MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 356bb44f53395ece9799a89f4e62ddea6d6fde1f7704eef2b0b00b559bbefcc0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 356bb44f53395ece9799a89f4e62ddea6d6fde1f7704eef2b0b00b559bbefcc0
SHA3-384 hash: 2f0be16a5edbe2b68b92afd7e52c26fed1fd9041536dd2e37b208a3a2a0d34bf44f2d3809877cce82da5d37a7c679fd0
SHA1 hash: 7fed6a0eeadb3b04500bcf650df6eb0651a42b4d
MD5 hash: f13a5dbf4fce7b8d5dbf4925b0491129
humanhash: hotel-carpet-paris-five
File name:dl.sh
Download: download sample
File size:2'768 bytes
First seen:2026-06-19 14:56:42 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:FLRIdlW+5P1MEH8snsf6SIhsRrPO2L8xAgFV5pAFVY8AFVIsoKFVZFVIlxAgFVXl:FLRULvskhsRrPO2LGWUiRe1ijL9iu
TLSH T17E51FDD6F9E2283335AA082E7655A04DE68759330A1D7845B09DB430BF781BEF13A729
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter BlinkzSec

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f3d910ec-7ddb-4fd9-805d-7a6e0b21344c
Behavior Graph:
Download SVG
%3 guuid=b5efe0c6-1e00-0000-8d8c-a5dd36140000 pid=5174 /usr/bin/sudo guuid=ec732cca-1e00-0000-8d8c-a5dd37140000 pid=5175 /tmp/sample.bin guuid=b5efe0c6-1e00-0000-8d8c-a5dd36140000 pid=5174->guuid=ec732cca-1e00-0000-8d8c-a5dd37140000 pid=5175 execve guuid=de73b7ca-1e00-0000-8d8c-a5dd38140000 pid=5176 /usr/bin/dash guuid=ec732cca-1e00-0000-8d8c-a5dd37140000 pid=5175->guuid=de73b7ca-1e00-0000-8d8c-a5dd38140000 pid=5176 clone guuid=895643cc-1e00-0000-8d8c-a5dd3c140000 pid=5180 /usr/bin/uname guuid=ec732cca-1e00-0000-8d8c-a5dd37140000 pid=5175->guuid=895643cc-1e00-0000-8d8c-a5dd3c140000 pid=5180 execve guuid=9390b9cc-1e00-0000-8d8c-a5dd3d140000 pid=5181 /usr/bin/curl guuid=ec732cca-1e00-0000-8d8c-a5dd37140000 pid=5175->guuid=9390b9cc-1e00-0000-8d8c-a5dd3d140000 pid=5181 execve guuid=682009fe-1f00-0000-8d8c-a5dd47140000 pid=5191 /usr/bin/wget net send-data guuid=ec732cca-1e00-0000-8d8c-a5dd37140000 pid=5175->guuid=682009fe-1f00-0000-8d8c-a5dd47140000 pid=5191 execve guuid=9d522757-2200-0000-8d8c-a5dd67140000 pid=5223 /usr/bin/busybox guuid=ec732cca-1e00-0000-8d8c-a5dd37140000 pid=5175->guuid=9d522757-2200-0000-8d8c-a5dd67140000 pid=5223 execve guuid=90e80658-2200-0000-8d8c-a5dd68140000 pid=5224 /usr/bin/busybox guuid=ec732cca-1e00-0000-8d8c-a5dd37140000 pid=5175->guuid=90e80658-2200-0000-8d8c-a5dd68140000 pid=5224 execve guuid=c8af305d-2200-0000-8d8c-a5dd69140000 pid=5225 /usr/bin/busybox guuid=ec732cca-1e00-0000-8d8c-a5dd37140000 pid=5175->guuid=c8af305d-2200-0000-8d8c-a5dd69140000 pid=5225 execve guuid=a2f8ef5d-2200-0000-8d8c-a5dd6a140000 pid=5226 /usr/bin/busybox net send-data guuid=ec732cca-1e00-0000-8d8c-a5dd37140000 pid=5175->guuid=a2f8ef5d-2200-0000-8d8c-a5dd6a140000 pid=5226 execve guuid=56ca4308-2700-0000-8d8c-a5dd6b140000 pid=5227 /usr/bin/curl guuid=ec732cca-1e00-0000-8d8c-a5dd37140000 pid=5175->guuid=56ca4308-2700-0000-8d8c-a5dd6b140000 pid=5227 execve guuid=1db68d35-2800-0000-8d8c-a5dd6d140000 pid=5229 /usr/bin/busybox guuid=ec732cca-1e00-0000-8d8c-a5dd37140000 pid=5175->guuid=1db68d35-2800-0000-8d8c-a5dd6d140000 pid=5229 execve guuid=1c0a5b36-2800-0000-8d8c-a5dd6e140000 pid=5230 /usr/bin/busybox net send-data guuid=ec732cca-1e00-0000-8d8c-a5dd37140000 pid=5175->guuid=1c0a5b36-2800-0000-8d8c-a5dd6e140000 pid=5230 execve guuid=6c16d1ca-1e00-0000-8d8c-a5dd39140000 pid=5177 /usr/bin/dash guuid=de73b7ca-1e00-0000-8d8c-a5dd38140000 pid=5176->guuid=6c16d1ca-1e00-0000-8d8c-a5dd39140000 pid=5177 clone guuid=1f75e8ca-1e00-0000-8d8c-a5dd3a140000 pid=5178 /usr/bin/base64 guuid=de73b7ca-1e00-0000-8d8c-a5dd38140000 pid=5176->guuid=1f75e8ca-1e00-0000-8d8c-a5dd3a140000 pid=5178 execve guuid=9cf2f9ca-1e00-0000-8d8c-a5dd3b140000 pid=5179 /usr/bin/tr guuid=de73b7ca-1e00-0000-8d8c-a5dd38140000 pid=5176->guuid=9cf2f9ca-1e00-0000-8d8c-a5dd3b140000 pid=5179 execve guuid=9390b9cc-1e00-0000-8d8c-a5dd3d140000 pid=5182 /usr/bin/curl net send-data guuid=9390b9cc-1e00-0000-8d8c-a5dd3d140000 pid=5181->guuid=9390b9cc-1e00-0000-8d8c-a5dd3d140000 pid=5182 clone 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=9390b9cc-1e00-0000-8d8c-a5dd3d140000 pid=5182->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 86B guuid=682009fe-1f00-0000-8d8c-a5dd47140000 pid=5191->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 172B guuid=a2f8ef5d-2200-0000-8d8c-a5dd6a140000 pid=5226->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 344B guuid=56ca4308-2700-0000-8d8c-a5dd6b140000 pid=5228 /usr/bin/curl net send-data guuid=56ca4308-2700-0000-8d8c-a5dd6b140000 pid=5227->guuid=56ca4308-2700-0000-8d8c-a5dd6b140000 pid=5228 clone guuid=56ca4308-2700-0000-8d8c-a5dd6b140000 pid=5228->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 86B guuid=1c0a5b36-2800-0000-8d8c-a5dd6e140000 pid=5230->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 344B
Score:
21%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/356bb44f53395ece9799a89f4e62ddea6d6fde1f7704eef2b0b00b559bbefcc0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/356bb44f53395ece9799a89f4e62ddea6d6fde1f7704eef2b0b00b559bbefcc0/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/356bb44f53395ece9799a89f4e62ddea6d6fde1f7704eef2b0b00b559bbefcc0
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gvv3it2thfpm5f4zvcpu4yw55jww7xq7o4co54vqwafvlg567taa._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
antivm defense_evasion discovery linux
Link:
https://tria.ge/reports/260619-sbr6laas9y/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Deobfuscate/Decode Files or Information
Checks CPU configuration
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.33
Link:
https://yomi.yoroi.company/submissions/356bb44f53395ece9799a89f4e62ddea6d6fde1f7704eef2b0b00b559bbefcc0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments