MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1e39f54ccf939e53af6693923f00e1ed7529915429b72cd1115c1ffee63d9c4e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1e39f54ccf939e53af6693923f00e1ed7529915429b72cd1115c1ffee63d9c4e
SHA3-384 hash: 2ca22099c58eee14f324189e5f3680083b6b782aba2e9fac872839331bf68705587b7a8ec54624503e265cdf7348bfb1
SHA1 hash: ddca191e7c47328e2ed6a146db9e6e9c1a4e0667
MD5 hash: 6814f3196156db817355ad74c71453e9
humanhash: avocado-xray-wyoming-orange
File name:w
Download: download sample
File size:1'203 bytes
First seen:2026-02-02 18:25:01 UTC
Last seen:Never
File type:unknown
MIME type:text/plain
ssdeep 24:6VHIlVo5e5FIooVo38IoLVo6NIyhIouVot4KKIoqCVAMDIAUV9ZhZ7I9GVHIMVHN:EHIHnIhfIMNId9RIOAMDIAqXICHIiHIO
TLSH T16821E0DB00B75AF74AD8DE007C651922EC29DFE3213CFA089A8305757E8C380A13BB59
Magika batch
Reporter abuse_ch

Intelligence

File Origin
# of uploads :
1
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/1e39f54ccf939e53af6693923f00e1ed7529915429b72cd1115c1ffee63d9c4e
Result
Gathering data
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/1e39f54ccf939e53af6693923f00e1ed7529915429b72cd1115c1ffee63d9c4e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1e39f54ccf939e53af6693923f00e1ed7529915429b72cd1115c1ffee63d9c4e/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/1e39f54ccf939e53af6693923f00e1ed7529915429b72cd1115c1ffee63d9c4e
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=dy47ktgpsopfhl3gsojd6ahb5v2stekufg3szuirlqp75zr5trha._file
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

unknown 1e39f54ccf939e53af6693923f00e1ed7529915429b72cd1115c1ffee63d9c4e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3770827/
  
Delivery method
Distributed via web download

Comments