MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a
SHA3-384 hash: bb6a865087537333f56507c46c2a28706cf8a535d10a1b9fb3243721d02627d8c2ca93b70a2714a4e5297d3ebf1957e0
SHA1 hash: 4fed54d88f919c675ee2f575f70698a8d3649287
MD5 hash: d761a6a7ae9f2254bd81ac234033a8b8
humanhash: florida-winner-delaware-romeo
File name:QGKJPg-gHR5Q43Kt6GATFGgDa_B1SZpimbgZA0eXdZxo.sh
Download: download sample
File size:17'592 bytes
First seen:2026-03-21 12:58:32 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 384:tJRfIaEkaBSVQD8Pj/EnfjGgatHkBBIBtrrYIU2/2glBU46z++622JMwjaj/J:1fIadaYVQQPrEnfjVMx2gV/+N0+
TLSH T109825B13EF222E726F6AE8B44ADF4AD59E2D474A14711CA8F01DE4E91F70970A0F50BD
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter JAMESWT_WT
Tags:scan-aquasecurtiy-org sh socketusercontent-com

Intelligence

File Origin
# of uploads :
1
# of downloads :
49
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69be96244ec2f522cc51f85b/reports/19f428a2-2811-4259-9a30-b69c4bc7bcd9/overview
Verdict:
Malicious
File Type:
unix shell
Link:
https://opentip.kaspersky.com/18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/acdf4464-ab2d-46b3-a6c7-6e15adc4710e
Behavior Graph:
Download SVG
%3 guuid=8ca4c24e-1800-0000-9508-eb5ce90c0000 pid=3305 /usr/bin/sudo guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313 /tmp/sample.bin guuid=8ca4c24e-1800-0000-9508-eb5ce90c0000 pid=3305->guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313 execve guuid=bba93451-1800-0000-9508-eb5cf20c0000 pid=3314 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=bba93451-1800-0000-9508-eb5cf20c0000 pid=3314 clone guuid=a41bcc55-1800-0000-9508-eb5cfb0c0000 pid=3323 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=a41bcc55-1800-0000-9508-eb5cfb0c0000 pid=3323 clone guuid=9ea1635b-1800-0000-9508-eb5cfd0c0000 pid=3325 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=9ea1635b-1800-0000-9508-eb5cfd0c0000 pid=3325 clone guuid=7a81f15f-1800-0000-9508-eb5c040d0000 pid=3332 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=7a81f15f-1800-0000-9508-eb5c040d0000 pid=3332 clone guuid=ac87dd62-1800-0000-9508-eb5c0d0d0000 pid=3341 /usr/bin/tr guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=ac87dd62-1800-0000-9508-eb5c0d0d0000 pid=3341 execve guuid=7eb85e63-1800-0000-9508-eb5c0e0d0000 pid=3342 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=7eb85e63-1800-0000-9508-eb5c0e0d0000 pid=3342 clone guuid=7cbf6763-1800-0000-9508-eb5c0f0d0000 pid=3343 /usr/bin/grep guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=7cbf6763-1800-0000-9508-eb5c0f0d0000 pid=3343 execve guuid=51f91364-1800-0000-9508-eb5c100d0000 pid=3344 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=51f91364-1800-0000-9508-eb5c100d0000 pid=3344 clone guuid=99442364-1800-0000-9508-eb5c110d0000 pid=3345 /usr/bin/grep guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=99442364-1800-0000-9508-eb5c110d0000 pid=3345 execve guuid=12649864-1800-0000-9508-eb5c130d0000 pid=3347 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=12649864-1800-0000-9508-eb5c130d0000 pid=3347 clone guuid=7249ac64-1800-0000-9508-eb5c140d0000 pid=3348 /usr/bin/grep guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=7249ac64-1800-0000-9508-eb5c140d0000 pid=3348 execve guuid=c6ee0465-1800-0000-9508-eb5c160d0000 pid=3350 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=c6ee0465-1800-0000-9508-eb5c160d0000 pid=3350 clone guuid=f27b1465-1800-0000-9508-eb5c170d0000 pid=3351 /usr/bin/grep guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=f27b1465-1800-0000-9508-eb5c170d0000 pid=3351 execve guuid=2760a765-1800-0000-9508-eb5c190d0000 pid=3353 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=2760a765-1800-0000-9508-eb5c190d0000 pid=3353 clone guuid=794eba65-1800-0000-9508-eb5c1a0d0000 pid=3354 /usr/bin/grep guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=794eba65-1800-0000-9508-eb5c1a0d0000 pid=3354 execve guuid=97e51666-1800-0000-9508-eb5c1c0d0000 pid=3356 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=97e51666-1800-0000-9508-eb5c1c0d0000 pid=3356 clone guuid=57532a66-1800-0000-9508-eb5c1d0d0000 pid=3357 /usr/bin/grep guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=57532a66-1800-0000-9508-eb5c1d0d0000 pid=3357 execve guuid=bef18266-1800-0000-9508-eb5c1f0d0000 pid=3359 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=bef18266-1800-0000-9508-eb5c1f0d0000 pid=3359 clone guuid=f8689966-1800-0000-9508-eb5c200d0000 pid=3360 /usr/bin/grep guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=f8689966-1800-0000-9508-eb5c200d0000 pid=3360 execve guuid=00483767-1800-0000-9508-eb5c230d0000 pid=3363 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=00483767-1800-0000-9508-eb5c230d0000 pid=3363 clone guuid=9e4c4667-1800-0000-9508-eb5c240d0000 pid=3364 /usr/bin/grep guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=9e4c4667-1800-0000-9508-eb5c240d0000 pid=3364 execve guuid=cd2ed267-1800-0000-9508-eb5c250d0000 pid=3365 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=cd2ed267-1800-0000-9508-eb5c250d0000 pid=3365 clone guuid=bca4dd67-1800-0000-9508-eb5c270d0000 pid=3367 /usr/bin/grep guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=bca4dd67-1800-0000-9508-eb5c270d0000 pid=3367 execve guuid=1de93768-1800-0000-9508-eb5c290d0000 pid=3369 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=1de93768-1800-0000-9508-eb5c290d0000 pid=3369 clone guuid=e3564668-1800-0000-9508-eb5c2a0d0000 pid=3370 /usr/bin/grep guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=e3564668-1800-0000-9508-eb5c2a0d0000 pid=3370 execve guuid=c0799868-1800-0000-9508-eb5c2c0d0000 pid=3372 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=c0799868-1800-0000-9508-eb5c2c0d0000 pid=3372 clone guuid=55b2a368-1800-0000-9508-eb5c2e0d0000 pid=3374 /usr/bin/grep guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=55b2a368-1800-0000-9508-eb5c2e0d0000 pid=3374 execve guuid=d796f868-1800-0000-9508-eb5c300d0000 pid=3376 /usr/bin/bash guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=d796f868-1800-0000-9508-eb5c300d0000 pid=3376 clone guuid=029aff68-1800-0000-9508-eb5c310d0000 pid=3377 /usr/bin/grep guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=029aff68-1800-0000-9508-eb5c310d0000 pid=3377 execve guuid=eaa96469-1800-0000-9508-eb5c330d0000 pid=3379 /usr/bin/uname guuid=b18a7c50-1800-0000-9508-eb5cf10c0000 pid=3313->guuid=eaa96469-1800-0000-9508-eb5c330d0000 pid=3379 execve guuid=f7745951-1800-0000-9508-eb5cf30c0000 pid=3315 /usr/bin/pgrep guuid=bba93451-1800-0000-9508-eb5cf20c0000 pid=3314->guuid=f7745951-1800-0000-9508-eb5cf30c0000 pid=3315 execve guuid=0b27db55-1800-0000-9508-eb5cfc0c0000 pid=3324 /usr/bin/pgrep guuid=a41bcc55-1800-0000-9508-eb5cfb0c0000 pid=3323->guuid=0b27db55-1800-0000-9508-eb5cfc0c0000 pid=3324 execve guuid=77a7775b-1800-0000-9508-eb5cfe0c0000 pid=3326 /usr/bin/pgrep guuid=9ea1635b-1800-0000-9508-eb5cfd0c0000 pid=3325->guuid=77a7775b-1800-0000-9508-eb5cfe0c0000 pid=3326 execve guuid=214dfe5f-1800-0000-9508-eb5c050d0000 pid=3333 /usr/bin/pgrep guuid=7a81f15f-1800-0000-9508-eb5c040d0000 pid=3332->guuid=214dfe5f-1800-0000-9508-eb5c050d0000 pid=3333 execve
Score:
22%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a/
Verdict:
Malicious
Threat:
Trojan-PSW.Shell.Agent
Link:
https://tip.neiki.dev/file/18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a
Threat name:
Win32.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2026-03-21 01:07:24 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dcre7a7ia5dziog4vn5bqbgfdianv7a5kjtjrjtoazandzo5m4na._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery linux
Link:
https://tria.ge/reports/260321-p77dlsgt3n/
Behaviour
Reads runtime system information
Writes file to tmp directory
Reads CPU attributes
Enumerates running processes
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
CloudDuke
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/18a24f83e807479438dcab7a1804c51a00dafc1d526698a66e0640d1e5dd671a

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments