MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c7dc921cf45fb255a9e7a0e0aec6ea30bfc5f2a3fe110c72ee00de7817f5913. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA 1 File information Comments

SHA256 hash: 1c7dc921cf45fb255a9e7a0e0aec6ea30bfc5f2a3fe110c72ee00de7817f5913
SHA3-384 hash: e40cca40bd43d884575eae8c9af55538b3bce4557c957a4cfdd4fa777def60ffaf0db3d41c21a9ba93d9c01c3f59ff46
SHA1 hash: 0164bd2a3ab78c66c37ac414f378d6c08d0253ce
MD5 hash: 2f706766dfec19de9a341724554e0eaf
humanhash: texas-nine-minnesota-mockingbird
File name:o.xml
Download: download sample
File size:712 bytes
First seen:2026-07-04 18:50:00 UTC
Last seen:2026-07-05 13:31:20 UTC
File type:
MIME type:text/plain
ssdeep 12:FH8ioNJAC7ukxGWi2jU30+0K5+A+QEjf+k2lkPxh4ZhG+E6:FH8j/wWi2jz8IfF2SZhq
TLSH T17B0149CE91A9CA4106B4C485F6B9D449D4914083E1F6ABC6F28E4D33EF6694E386320D
Magika xml
Reporter abuse_ch
Tags:xml

Intelligence


File Origin
# of uploads :
1'096
# of downloads :
0
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Gathering data
Threat name:
Script.Trojan.Heuristic
Status:
Malicious
First seen:
2026-07-05 08:01:00 UTC
File Type:
Text
AV detection:
6 of 36 (16.67%)
Threat level:
  2/5
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

1c7dc921cf45fb255a9e7a0e0aec6ea30bfc5f2a3fe110c72ee00de7817f5913

(this sample)

  
Delivery method
Distributed via web download

Comments