MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 199b97e04e884a2c40bcf9882d29c793eaa2e636e738e6ba9d5ae617ac2d028c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 199b97e04e884a2c40bcf9882d29c793eaa2e636e738e6ba9d5ae617ac2d028c
SHA3-384 hash: 8773f8b4e19e5a359e99a03e2a49ca90858cb294d8b18b556ce7dd678d7aeb9e2528bfbbd39ac7f46df7ca08fedb9caa
SHA1 hash: aa92f765ad291620cb0a52ebc385ce472b29e9b8
MD5 hash: d04577c7d2fc9cf0bf673172487fb2eb
humanhash: golf-texas-bulldog-echo
File name:rshell.go
Download: download sample
File size:1'341 bytes
First seen:2025-09-09 06:38:52 UTC
Last seen:Never
File type:
MIME type:text/x-c
ssdeep 24:noYQUL3oek8L3zL6L3hZa6jNDrcAEGDBi84FdSlFyFwnQQIJIdnVxL3jNDrCFVBq:nokYueWmV5p4FdkyFWImBn1ea
TLSH T14C210156EB3D04820D4AA41E7C21E9A0BB5CD50FAC1F45C6FA2C71AD97A90C9E4BC6C7
Magika go
Reporter abuse_ch
Tags:go

Intelligence

File Origin
# of uploads :
1
# of downloads :
35
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
URLhaus.3620568.UNOFFICIAL
Create hunting rule

URLhaus.3620582.UNOFFICIAL
Create hunting rule

URLhaus.3620564.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68bfd88eb200525988791535
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/68bfcbdca1a41633174e2765/reports/60efc2a9-b99c-4c59-aec1-5344c4e6ca65/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/199b97e04e884a2c40bcf9882d29c793eaa2e636e738e6ba9d5ae617ac2d028c
Verdict:
Clean
File Type:
text
Link:
https://opentip.kaspersky.com/199b97e04e884a2c40bcf9882d29c793eaa2e636e738e6ba9d5ae617ac2d028c/results?tab=lookup
Score:
14%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/199b97e04e884a2c40bcf9882d29c793eaa2e636e738e6ba9d5ae617ac2d028c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/199b97e04e884a2c40bcf9882d29c793eaa2e636e738e6ba9d5ae617ac2d028c/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/199b97e04e884a2c40bcf9882d29c793eaa2e636e738e6ba9d5ae617ac2d028c
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-09-09 07:06:14 UTC
File Type:
Text (Go)
AV detection:
6 of 38 (15.79%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dgnzpycorbfcyqf47gec2kohspvkfzrw444onou5lltbplbnakga._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/199b97e04e884a2c40bcf9882d29c793eaa2e636e738e6ba9d5ae617ac2d028c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

199b97e04e884a2c40bcf9882d29c793eaa2e636e738e6ba9d5ae617ac2d028c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3620587/
  
Delivery method
Distributed via web download

Comments