MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d
SHA3-384 hash: 5d1cf093ee341e31fe1049a3885813e84261de1d42b36161b20663838be4866ddca1672719ac9a458e3622e1d0bb89b8
SHA1 hash: f29a208ca5ab2d3eb1e3580cd9d7d4600af650d6
MD5 hash: fecfb6091ccd380f6eeafb9d2f085008
humanhash: fillet-bulldog-fillet-lactose
File name:gpon
Download: download sample
File size:500 bytes
First seen:2026-02-07 14:20:29 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:sjRf+XEC08ShjSr1q+3qQyFORQsqC6hCHWR3z8:cRf+XIYrckRQsm3z8
TLSH T161F0B4FD135E167E8A88412FD128DAF83F45A096C0826637316D51A20AAE60DAA01B58
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.1827.14057.17441.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69875163981ff1d38a4c5083/reports/336a09c6-4ead-432d-918e-19b090564744/overview
Verdict:
Malicious
Labled as:
Bash.MiraiB.Generic
Link:
https://www.hybrid-analysis.com/sample/12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-02-07T11:26:00Z UTC
Last seen:
2026-02-08T02:05:00Z UTC
Hits:
~10
Detections:
Trojan-Downloader.Shell.Agent.bi HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d/results?tab=lookup
Score:
67%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d
Threat name:
Win32.Trojan.MiraiB
Create hunting rule
Status:
Malicious
First seen:
2026-02-07 14:14:17 UTC
File Type:
Text (Shell)
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=clz5eament4wpy7jcuztuh52vcs4hcoe43bdw4e5szee5tucba6q._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
antivm discovery linux
Link:
https://tria.ge/reports/260207-r789bacv5e/
Behaviour
Reads runtime system information
Checks CPU configuration
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3773872/
  
Delivery method
Distributed via web download

Comments