MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f0d467950e0d37e9f26aa75e039c2ddf967d5ce89867dc96cc0fc51793ea332. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	2f0d467950e0d37e9f26aa75e039c2ddf967d5ce89867dc96cc0fc51793ea332
SHA3-384 hash:	b683f13e9d7f41b72c034ad49b1e048dbed4e9affee279dcdab7abc190c6082549e6eac3732d29d0714a1a663f69f16e
SHA1 hash:	f2666c10833916a989d8483ee10130569a65178e
MD5 hash:	1545e05d20a0e3d37bc1d256b0c96a09
humanhash:	ack-nuts-emma-sweet
File name:	2f0d467950e0d37e9f26aa75e039c2ddf967d5ce89867dc96cc0fc51793ea332
Download:	download sample
File size:	387'276 bytes
First seen:	2026-05-15 06:49:10 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	3072:+HqqZt78mOq9UZiuTq69Hf5cgpJBPPgMJgZt9aVpNpOAaP+/u6b8iDahTwoBMy:+HqqD8iQTt5PgMSM3NpOAam/ah9
TLSH	T1B984950BA941D4220A96D13B5BB7F781EC15167BCEA1EEFDB24CB39D1F8A220D0641F5
TrID	50.0% (.) Unix-like shebang (var.1) (gen) (7000/1) 28.5% (.PL) Perl script (4000/1/1) 21.4% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	Hassan_Pouladi

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Result

Gathering data

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/719b9e4e-1ae7-4f66-879e-bb9b489d23f9

Behavior Graph:

Download SVG

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/2f0d467950e0d37e9f26aa75e039c2ddf967d5ce89867dc96cc0fc51793ea332

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2f0d467950e0d37e9f26aa75e039c2ddf967d5ce89867dc96cc0fc51793ea332/

Verdict:

Clean

Link:

https://tip.neiki.dev/file/2f0d467950e0d37e9f26aa75e039c2ddf967d5ce89867dc96cc0fc51793ea332

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=f4gum6kq4djx5hzgvj26aooc3x4wpvoorgdh3slmyd6fc6j6umza._file

Result

Malware family:

n/a

Score:

6/10

Tags:

antivm discovery execution linux

Link:

https://tria.ge/reports/260515-hltr3afw9s/

Behaviour

Software Deployment Tools

Enumerates kernel/hardware configuration

Reads runtime system information

System Information Discovery

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

Reads CPU attributes

Checks hardware identifiers (DMI)

Enumerates running processes

Reads hardware information

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.05

Link:

https://yomi.yoroi.company/submissions/2f0d467950e0d37e9f26aa75e039c2ddf967d5ce89867dc96cc0fc51793ea332

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample