MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 1974e109c61e2b781604b79854fa6471e1b1f02019814256d3bbbc07b002e53e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 7
| SHA256 hash: | 1974e109c61e2b781604b79854fa6471e1b1f02019814256d3bbbc07b002e53e |
|---|---|
| SHA3-384 hash: | 388dc450cfe737e0f4821be0e0f7ac0884ee0c420bd0a0d41bc35849163dbbc9b74cb34eef2934eea33fb56c08cfd9b3 |
| SHA1 hash: | 20e3a786a47f023466e6291781cd15cb1213d448 |
| MD5 hash: | c45751a661015470f253bca1b9a36e22 |
| humanhash: | autumn-massachusetts-aspen-robert |
| File name: | 4thepool_miner.sh |
| Download: | download sample |
| File size: | 23'408 bytes |
| First seen: | 2026-04-27 00:49:13 UTC |
| Last seen: | Never |
| File type: | sh |
| MIME type: | text/x-shellscript |
| ssdeep | 384:hOUS1SKKJW78zTxR0Q/+c7+F68gHdVf+0+0tSJyqeW1VTed0:wUS1SxJW78fJN7+F6thqyqeW1Jee |
| TLSH | T18DB2D822524536B6220E45B8D897A0402A67106B411C393CB6DEB7487F6CFAC73FF7B6 |
| TrID | 70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1) |
| Magika | shell |
| Reporter | |
| Tags: | sh |
Intelligence
File Origin
# of uploads :
1
# of downloads :
46
Origin country :
DEVendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
busybox coinminer miner virus
Verdict:
Adware
File Type:
unix shell
First seen:
2026-04-19T01:37:00Z UTC
Last seen:
2026-04-19T06:30:00Z UTC
Hits:
~10
Detections:
not-a-virus:HEUR:Downloader.Shell.Miner.a
Status:
terminated
Behavior Graph:
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Verdict:
Malicious
Threat:
Family.XMRIG
Threat name:
Linux.Trojan.Generic
Status:
Suspicious
First seen:
2026-04-19 06:31:03 UTC
File Type:
Text (Shell)
AV detection:
8 of 36 (22.22%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
7/10
Tags:
antivm defense_evasion discovery linux privilege_escalation
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Remote System Discovery
System Network Configuration Discovery
Checks CPU configuration
Reads CPU attributes
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Enumerates running processes
Writes DNS configuration
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh 1974e109c61e2b781604b79854fa6471e1b1f02019814256d3bbbc07b002e53e
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.