-983d-cbe3610f0000 pid=3937 execve guuid=e4c29c04-1a00-0000-983d-cbe37f0f0000 pid=3967 /usr/bin/chmod guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=e4c29c04-1a00-0000-983d-cbe37f0f0000 pid=3967 execve guuid=500fe104-1a00-0000-983d-cbe3800f0000 pid=3968 /usr/bin/dash guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=500fe104-1a00-0000-983d-cbe3800f0000 pid=3968 clone guuid=af53ef04-1a00-0000-983d-cbe3810f0000 pid=3969 /usr/bin/curl net send-data guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=af53ef04-1a00-0000-983d-cbe3810f0000 pid=3969 execve guuid=efb41c09-1a00-0000-983d-cbe38e0f0000 pid=3982 /usr/bin/chmod guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=efb41c09-1a00-0000-983d-cbe38e0f0000 pid=3982 execve guuid=bb627e09-1a00-0000-983d-cbe3900f0000 pid=3984 /usr/bin/dash guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=bb627e09-1a00-0000-983d-cbe3900f0000 pid=3984 clone guuid=8fa18509-1a00-0000-983d-cbe3910f0000 pid=3985 /usr/bin/curl net send-data guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=8fa18509-1a00-0000-983d-cbe3910f0000 pid=3985 execve guuid=f5917610-1a00-0000-983d-cbe3ab0f0000 pid=4011 /usr/bin/chmod guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=f5917610-1a00-0000-983d-cbe3ab0f0000 pid=4011 execve guuid=f102b810-1a00-0000-983d-cbe3ac0f0000 pid=4012 /usr/bin/dash guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=f102b810-1a00-0000-983d-cbe3ac0f0000 pid=4012 clone guuid=ea9ec010-1a00-0000-983d-cbe3ad0f0000 pid=4013 /usr/bin/curl net send-data guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=ea9ec010-1a00-0000-983d-cbe3ad0f0000 pid=4013 execve guuid=ff86ce16-1a00-0000-983d-cbe3c80f0000 pid=4040 /usr/bin/chmod guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=ff86ce16-1a00-0000-983d-cbe3c80f0000 pid=4040 execve guuid=348c0b17-1a00-0000-983d-cbe3c90f0000 pid=4041 /usr/bin/dash guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=348c0b17-1a00-0000-983d-cbe3c90f0000 pid=4041 clone guuid=c1e31c17-1a00-0000-983d-cbe3cc0f0000 pid=4044 /usr/bin/curl net send-data guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=c1e31c17-1a00-0000-983d-cbe3cc0f0000 pid=4044 execve guuid=19309e1a-1a00-0000-983d-cbe3dc0f0000 pid=4060 /usr/bin/chmod guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=19309e1a-1a00-0000-983d-cbe3dc0f0000 pid=4060 execve guuid=4688d91a-1a00-0000-983d-cbe3de0f0000 pid=4062 /usr/bin/dash guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=4688d91a-1a00-0000-983d-cbe3de0f0000 pid=4062 clone guuid=c173e81a-1a00-0000-983d-cbe3df0f0000 pid=4063 /usr/bin/curl net send-data guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=c173e81a-1a00-0000-983d-cbe3df0f0000 pid=4063 execve guuid=b9ef8622-1a00-0000-983d-cbe3fb0f0000 pid=4091 /usr/bin/chmod guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=b9ef8622-1a00-0000-983d-cbe3fb0f0000 pid=4091 execve guuid=58d6c322-1a00-0000-983d-cbe3fc0f0000 pid=4092 /usr/bin/dash guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=58d6c322-1a00-0000-983d-cbe3fc0f0000 pid=4092 clone guuid=f191cc22-1a00-0000-983d-cbe3fd0f0000 pid=4093 /usr/bin/curl net send-data guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=f191cc22-1a00-0000-983d-cbe3fd0f0000 pid=4093 execve guuid=7256e828-1a00-0000-983d-cbe316100000 pid=4118 /usr/bin/chmod guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=7256e828-1a00-0000-983d-cbe316100000 pid=4118 execve guuid=d5912729-1a00-0000-983d-cbe318100000 pid=4120 /usr/bin/dash guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=d5912729-1a00-0000-983d-cbe318100000 pid=4120 clone guuid=793e3329-1a00-0000-983d-cbe319100000 pid=4121 /usr/bin/curl net send-data guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=793e3329-1a00-0000-983d-cbe319100000 pid=4121 execve guuid=2f8ab52c-1a00-0000-983d-cbe327100000 pid=4135 /usr/bin/chmod guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=2f8ab52c-1a00-0000-983d-cbe327100000 pid=4135 execve guuid=1644032d-1a00-0000-983d-cbe329100000 pid=4137 /usr/bin/dash guuid=c95f7cd8-1900-0000-983d-cbe3df0e0000 pid=3807->guuid=1644032d-1a00-0000-983d-cbe329100000 pid=4137 clone 8be22695-4f5a-5daa-a701-21555a8268a1 141.11.88.129:80 guuid=65e5bed8-1900-0000-983d-cbe3e10e0000 pid=3809->8be22695-4f5a-5daa-a701-21555a8268a1 send: 85B guuid=36e275e3-1900-0000-983d-cbe30c0f0000 pid=3852->8be22695-4f5a-5daa-a701-21555a8268a1 send: 86B guuid=ba3f67e7-1900-0000-983d-cbe3170f0000 pid=3863->8be22695-4f5a-5daa-a701-21555a8268a1 send: 86B guuid=6dc987f1-1900-0000-983d-cbe33b0f0000 pid=3899->8be22695-4f5a-5daa-a701-21555a8268a1 send: 86B guuid=ca6e30fb-1900-0000-983d-cbe3610f0000 pid=3937->8be22695-4f5a-5daa-a701-21555a8268a1 send: 85B guuid=af53ef04-1a00-0000-983d-cbe3810f0000 pid=3969->8be22695-4f5a-5daa-a701-21555a8268a1 send: 85B guuid=8fa18509-1a00-0000-983d-cbe3910f0000 pid=3985->8be22695-4f5a-5daa-a701-21555a8268a1 send: 86B guuid=ea9ec010-1a00-0000-983d-cbe3ad0f0000 pid=4013->8be22695-4f5a-5daa-a701-21555a8268a1 send: 86B guuid=c1e31c17-1a00-0000-983d-cbe3cc0f0000 pid=4044->8be22695-4f5a-5daa-a701-21555a8268a1 send: 87B guuid=c173e81a-1a00-0000-983d-cbe3df0f0000 pid=4063->8be22695-4f5a-5daa-a701-21555a8268a1 send: 88B guuid=f191cc22-1a00-0000-983d-cbe3fd0f0000 pid=4093->8be22695-4f5a-5daa-a701-21555a8268a1 send: 86B guuid=793e3329-1a00-0000-983d-cbe319100000 pid=4121->8be22695-4f5a-5daa-a701-21555a8268a1 send: 86B
Threat name:
Document-HTML.Downloader.Heuristic
Status:
Malicious
First seen:
2026-07-02 06:20:15 UTC
File Type:
Text (Shell)
AV detection:
11 of 36 (30.56%)
Threat level:
  2/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 0b0bf190c3d68ead801da7152302540fa34f2ca5d81c8263dd2da0b3faf0bdc4

(this sample)

  
Delivery method
Distributed via web download

Comments