MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0fd1c492b37de5f252aa037dc2dbb2a148779e036f9cccdfab4d4b2825094717. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0fd1c492b37de5f252aa037dc2dbb2a148779e036f9cccdfab4d4b2825094717
SHA3-384 hash: a1bfc6366f611377daf38ca790ef24133d71a1aefbd0450a14530a24db51270ef8c8a3e8c9fd32eebc3ed41dc0df9378
SHA1 hash: a7af08869cf330559f1e990248b6f38f5243cb19
MD5 hash: 92a370c27a2a8702b8138d9750c826f9
humanhash: fruit-mirror-fanta-wolfram
File name:gpon.sh
Download: download sample
File size:417 bytes
First seen:2026-04-11 16:47:27 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:xLgLW4Mv+iFnT7vZsfuaIuOA9yDB2/vXUgoDu/oz+Q7ZYL4Tyr:OLWDvZWfIuz9yd2nXeDuim
TLSH T1C7E068D4209B04D680D81D5F72B7A408A9CA9B4ECD0A6FB8BCADB0A7A768E04D0C60C0
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.2243.24226.14050.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69da7b5d799d5bf325f7baa5/reports/d84c0b11-5da1-4c47-b97d-f120f77b9731/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2026-04-11T13:57:00Z UTC
Last seen:
2026-04-11T14:12:00Z UTC
Hits:
~10
Detections:
Trojan-Downloader.Shell.Agent.bi HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/0fd1c492b37de5f252aa037dc2dbb2a148779e036f9cccdfab4d4b2825094717/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/cce80d39-09a8-4c8b-8435-728dc61535e6
Behavior Graph:
Download SVG
%3 guuid=af6b28b3-1800-0000-8adc-b826460d0000 pid=3398 /usr/bin/sudo guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406 /tmp/sample.bin guuid=af6b28b3-1800-0000-8adc-b826460d0000 pid=3398->guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406 execve guuid=61796fb5-1800-0000-8adc-b826510d0000 pid=3409 /usr/bin/rm guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=61796fb5-1800-0000-8adc-b826510d0000 pid=3409 execve guuid=0c10e8b5-1800-0000-8adc-b826530d0000 pid=3411 /usr/bin/wget net send-data write-file guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=0c10e8b5-1800-0000-8adc-b826530d0000 pid=3411 execve guuid=bc411cbd-1800-0000-8adc-b8266d0d0000 pid=3437 /usr/bin/chmod guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=bc411cbd-1800-0000-8adc-b8266d0d0000 pid=3437 execve guuid=7c7656bd-1800-0000-8adc-b8266f0d0000 pid=3439 /usr/bin/dash guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=7c7656bd-1800-0000-8adc-b8266f0d0000 pid=3439 clone guuid=98a1cebd-1800-0000-8adc-b826730d0000 pid=3443 /usr/bin/wget net send-data write-file guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=98a1cebd-1800-0000-8adc-b826730d0000 pid=3443 execve guuid=708dadc3-1800-0000-8adc-b826830d0000 pid=3459 /usr/bin/chmod guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=708dadc3-1800-0000-8adc-b826830d0000 pid=3459 execve guuid=9434f4c3-1800-0000-8adc-b826850d0000 pid=3461 /usr/bin/dash guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=9434f4c3-1800-0000-8adc-b826850d0000 pid=3461 clone guuid=021495c4-1800-0000-8adc-b826890d0000 pid=3465 /usr/bin/wget net send-data guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=021495c4-1800-0000-8adc-b826890d0000 pid=3465 execve guuid=872af7c7-1800-0000-8adc-b826960d0000 pid=3478 /usr/bin/chmod guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=872af7c7-1800-0000-8adc-b826960d0000 pid=3478 execve guuid=dc5f3bc8-1800-0000-8adc-b826980d0000 pid=3480 /mnt/xdf guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=dc5f3bc8-1800-0000-8adc-b826980d0000 pid=3480 execve guuid=8f6801ca-1800-0000-8adc-b8269f0d0000 pid=3487 /usr/bin/wget net send-data write-file guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=8f6801ca-1800-0000-8adc-b8269f0d0000 pid=3487 execve guuid=d009a1cf-1800-0000-8adc-b826ac0d0000 pid=3500 /usr/bin/chmod guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=d009a1cf-1800-0000-8adc-b826ac0d0000 pid=3500 execve guuid=01ebdbcf-1800-0000-8adc-b826ad0d0000 pid=3501 /usr/bin/dash guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=01ebdbcf-1800-0000-8adc-b826ad0d0000 pid=3501 clone guuid=a54161d0-1800-0000-8adc-b826af0d0000 pid=3503 /usr/bin/wget net send-data write-file guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=a54161d0-1800-0000-8adc-b826af0d0000 pid=3503 execve guuid=cd0c38d5-1800-0000-8adc-b826b70d0000 pid=3511 /usr/bin/chmod guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=cd0c38d5-1800-0000-8adc-b826b70d0000 pid=3511 execve guuid=8ab982d5-1800-0000-8adc-b826b90d0000 pid=3513 /usr/bin/dash guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=8ab982d5-1800-0000-8adc-b826b90d0000 pid=3513 clone guuid=995711d6-1800-0000-8adc-b826bd0d0000 pid=3517 /usr/bin/wget net send-data write-file guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=995711d6-1800-0000-8adc-b826bd0d0000 pid=3517 execve guuid=98d42add-1800-0000-8adc-b826c90d0000 pid=3529 /usr/bin/chmod guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=98d42add-1800-0000-8adc-b826c90d0000 pid=3529 execve guuid=ea396fdd-1800-0000-8adc-b826ca0d0000 pid=3530 /usr/bin/dash guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=ea396fdd-1800-0000-8adc-b826ca0d0000 pid=3530 clone guuid=c39be6de-1800-0000-8adc-b826cf0d0000 pid=3535 /usr/bin/wget net send-data write-file guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=c39be6de-1800-0000-8adc-b826cf0d0000 pid=3535 execve guuid=0ec4cce4-1800-0000-8adc-b826da0d0000 pid=3546 /usr/bin/chmod guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=0ec4cce4-1800-0000-8adc-b826da0d0000 pid=3546 execve guuid=02850fe5-1800-0000-8adc-b826dc0d0000 pid=3548 /usr/bin/dash guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=02850fe5-1800-0000-8adc-b826dc0d0000 pid=3548 clone guuid=23549de5-1800-0000-8adc-b826df0d0000 pid=3551 /usr/bin/wget net send-data guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=23549de5-1800-0000-8adc-b826df0d0000 pid=3551 execve guuid=013558e8-1800-0000-8adc-b826e10d0000 pid=3553 /usr/bin/chmod guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=013558e8-1800-0000-8adc-b826e10d0000 pid=3553 execve guuid=1cd3a8e8-1800-0000-8adc-b826e20d0000 pid=3554 /mnt/xdf guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=1cd3a8e8-1800-0000-8adc-b826e20d0000 pid=3554 execve guuid=2aee7be9-1800-0000-8adc-b826e40d0000 pid=3556 /usr/bin/wget net send-data guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=2aee7be9-1800-0000-8adc-b826e40d0000 pid=3556 execve guuid=9a3a3bec-1800-0000-8adc-b826ea0d0000 pid=3562 /usr/bin/chmod guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=9a3a3bec-1800-0000-8adc-b826ea0d0000 pid=3562 execve guuid=9b0e7bec-1800-0000-8adc-b826ec0d0000 pid=3564 /mnt/xdf guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=9b0e7bec-1800-0000-8adc-b826ec0d0000 pid=3564 execve guuid=35e3cbed-1800-0000-8adc-b826f20d0000 pid=3570 /usr/bin/wget net send-data write-file guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=35e3cbed-1800-0000-8adc-b826f20d0000 pid=3570 execve guuid=304dfcf2-1800-0000-8adc-b826010e0000 pid=3585 /usr/bin/chmod guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=304dfcf2-1800-0000-8adc-b826010e0000 pid=3585 execve guuid=28333ff3-1800-0000-8adc-b826030e0000 pid=3587 /usr/bin/dash guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=28333ff3-1800-0000-8adc-b826030e0000 pid=3587 clone guuid=789af2f3-1800-0000-8adc-b826070e0000 pid=3591 /usr/bin/wget net send-data write-file guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=789af2f3-1800-0000-8adc-b826070e0000 pid=3591 execve guuid=ab3f1afa-1800-0000-8adc-b826180e0000 pid=3608 /usr/bin/chmod guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=ab3f1afa-1800-0000-8adc-b826180e0000 pid=3608 execve guuid=a08665fa-1800-0000-8adc-b8261a0e0000 pid=3610 /mnt/xdf dns net send-data guuid=b8f816b5-1800-0000-8adc-b8264e0d0000 pid=3406->guuid=a08665fa-1800-0000-8adc-b8261a0e0000 pid=3610 execve 6c41c2cd-8068-525f-9229-995adab0aeae 176.65.139.67:80 guuid=0c10e8b5-1800-0000-8adc-b826530d0000 pid=3411->6c41c2cd-8068-525f-9229-995adab0aeae send: 131B guuid=98a1cebd-1800-0000-8adc-b826730d0000 pid=3443->6c41c2cd-8068-525f-9229-995adab0aeae send: 132B guuid=021495c4-1800-0000-8adc-b826890d0000 pid=3465->6c41c2cd-8068-525f-9229-995adab0aeae send: 132B guuid=8f6801ca-1800-0000-8adc-b8269f0d0000 pid=3487->6c41c2cd-8068-525f-9229-995adab0aeae send: 132B guuid=a54161d0-1800-0000-8adc-b826af0d0000 pid=3503->6c41c2cd-8068-525f-9229-995adab0aeae send: 132B guuid=995711d6-1800-0000-8adc-b826bd0d0000 pid=3517->6c41c2cd-8068-525f-9229-995adab0aeae send: 132B guuid=c39be6de-1800-0000-8adc-b826cf0d0000 pid=3535->6c41c2cd-8068-525f-9229-995adab0aeae send: 132B guuid=23549de5-1800-0000-8adc-b826df0d0000 pid=3551->6c41c2cd-8068-525f-9229-995adab0aeae send: 134B guuid=2aee7be9-1800-0000-8adc-b826e40d0000 pid=3556->6c41c2cd-8068-525f-9229-995adab0aeae send: 133B guuid=35e3cbed-1800-0000-8adc-b826f20d0000 pid=3570->6c41c2cd-8068-525f-9229-995adab0aeae send: 131B guuid=789af2f3-1800-0000-8adc-b826070e0000 pid=3591->6c41c2cd-8068-525f-9229-995adab0aeae send: 134B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=a08665fa-1800-0000-8adc-b8261a0e0000 pid=3610->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 997a677b-e2e3-587d-b712-9bb3900e9b02 51.158.108.203:53 guuid=a08665fa-1800-0000-8adc-b8261a0e0000 pid=3610->997a677b-e2e3-587d-b712-9bb3900e9b02 send: 27B 315d4f61-2c97-504c-bcc1-76e61a3a22eb nordvm.cc:35342 guuid=a08665fa-1800-0000-8adc-b8261a0e0000 pid=3610->315d4f61-2c97-504c-bcc1-76e61a3a22eb send: 37B
Score:
64%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/0fd1c492b37de5f252aa037dc2dbb2a148779e036f9cccdfab4d4b2825094717
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0fd1c492b37de5f252aa037dc2dbb2a148779e036f9cccdfab4d4b2825094717/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/0fd1c492b37de5f252aa037dc2dbb2a148779e036f9cccdfab4d4b2825094717
Threat name:
Script-Shell.Downloader.MiraiB
Create hunting rule
Status:
Malicious
First seen:
2026-04-11 16:48:39 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=b7i4jevtpxs7euvkan64fw5sufehphqdn6omzx5ljvfsqjiji4lq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260411-vbb6gsfz6z/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0fd1c492b37de5f252aa037dc2dbb2a148779e036f9cccdfab4d4b2825094717

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 0fd1c492b37de5f252aa037dc2dbb2a148779e036f9cccdfab4d4b2825094717

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3815152/
  
Delivery method
Distributed via web download

Comments