MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d
SHA3-384 hash:	5d1cf093ee341e31fe1049a3885813e84261de1d42b36161b20663838be4866ddca1672719ac9a458e3622e1d0bb89b8
SHA1 hash:	f29a208ca5ab2d3eb1e3580cd9d7d4600af650d6
MD5 hash:	fecfb6091ccd380f6eeafb9d2f085008
humanhash:	fillet-bulldog-fillet-lactose
File name:	gpon
Download:	download sample
File size:	500 bytes
First seen:	2026-02-07 14:20:29 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	12:sjRf+XEC08ShjSr1q+3qQyFORQsqC6hCHWR3z8:cRf+XIYrckRQsm3z8
TLSH	T161F0B4FD135E167E8A88412FD128DAF83F45A096C0826637316D51A20AAE60DAA01B58
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	sh

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/69875163981ff1d38a4c5083/reports/336a09c6-4ead-432d-918e-19b090564744/overview

Verdict:

Malicious

Labled as:

Bash.MiraiB.Generic

Link:

https://www.hybrid-analysis.com/sample/12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d

Result

Gathering data

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/b423a588-3067-4284-a9e4-2772fefbbae4

Score:

67%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d/

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d

Threat name:

Script-Shell.Malware.MiraiB

Status:

Malicious

First seen:

2026-02-07 14:14:17 UTC

File Type:

Text (Shell)

AV detection:

4 of 36 (11.11%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=clz5eament4wpy7jcuztuh52vcs4hcoe43bdw4e5szee5tucba6q._file

Result

Malware family:

n/a

Score:

4/10

Tags:

antivm discovery linux

Link:

https://tria.ge/reports/260207-r789bacv5e/

Behaviour

Reads runtime system information

Checks CPU configuration

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 12f3d201846cf967e3e915333a1fbaa8a5c389c4e6c23b709d96484ece82083d

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3773872/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample