MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0cfe6508ff25fc7b73c15750cda72f94e1b7b0ae412670ae7524ec3d79432a85. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0cfe6508ff25fc7b73c15750cda72f94e1b7b0ae412670ae7524ec3d79432a85
SHA3-384 hash: 02c93a2351fc2a5753f06fa2e2047851ecf723f9e6be4d2cfc170b044894f5b69a75b063eb91cf406f2f5874f03aaf77
SHA1 hash: 69ae0109e366f2bdf03646f74b3575ec7ac8bafb
MD5 hash: 285f5bbc1d45271c89d13fb0c5eeb807
humanhash: seven-indigo-washington-beryllium
File name:sl
Download: download sample
File size:690 bytes
First seen:2025-12-21 15:14:08 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:fC1lAW1c2HCxAW4CBAVUhC9ARU0fCnZA2JtVlC1LAMB/6CJAeTfC:61aW1HiGWT2WIiRU06n+2Hu10MBROWfC
TLSH T15C01214E030A3D2F515EA4797A7213E5B252FB093B163569FC47C076D1C95A09F20179
Magika batch
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.BV.Downloader-AEH.35933934.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/6948133b84afa5547b5b6eaf/reports/25954a85-bb23-4e20-bd24-e8dc38872e86/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/0cfe6508ff25fc7b73c15750cda72f94e1b7b0ae412670ae7524ec3d79432a85
Verdict:
Malicious
File Type:
text
First seen:
2025-12-21T13:47:00Z UTC
Last seen:
2025-12-21T15:02:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/0cfe6508ff25fc7b73c15750cda72f94e1b7b0ae412670ae7524ec3d79432a85/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/847b0015-641f-43a3-b30a-2e18516a0ff9
Behavior Graph:
Download SVG
%3 guuid=4688ec1f-1a00-0000-7ff4-d3bb0e0b0000 pid=2830 /usr/bin/sudo guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833 /tmp/sample.bin guuid=4688ec1f-1a00-0000-7ff4-d3bb0e0b0000 pid=2830->guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833 execve guuid=ca5fb423-1a00-0000-7ff4-d3bb150b0000 pid=2837 /usr/bin/chmod guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=ca5fb423-1a00-0000-7ff4-d3bb150b0000 pid=2837 execve guuid=45266d24-1a00-0000-7ff4-d3bb180b0000 pid=2840 /usr/bin/dash guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=45266d24-1a00-0000-7ff4-d3bb180b0000 pid=2840 clone guuid=62c57924-1a00-0000-7ff4-d3bb190b0000 pid=2841 /usr/bin/rm guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=62c57924-1a00-0000-7ff4-d3bb190b0000 pid=2841 execve guuid=d4d7d524-1a00-0000-7ff4-d3bb1b0b0000 pid=2843 /usr/bin/chmod guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=d4d7d524-1a00-0000-7ff4-d3bb1b0b0000 pid=2843 execve guuid=39d63225-1a00-0000-7ff4-d3bb1c0b0000 pid=2844 /usr/bin/dash guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=39d63225-1a00-0000-7ff4-d3bb1c0b0000 pid=2844 clone guuid=649a4d25-1a00-0000-7ff4-d3bb1d0b0000 pid=2845 /usr/bin/rm guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=649a4d25-1a00-0000-7ff4-d3bb1d0b0000 pid=2845 execve guuid=99fac625-1a00-0000-7ff4-d3bb1f0b0000 pid=2847 /usr/bin/chmod guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=99fac625-1a00-0000-7ff4-d3bb1f0b0000 pid=2847 execve guuid=0c507126-1a00-0000-7ff4-d3bb200b0000 pid=2848 /usr/bin/dash guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=0c507126-1a00-0000-7ff4-d3bb200b0000 pid=2848 clone guuid=4fc08226-1a00-0000-7ff4-d3bb210b0000 pid=2849 /usr/bin/rm guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=4fc08226-1a00-0000-7ff4-d3bb210b0000 pid=2849 execve guuid=ce26fe26-1a00-0000-7ff4-d3bb220b0000 pid=2850 /usr/bin/chmod guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=ce26fe26-1a00-0000-7ff4-d3bb220b0000 pid=2850 execve guuid=6ddf7427-1a00-0000-7ff4-d3bb240b0000 pid=2852 /usr/bin/dash guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=6ddf7427-1a00-0000-7ff4-d3bb240b0000 pid=2852 clone guuid=b9e47c27-1a00-0000-7ff4-d3bb250b0000 pid=2853 /usr/bin/rm guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=b9e47c27-1a00-0000-7ff4-d3bb250b0000 pid=2853 execve guuid=6297c427-1a00-0000-7ff4-d3bb270b0000 pid=2855 /usr/bin/chmod guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=6297c427-1a00-0000-7ff4-d3bb270b0000 pid=2855 execve guuid=42432028-1a00-0000-7ff4-d3bb290b0000 pid=2857 /usr/bin/dash guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=42432028-1a00-0000-7ff4-d3bb290b0000 pid=2857 clone guuid=f0044728-1a00-0000-7ff4-d3bb2b0b0000 pid=2859 /usr/bin/rm guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=f0044728-1a00-0000-7ff4-d3bb2b0b0000 pid=2859 execve guuid=99269628-1a00-0000-7ff4-d3bb2d0b0000 pid=2861 /usr/bin/chmod guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=99269628-1a00-0000-7ff4-d3bb2d0b0000 pid=2861 execve guuid=881feb28-1a00-0000-7ff4-d3bb2f0b0000 pid=2863 /usr/bin/dash guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=881feb28-1a00-0000-7ff4-d3bb2f0b0000 pid=2863 clone guuid=77c40429-1a00-0000-7ff4-d3bb300b0000 pid=2864 /usr/bin/rm guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=77c40429-1a00-0000-7ff4-d3bb300b0000 pid=2864 execve guuid=4a0f4229-1a00-0000-7ff4-d3bb320b0000 pid=2866 /usr/bin/chmod guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=4a0f4229-1a00-0000-7ff4-d3bb320b0000 pid=2866 execve guuid=82557f29-1a00-0000-7ff4-d3bb330b0000 pid=2867 /usr/bin/dash guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=82557f29-1a00-0000-7ff4-d3bb330b0000 pid=2867 clone guuid=a7cc8d29-1a00-0000-7ff4-d3bb340b0000 pid=2868 /usr/bin/rm guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=a7cc8d29-1a00-0000-7ff4-d3bb340b0000 pid=2868 execve guuid=810fce29-1a00-0000-7ff4-d3bb350b0000 pid=2869 /usr/bin/rm guuid=fe5a0123-1a00-0000-7ff4-d3bb110b0000 pid=2833->guuid=810fce29-1a00-0000-7ff4-d3bb350b0000 pid=2869 execve
Score:
73%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/0cfe6508ff25fc7b73c15750cda72f94e1b7b0ae412670ae7524ec3d79432a85
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0cfe6508ff25fc7b73c15750cda72f94e1b7b0ae412670ae7524ec3d79432a85/
Threat name:
Script-Shell.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-21 15:33:29 UTC
File Type:
Text (Shell)
AV detection:
5 of 24 (20.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bt7gkch7ex6hw46bk5im3jzpstq3pmfoiethbltvetwd26kdfkcq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251223-lmmxpasjhz/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0cfe6508ff25fc7b73c15750cda72f94e1b7b0ae412670ae7524ec3d79432a85

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 0cfe6508ff25fc7b73c15750cda72f94e1b7b0ae412670ae7524ec3d79432a85

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3739334/
  
Delivery method
Distributed via web download

Comments