MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 29b2bc580820f3e172803f1f4be3590b0ebd53493cdfd5bc38cdfe3a19f0bdf0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 29b2bc580820f3e172803f1f4be3590b0ebd53493cdfd5bc38cdfe3a19f0bdf0
SHA3-384 hash: 19c555f3e10d660b80426c0e2fbf926ce94337e87e3d6aad8f5ff64606edfbe050581cec2bc5a422426d823460f39870
SHA1 hash: 3d6a374e669b56f510cf50f06f557b17e08abf05
MD5 hash: d329cc9d087b38585c0f1b1d465b047d
humanhash: finch-cola-cat-muppet
File name:clean
Download: download sample
File size:1'196 bytes
First seen:2026-06-18 02:20:08 UTC
Last seen:2026-06-19 03:13:46 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:4ud1jvF3dudpRduJinrGx1wyx1+u5C2uK6QuTzaH+2TQuTzuCXTlY27vFLlEb2mD:4uddudpRduJinrS1wO1+uA2uK6QuTu+L
TLSH T15C21498D6721E53824DDD534B6F24E3C9E63B29A6C12B911348635ECE0EC65437ACC3A
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
2
# of downloads :
62
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6a33560a90632a45f727ed8b/reports/77b7b771-d8a4-499e-8e47-aa369037656c/overview
Verdict:
Clean
File Type:
unix shell
Link:
https://opentip.kaspersky.com/29b2bc580820f3e172803f1f4be3590b0ebd53493cdfd5bc38cdfe3a19f0bdf0/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8363a8e9-e43f-4dda-ba15-ce7159475601
Behavior Graph:
Download SVG
%3 guuid=a8afb545-1900-0000-4657-40ac6b0f0000 pid=3947 /usr/bin/sudo guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954 /tmp/sample.bin guuid=a8afb545-1900-0000-4657-40ac6b0f0000 pid=3947->guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954 execve guuid=6c06cf47-1900-0000-4657-40ac740f0000 pid=3956 /usr/bin/systemctl guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=6c06cf47-1900-0000-4657-40ac740f0000 pid=3956 execve guuid=565d4d4b-1900-0000-4657-40ac810f0000 pid=3969 /usr/bin/systemctl guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=565d4d4b-1900-0000-4657-40ac810f0000 pid=3969 execve guuid=5128fe4d-1900-0000-4657-40ac880f0000 pid=3976 /usr/bin/systemctl guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=5128fe4d-1900-0000-4657-40ac880f0000 pid=3976 execve guuid=01794150-1900-0000-4657-40ac8f0f0000 pid=3983 /usr/bin/systemctl guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=01794150-1900-0000-4657-40ac8f0f0000 pid=3983 execve guuid=35e5ee51-1900-0000-4657-40ac930f0000 pid=3987 /usr/bin/chattr guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=35e5ee51-1900-0000-4657-40ac930f0000 pid=3987 execve guuid=eb83b152-1900-0000-4657-40ac970f0000 pid=3991 /usr/bin/chattr guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=eb83b152-1900-0000-4657-40ac970f0000 pid=3991 execve guuid=00911c53-1900-0000-4657-40ac9b0f0000 pid=3995 /usr/bin/chattr guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=00911c53-1900-0000-4657-40ac9b0f0000 pid=3995 execve guuid=f2778753-1900-0000-4657-40ac9c0f0000 pid=3996 /usr/bin/chattr guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=f2778753-1900-0000-4657-40ac9c0f0000 pid=3996 execve guuid=9950f753-1900-0000-4657-40aca00f0000 pid=4000 /usr/bin/grep write-file guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=9950f753-1900-0000-4657-40aca00f0000 pid=4000 execve guuid=a5ce7654-1900-0000-4657-40aca20f0000 pid=4002 /usr/bin/mv guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=a5ce7654-1900-0000-4657-40aca20f0000 pid=4002 execve guuid=a85ce354-1900-0000-4657-40aca50f0000 pid=4005 /usr/bin/chattr guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=a85ce354-1900-0000-4657-40aca50f0000 pid=4005 execve guuid=13862455-1900-0000-4657-40aca70f0000 pid=4007 /usr/bin/grep write-file guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=13862455-1900-0000-4657-40aca70f0000 pid=4007 execve guuid=8e8aa555-1900-0000-4657-40acaa0f0000 pid=4010 /usr/bin/mv guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=8e8aa555-1900-0000-4657-40acaa0f0000 pid=4010 execve guuid=be970956-1900-0000-4657-40acac0f0000 pid=4012 /usr/bin/chattr guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=be970956-1900-0000-4657-40acac0f0000 pid=4012 execve guuid=480f4f56-1900-0000-4657-40acad0f0000 pid=4013 /usr/bin/grep write-file guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=480f4f56-1900-0000-4657-40acad0f0000 pid=4013 execve guuid=aa7ccf56-1900-0000-4657-40acb00f0000 pid=4016 /usr/bin/mv guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=aa7ccf56-1900-0000-4657-40acb00f0000 pid=4016 execve guuid=9f6b3a57-1900-0000-4657-40acb20f0000 pid=4018 /usr/bin/chattr guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=9f6b3a57-1900-0000-4657-40acb20f0000 pid=4018 execve guuid=4c2db657-1900-0000-4657-40acb40f0000 pid=4020 /usr/bin/chattr guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=4c2db657-1900-0000-4657-40acb40f0000 pid=4020 execve guuid=d89e0358-1900-0000-4657-40acb80f0000 pid=4024 /usr/bin/grep write-file guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=d89e0358-1900-0000-4657-40acb80f0000 pid=4024 execve guuid=1cf38058-1900-0000-4657-40acbc0f0000 pid=4028 /usr/bin/mv guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=1cf38058-1900-0000-4657-40acbc0f0000 pid=4028 execve guuid=95eae358-1900-0000-4657-40acbf0f0000 pid=4031 /usr/bin/chattr guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=95eae358-1900-0000-4657-40acbf0f0000 pid=4031 execve guuid=8a715e59-1900-0000-4657-40acc10f0000 pid=4033 /usr/bin/chattr guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=8a715e59-1900-0000-4657-40acc10f0000 pid=4033 execve guuid=3a3dbc59-1900-0000-4657-40acc30f0000 pid=4035 /usr/bin/chattr guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=3a3dbc59-1900-0000-4657-40acc30f0000 pid=4035 execve guuid=af74085a-1900-0000-4657-40acc50f0000 pid=4037 /usr/bin/grep write-file guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=af74085a-1900-0000-4657-40acc50f0000 pid=4037 execve guuid=00de8b5a-1900-0000-4657-40acc80f0000 pid=4040 /usr/bin/mv guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=00de8b5a-1900-0000-4657-40acc80f0000 pid=4040 execve guuid=22eb335b-1900-0000-4657-40acca0f0000 pid=4042 /usr/bin/chattr guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=22eb335b-1900-0000-4657-40acca0f0000 pid=4042 execve guuid=9819cd5b-1900-0000-4657-40acce0f0000 pid=4046 /usr/bin/grep guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=9819cd5b-1900-0000-4657-40acce0f0000 pid=4046 execve guuid=ba8b6b5c-1900-0000-4657-40acd20f0000 pid=4050 /usr/bin/mv guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=ba8b6b5c-1900-0000-4657-40acd20f0000 pid=4050 execve guuid=6776055d-1900-0000-4657-40acd40f0000 pid=4052 /usr/bin/bash guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=6776055d-1900-0000-4657-40acd40f0000 pid=4052 clone guuid=232d525d-1900-0000-4657-40acd60f0000 pid=4054 /usr/bin/bash guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=232d525d-1900-0000-4657-40acd60f0000 pid=4054 clone guuid=cbbc685d-1900-0000-4657-40acd80f0000 pid=4056 /usr/bin/grep guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=cbbc685d-1900-0000-4657-40acd80f0000 pid=4056 execve guuid=3ec26f5d-1900-0000-4657-40acd90f0000 pid=4057 /usr/bin/bash guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=3ec26f5d-1900-0000-4657-40acd90f0000 pid=4057 clone guuid=d795ca5d-1900-0000-4657-40acdb0f0000 pid=4059 /usr/bin/bash guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=d795ca5d-1900-0000-4657-40acdb0f0000 pid=4059 clone guuid=bbb3e55d-1900-0000-4657-40acdc0f0000 pid=4060 /usr/bin/bash guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=bbb3e55d-1900-0000-4657-40acdc0f0000 pid=4060 clone guuid=cec3eb5d-1900-0000-4657-40acdd0f0000 pid=4061 /usr/bin/grep guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=cec3eb5d-1900-0000-4657-40acdd0f0000 pid=4061 execve guuid=d5a4385e-1900-0000-4657-40acdf0f0000 pid=4063 /usr/bin/find guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=d5a4385e-1900-0000-4657-40acdf0f0000 pid=4063 execve guuid=d18ee95e-1900-0000-4657-40ace40f0000 pid=4068 /usr/bin/bash guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=d18ee95e-1900-0000-4657-40ace40f0000 pid=4068 clone guuid=fafcee5e-1900-0000-4657-40ace50f0000 pid=4069 /usr/bin/grep guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=fafcee5e-1900-0000-4657-40ace50f0000 pid=4069 execve guuid=db6a3f5f-1900-0000-4657-40ace70f0000 pid=4071 /usr/bin/find guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=db6a3f5f-1900-0000-4657-40ace70f0000 pid=4071 execve guuid=239dff63-1900-0000-4657-40acfa0f0000 pid=4090 /usr/bin/bash guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=239dff63-1900-0000-4657-40acfa0f0000 pid=4090 clone guuid=b9de0864-1900-0000-4657-40acfb0f0000 pid=4091 /usr/bin/grep guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=b9de0864-1900-0000-4657-40acfb0f0000 pid=4091 execve guuid=2dd15d64-1900-0000-4657-40acff0f0000 pid=4095 /usr/bin/find guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=2dd15d64-1900-0000-4657-40acff0f0000 pid=4095 execve guuid=153ab664-1900-0000-4657-40ac01100000 pid=4097 /usr/bin/pgrep guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=153ab664-1900-0000-4657-40ac01100000 pid=4097 execve guuid=ce401c68-1900-0000-4657-40ac10100000 pid=4112 /usr/bin/pgrep guuid=c8666747-1900-0000-4657-40ac720f0000 pid=3954->guuid=ce401c68-1900-0000-4657-40ac10100000 pid=4112 execve guuid=baae145d-1900-0000-4657-40acd50f0000 pid=4053 /usr/bin/bash guuid=6776055d-1900-0000-4657-40acd40f0000 pid=4052->guuid=baae145d-1900-0000-4657-40acd50f0000 pid=4053 clone guuid=82318f5e-1900-0000-4657-40ace20f0000 pid=4066 /usr/bin/rm delete-file guuid=d5a4385e-1900-0000-4657-40acdf0f0000 pid=4063->guuid=82318f5e-1900-0000-4657-40ace20f0000 pid=4066 execve guuid=cd9ba85f-1900-0000-4657-40ace80f0000 pid=4072 /usr/bin/rm delete-file guuid=db6a3f5f-1900-0000-4657-40ace70f0000 pid=4071->guuid=cd9ba85f-1900-0000-4657-40ace80f0000 pid=4072 execve
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/29b2bc580820f3e172803f1f4be3590b0ebd53493cdfd5bc38cdfe3a19f0bdf0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/29b2bc580820f3e172803f1f4be3590b0ebd53493cdfd5bc38cdfe3a19f0bdf0/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/29b2bc580820f3e172803f1f4be3590b0ebd53493cdfd5bc38cdfe3a19f0bdf0
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fgzlywaiedz6c4uah4puxy2zbmhl2u2jhtp5lpbyzx7dugpqxxya._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery execution linux persistence privilege_escalation
Link:
https://tria.ge/reports/260618-csy3gagx4v/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
Reads CPU attributes
Attempts to change immutable files
Creates/modifies Cron job
Enumerates running processes
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/29b2bc580820f3e172803f1f4be3590b0ebd53493cdfd5bc38cdfe3a19f0bdf0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 29b2bc580820f3e172803f1f4be3590b0ebd53493cdfd5bc38cdfe3a19f0bdf0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3864231/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3849685/

Comments