MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2c751d1177672240cf619f700c37f83c40432fbca337f92fcbbee7ae457ee16d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 2c751d1177672240cf619f700c37f83c40432fbca337f92fcbbee7ae457ee16d
SHA3-384 hash: 44798ffe26777822682ba911922c1007c3ccf741a4d764c4f621757953302448696dfc9e2d36868f6b8349f98cababc2
SHA1 hash: 3b06f7e644077b68dc4bd72bb9ad553d19cf00cc
MD5 hash: f0670e0e39f570f128b32e4963dbb82a
humanhash: coffee-sad-spring-minnesota
File name:m
Download: download sample
File size:554 bytes
First seen:2026-03-01 20:02:34 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:MquhRnFxvhsIXmuH9B+S5MGAffHecx8OG1EcWUYHj6X:MfnnDh7XvMGcH/KHeD6X
TLSH T13CF0E1A514E13D102BFD5F0881904B1C80733B21F256BF5466E18BE95F5B4443219388
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://ext-checkdin.vercel.app/api/tokenln/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
96
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 bash lolbin obfuscated
Link:
https://www.filescan.io/uploads/69a53a6f91ad9169e5353240/reports/d5f5020b-f78b-4a49-aae5-652f0892e34f/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/2c751d1177672240cf619f700c37f83c40432fbca337f92fcbbee7ae457ee16d
Verdict:
Unknown
File Type:
text
Link:
https://opentip.kaspersky.com/2c751d1177672240cf619f700c37f83c40432fbca337f92fcbbee7ae457ee16d/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1b7f808d-3744-4089-b4fe-15d9499e014f
Behavior Graph:
Download SVG
%3 guuid=2a87d9a7-1900-0000-7b53-3f5b9f090000 pid=2463 /usr/bin/sudo guuid=65b3b2a9-1900-0000-7b53-3f5ba5090000 pid=2469 /tmp/sample.bin guuid=2a87d9a7-1900-0000-7b53-3f5b9f090000 pid=2463->guuid=65b3b2a9-1900-0000-7b53-3f5ba5090000 pid=2469 execve guuid=bebdeaa9-1900-0000-7b53-3f5ba7090000 pid=2471 /usr/bin/mkdir guuid=65b3b2a9-1900-0000-7b53-3f5ba5090000 pid=2469->guuid=bebdeaa9-1900-0000-7b53-3f5ba7090000 pid=2471 execve guuid=d87c39aa-1900-0000-7b53-3f5ba9090000 pid=2473 /usr/bin/clear guuid=65b3b2a9-1900-0000-7b53-3f5ba5090000 pid=2469->guuid=d87c39aa-1900-0000-7b53-3f5ba9090000 pid=2473 execve
Score:
39%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/2c751d1177672240cf619f700c37f83c40432fbca337f92fcbbee7ae457ee16d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/2c751d1177672240cf619f700c37f83c40432fbca337f92fcbbee7ae457ee16d/
Threat name:
Script-Shell.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-03-01 20:22:37 UTC
File Type:
Text (Shell)
AV detection:
5 of 24 (20.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=fr2r2elxm4rebt3bt5yayn7yhraegl54um37sl6lx3t24rl64fwq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/2c751d1177672240cf619f700c37f83c40432fbca337f92fcbbee7ae457ee16d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 2c751d1177672240cf619f700c37f83c40432fbca337f92fcbbee7ae457ee16d

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3787692/
  
Delivery method
Distributed via web download

Comments