MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e09f12fc5fd9a2ad9b0b34e909ceedef108a1fcab87b8abcbce923b2b42f93d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e09f12fc5fd9a2ad9b0b34e909ceedef108a1fcab87b8abcbce923b2b42f93d
SHA3-384 hash: 95f1653566cc24b87c285ba6bb6617ec96ea570aad63d8756deed960003db15efdfa055cc0fc4e247cc5062ac9e9086f
SHA1 hash: 88156d882a81ae6af326bd10c804ba6b2da6be86
MD5 hash: 78e5b7d1dc29bfe256f8c29fec1f555d
humanhash: fruit-oscar-nine-alabama
File name:run.sh
Download: download sample
File size:299 bytes
First seen:2026-02-24 14:24:01 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:SrusxtbZxLlmWkFbJZbXLWBL2eeutJBC+n:Ou+tbf57kJnbXaAeeutDC+n
TLSH T129E0CD48B135F7735571D3A95E82D55876F542116F163D0CC1F3049FDC52475B22CAB0
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://wzjc.ipwz.online/clientn/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/699dc138cd25bfe1dfd90f36/reports/4282fe6f-c697-4bb7-b630-8ee1183be079/overview
Verdict:
Suspicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/0e09f12fc5fd9a2ad9b0b34e909ceedef108a1fcab87b8abcbce923b2b42f93d
Verdict:
Clean
File Type:
unix shell
Link:
https://opentip.kaspersky.com/0e09f12fc5fd9a2ad9b0b34e909ceedef108a1fcab87b8abcbce923b2b42f93d/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/376f68c7-e11b-4a8a-bd22-04e9d9b044dc
Behavior Graph:
Download SVG
%3 guuid=b09be2fb-1600-0000-db30-bef90a0d0000 pid=3338 /usr/bin/sudo guuid=5c4259fe-1600-0000-db30-bef9120d0000 pid=3346 /tmp/sample.bin guuid=b09be2fb-1600-0000-db30-bef90a0d0000 pid=3338->guuid=5c4259fe-1600-0000-db30-bef9120d0000 pid=3346 execve guuid=24eff6fe-1600-0000-db30-bef9170d0000 pid=3351 /usr/bin/wget dns net send-data write-file guuid=5c4259fe-1600-0000-db30-bef9120d0000 pid=3346->guuid=24eff6fe-1600-0000-db30-bef9170d0000 pid=3351 execve guuid=ba73356e-1700-0000-db30-bef9060e0000 pid=3590 /usr/bin/chmod guuid=5c4259fe-1600-0000-db30-bef9120d0000 pid=3346->guuid=ba73356e-1700-0000-db30-bef9060e0000 pid=3590 execve guuid=d13b736e-1700-0000-db30-bef9080e0000 pid=3592 /home/sandbox/client guuid=5c4259fe-1600-0000-db30-bef9120d0000 pid=3346->guuid=d13b736e-1700-0000-db30-bef9080e0000 pid=3592 execve guuid=f7e2b971-1700-0000-db30-bef9130e0000 pid=3603 /usr/bin/rm delete-file guuid=5c4259fe-1600-0000-db30-bef9120d0000 pid=3346->guuid=f7e2b971-1700-0000-db30-bef9130e0000 pid=3603 execve 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=24eff6fe-1600-0000-db30-bef9170d0000 pid=3351->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 68B b73b0413-a906-5e3f-a5f2-8408d3f744f4 wzjc.ipwz.online:0 guuid=24eff6fe-1600-0000-db30-bef9170d0000 pid=3351->b73b0413-a906-5e3f-a5f2-8408d3f744f4 con 4d2a13d0-4d1a-5053-9dde-313fc10bc2d2 wzjc.ipwz.online:80 guuid=24eff6fe-1600-0000-db30-bef9170d0000 pid=3351->4d2a13d0-4d1a-5053-9dde-313fc10bc2d2 send: 137B 21c23bd7-033a-5e99-abd5-6bfa3356f815 wzjc.ipwz.online:443 guuid=24eff6fe-1600-0000-db30-bef9170d0000 pid=3351->21c23bd7-033a-5e99-abd5-6bfa3356f815 send: 756B
Score:
23%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/0e09f12fc5fd9a2ad9b0b34e909ceedef108a1fcab87b8abcbce923b2b42f93d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0e09f12fc5fd9a2ad9b0b34e909ceedef108a1fcab87b8abcbce923b2b42f93d/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/0e09f12fc5fd9a2ad9b0b34e909ceedef108a1fcab87b8abcbce923b2b42f93d
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bye7cl6f7wncvwnqwnhjbhho33yqrip4vod3rk6lz2jdwk2c7e6q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260224-spqjxscw6h/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/0e09f12fc5fd9a2ad9b0b34e909ceedef108a1fcab87b8abcbce923b2b42f93d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 0e09f12fc5fd9a2ad9b0b34e909ceedef108a1fcab87b8abcbce923b2b42f93d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3783687/
  
Delivery method
Distributed via web download

Comments