MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 37b9cf8e5db0c70ea36c63f6ca3bc0eaa5a15365153c30e4707759026d38ccb6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 37b9cf8e5db0c70ea36c63f6ca3bc0eaa5a15365153c30e4707759026d38ccb6
SHA3-384 hash: 5e1f51eada91435fe9d8f582d2fbc35fe9d779132323362c008ee51c54ee8554be7f30690bb4a1d3f00c61dda578dd0e
SHA1 hash: 2569138575f47d69eef7af5ba425419352dfb285
MD5 hash: 332ab71873c8884e98d1cd7f606851c6
humanhash: venus-maine-south-kitten
File name:l
Download: download sample
File size:609 bytes
First seen:2026-02-28 19:45:52 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:8q0HsOt1VvhsSsXG+nsqz4jGOXtlp8kYV0VyVIVs6X:8RHsOt1xhYXoqz4jGimJmYCS6X
TLSH T1D1F0DD02EA022E9053308D0E83E23B5A436003F1F45D3E6982E58DEA0FAD8823557EF0
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://ext-checkdin.vercel.app/api/tokenln/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
108
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 bash lolbin obfuscated
Link:
https://www.filescan.io/uploads/69a3edd5d967dbda74ef7bed/reports/b728038b-b11b-4e53-badb-ab8eb1eb2c62/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/37b9cf8e5db0c70ea36c63f6ca3bc0eaa5a15365153c30e4707759026d38ccb6
Verdict:
Unknown
File Type:
unix shell
Link:
https://opentip.kaspersky.com/37b9cf8e5db0c70ea36c63f6ca3bc0eaa5a15365153c30e4707759026d38ccb6/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/42093fde-3330-4016-9201-ad830cc4ae00
Behavior Graph:
Download SVG
%3 guuid=c28549bc-1b00-0000-4db9-a06034080000 pid=2100 /usr/bin/sudo guuid=f99862bf-1b00-0000-4db9-a0603b080000 pid=2107 /tmp/sample.bin guuid=c28549bc-1b00-0000-4db9-a06034080000 pid=2100->guuid=f99862bf-1b00-0000-4db9-a0603b080000 pid=2107 execve guuid=c02ae6bf-1b00-0000-4db9-a0603d080000 pid=2109 /usr/bin/clear guuid=f99862bf-1b00-0000-4db9-a0603b080000 pid=2107->guuid=c02ae6bf-1b00-0000-4db9-a0603d080000 pid=2109 execve
Score:
34%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/37b9cf8e5db0c70ea36c63f6ca3bc0eaa5a15365153c30e4707759026d38ccb6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/37b9cf8e5db0c70ea36c63f6ca3bc0eaa5a15365153c30e4707759026d38ccb6/
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-28 20:11:27 UTC
File Type:
Text (Shell)
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=g6447ds5wddq5i3mmp3muo6a5ks2cu3fcu6dbzdqo5mqe3jyzs3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/37b9cf8e5db0c70ea36c63f6ca3bc0eaa5a15365153c30e4707759026d38ccb6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 37b9cf8e5db0c70ea36c63f6ca3bc0eaa5a15365153c30e4707759026d38ccb6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3787694/
  
Delivery method
Distributed via web download

Comments