MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 16d3440fcc067823afc44dcbccea9fbbc2f8c68ae53b7aea45f9adff4c127086. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Prometei


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 16d3440fcc067823afc44dcbccea9fbbc2f8c68ae53b7aea45f9adff4c127086
SHA3-384 hash: f29c11d2ab61d98e825a150ba1dc5c26270e576eeb297a58d0048b06e2365437891b0d16f2c15e483a0f9f000ba344de
SHA1 hash: 5f5513cc9d27869226e3114da5dc2ea469f0235f
MD5 hash: 46417df5ca3c26f4991cc10e7ee5dc1f
humanhash: carbon-violet-east-fish
File name:16d3440fcc067823afc44dcbccea9fbbc2f8c68ae53b7aea45f9adff4c127086
Download: download sample
Signature Prometei
Create hunting rule
File size:1'186 bytes
First seen:2026-06-14 03:40:17 UTC
Last seen:2026-06-14 18:55:16 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:4ud1jvF3dudpRduJinDSx1wyx1+u5C2uK6QuTzaH+2TQuTzuCI2m2p4nKTNXT5eK:4uddudpRduJiny1wO1+uA2uK6QuTu+2J
TLSH T1CC21798EA761DA3424DDD914F7F14A3D6A72B2561C127812308731FCE5ED29033A8C76
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter c2hunter
Tags:Prometei sh wraith

Intelligence

File Origin
# of uploads :
4
# of downloads :
78
Origin country :
US US
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6a2e22b8554e843ff86b0623/reports/9fba8193-f493-406b-8225-f6341ae7f47e/overview
Verdict:
Clean
File Type:
unix shell
Link:
https://opentip.kaspersky.com/16d3440fcc067823afc44dcbccea9fbbc2f8c68ae53b7aea45f9adff4c127086/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/17e5324d-f94f-4ba8-b8ac-127a455c29d4
Behavior Graph:
Download SVG
%3 guuid=26f025ff-1800-0000-d34a-d7115b0d0000 pid=3419 /usr/bin/sudo guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429 /tmp/sample.bin guuid=26f025ff-1800-0000-d34a-d7115b0d0000 pid=3419->guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429 execve guuid=dafac502-1900-0000-d34a-d711680d0000 pid=3432 /usr/bin/systemctl guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=dafac502-1900-0000-d34a-d711680d0000 pid=3432 execve guuid=ec52f204-1900-0000-d34a-d711700d0000 pid=3440 /usr/bin/systemctl guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=ec52f204-1900-0000-d34a-d711700d0000 pid=3440 execve guuid=e87d5f06-1900-0000-d34a-d711740d0000 pid=3444 /usr/bin/chattr guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=e87d5f06-1900-0000-d34a-d711740d0000 pid=3444 execve guuid=1d950e07-1900-0000-d34a-d711780d0000 pid=3448 /usr/bin/chattr guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=1d950e07-1900-0000-d34a-d711780d0000 pid=3448 execve guuid=7b516707-1900-0000-d34a-d7117a0d0000 pid=3450 /usr/bin/chattr guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=7b516707-1900-0000-d34a-d7117a0d0000 pid=3450 execve guuid=88a1c407-1900-0000-d34a-d7117c0d0000 pid=3452 /usr/bin/chattr guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=88a1c407-1900-0000-d34a-d7117c0d0000 pid=3452 execve guuid=39618808-1900-0000-d34a-d711800d0000 pid=3456 /usr/bin/grep write-file guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=39618808-1900-0000-d34a-d711800d0000 pid=3456 execve guuid=97aa0609-1900-0000-d34a-d711830d0000 pid=3459 /usr/bin/mv guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=97aa0609-1900-0000-d34a-d711830d0000 pid=3459 execve guuid=84f06f09-1900-0000-d34a-d711850d0000 pid=3461 /usr/bin/chattr guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=84f06f09-1900-0000-d34a-d711850d0000 pid=3461 execve guuid=3911b209-1900-0000-d34a-d711870d0000 pid=3463 /usr/bin/grep write-file guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=3911b209-1900-0000-d34a-d711870d0000 pid=3463 execve guuid=3d62290a-1900-0000-d34a-d7118a0d0000 pid=3466 /usr/bin/mv guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=3d62290a-1900-0000-d34a-d7118a0d0000 pid=3466 execve guuid=7209af0a-1900-0000-d34a-d7118c0d0000 pid=3468 /usr/bin/chattr guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=7209af0a-1900-0000-d34a-d7118c0d0000 pid=3468 execve guuid=ab4a060b-1900-0000-d34a-d7118e0d0000 pid=3470 /usr/bin/grep write-file guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=ab4a060b-1900-0000-d34a-d7118e0d0000 pid=3470 execve guuid=40e0850b-1900-0000-d34a-d711900d0000 pid=3472 /usr/bin/mv guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=40e0850b-1900-0000-d34a-d711900d0000 pid=3472 execve guuid=1340f00b-1900-0000-d34a-d711930d0000 pid=3475 /usr/bin/chattr guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=1340f00b-1900-0000-d34a-d711930d0000 pid=3475 execve guuid=2f104a0c-1900-0000-d34a-d711950d0000 pid=3477 /usr/bin/chattr guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=2f104a0c-1900-0000-d34a-d711950d0000 pid=3477 execve guuid=7ccfaa0c-1900-0000-d34a-d711970d0000 pid=3479 /usr/bin/grep write-file guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=7ccfaa0c-1900-0000-d34a-d711970d0000 pid=3479 execve guuid=28c2400d-1900-0000-d34a-d7119a0d0000 pid=3482 /usr/bin/mv guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=28c2400d-1900-0000-d34a-d7119a0d0000 pid=3482 execve guuid=178a9f0d-1900-0000-d34a-d7119c0d0000 pid=3484 /usr/bin/chattr guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=178a9f0d-1900-0000-d34a-d7119c0d0000 pid=3484 execve guuid=8f4aea0d-1900-0000-d34a-d7119f0d0000 pid=3487 /usr/bin/chattr guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=8f4aea0d-1900-0000-d34a-d7119f0d0000 pid=3487 execve guuid=d596380e-1900-0000-d34a-d711a10d0000 pid=3489 /usr/bin/chattr guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=d596380e-1900-0000-d34a-d711a10d0000 pid=3489 execve guuid=34e2790e-1900-0000-d34a-d711a30d0000 pid=3491 /usr/bin/grep write-file guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=34e2790e-1900-0000-d34a-d711a30d0000 pid=3491 execve guuid=def0db0e-1900-0000-d34a-d711a50d0000 pid=3493 /usr/bin/mv guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=def0db0e-1900-0000-d34a-d711a50d0000 pid=3493 execve guuid=4cd9350f-1900-0000-d34a-d711a70d0000 pid=3495 /usr/bin/chattr guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=4cd9350f-1900-0000-d34a-d711a70d0000 pid=3495 execve guuid=343a750f-1900-0000-d34a-d711a90d0000 pid=3497 /usr/bin/grep guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=343a750f-1900-0000-d34a-d711a90d0000 pid=3497 execve guuid=ca0ec10f-1900-0000-d34a-d711aa0d0000 pid=3498 /usr/bin/mv guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=ca0ec10f-1900-0000-d34a-d711aa0d0000 pid=3498 execve guuid=a55a1f10-1900-0000-d34a-d711ac0d0000 pid=3500 /usr/bin/bash guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=a55a1f10-1900-0000-d34a-d711ac0d0000 pid=3500 clone guuid=19423510-1900-0000-d34a-d711ad0d0000 pid=3501 /usr/bin/bash guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=19423510-1900-0000-d34a-d711ad0d0000 pid=3501 clone guuid=5f9e3c10-1900-0000-d34a-d711ae0d0000 pid=3502 /usr/bin/grep guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=5f9e3c10-1900-0000-d34a-d711ae0d0000 pid=3502 execve guuid=af0f9610-1900-0000-d34a-d711b10d0000 pid=3505 /usr/bin/find guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=af0f9610-1900-0000-d34a-d711b10d0000 pid=3505 execve guuid=c3436c11-1900-0000-d34a-d711b60d0000 pid=3510 /usr/bin/bash guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=c3436c11-1900-0000-d34a-d711b60d0000 pid=3510 clone guuid=ad777511-1900-0000-d34a-d711b70d0000 pid=3511 /usr/bin/grep guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=ad777511-1900-0000-d34a-d711b70d0000 pid=3511 execve guuid=c759f211-1900-0000-d34a-d711ba0d0000 pid=3514 /usr/bin/find guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=c759f211-1900-0000-d34a-d711ba0d0000 pid=3514 execve guuid=1621fd16-1900-0000-d34a-d711cd0d0000 pid=3533 /usr/bin/bash guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=1621fd16-1900-0000-d34a-d711cd0d0000 pid=3533 clone guuid=b2310917-1900-0000-d34a-d711ce0d0000 pid=3534 /usr/bin/grep guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=b2310917-1900-0000-d34a-d711ce0d0000 pid=3534 execve guuid=de9b5b17-1900-0000-d34a-d711d00d0000 pid=3536 /usr/bin/find guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=de9b5b17-1900-0000-d34a-d711d00d0000 pid=3536 execve guuid=e5e7f217-1900-0000-d34a-d711d30d0000 pid=3539 /usr/bin/bash guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=e5e7f217-1900-0000-d34a-d711d30d0000 pid=3539 clone guuid=3e500c18-1900-0000-d34a-d711d40d0000 pid=3540 /usr/bin/bash guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=3e500c18-1900-0000-d34a-d711d40d0000 pid=3540 clone guuid=e3181e18-1900-0000-d34a-d711d50d0000 pid=3541 /usr/bin/bash guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=e3181e18-1900-0000-d34a-d711d50d0000 pid=3541 clone guuid=deb24018-1900-0000-d34a-d711d70d0000 pid=3543 /usr/bin/pgrep guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=deb24018-1900-0000-d34a-d711d70d0000 pid=3543 execve guuid=602ad51a-1900-0000-d34a-d711dd0d0000 pid=3549 /usr/bin/pgrep guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=602ad51a-1900-0000-d34a-d711dd0d0000 pid=3549 execve guuid=a53a311d-1900-0000-d34a-d711e60d0000 pid=3558 /usr/bin/pgrep guuid=67300202-1900-0000-d34a-d711650d0000 pid=3429->guuid=a53a311d-1900-0000-d34a-d711e60d0000 pid=3558 execve guuid=3351e410-1900-0000-d34a-d711b30d0000 pid=3507 /usr/bin/rm delete-file guuid=af0f9610-1900-0000-d34a-d711b10d0000 pid=3505->guuid=3351e410-1900-0000-d34a-d711b30d0000 pid=3507 execve guuid=16f34012-1900-0000-d34a-d711bc0d0000 pid=3516 /usr/bin/rm delete-file guuid=c759f211-1900-0000-d34a-d711ba0d0000 pid=3514->guuid=16f34012-1900-0000-d34a-d711bc0d0000 pid=3516 execve
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/16d3440fcc067823afc44dcbccea9fbbc2f8c68ae53b7aea45f9adff4c127086
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/16d3440fcc067823afc44dcbccea9fbbc2f8c68ae53b7aea45f9adff4c127086/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/16d3440fcc067823afc44dcbccea9fbbc2f8c68ae53b7aea45f9adff4c127086
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c3juid6maz4chl6ejxf4z2u7xpbprruk4u5xv2sf7gw76tasocda._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery linux persistence
Link:
https://tria.ge/reports/260614-d8jhdsbs9w/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
Reads CPU attributes
Attempts to change immutable files
Enumerates running processes
Write file to user bin folder
Writes file to system bin folder
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/16d3440fcc067823afc44dcbccea9fbbc2f8c68ae53b7aea45f9adff4c127086

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments