MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 48368be04445e66954f72073e04dae6f2b71f436c2b128e5158f53ccf6fa9935. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Sliver


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 48368be04445e66954f72073e04dae6f2b71f436c2b128e5158f53ccf6fa9935
SHA3-384 hash: c4676ba876f0c6c6f0561689d6f7a347d4e96e1e1c27cc08c86bf79f2256a1efd60d00a16ae57926ea195a267d043c28
SHA1 hash: 7a132159906a40dbc1f0c89f69df82a7d54eee62
MD5 hash: f4b97fdfff5d7bfc39fa01bca8d387a8
humanhash: nine-nineteen-chicken-orange
File name:script2
Download: download sample
Signature Sliver
Create hunting rule
File size:526 bytes
First seen:2025-08-24 19:56:19 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 6:zBkRCXnyVVKOLMGBkRW5FwBkR07BkRK53z0wyVVKoFH4pcpmZBf+VFNaeMFIxFwK:tYJLMwYWv6Y01YaYB1uBHeMFIL
TLSH T15AF08BC5AC28DCB13C644C122A39EE04B4C6B8FAAC0DF700C4D4AE90B0693DA3008ED9
Magika shell
Reporter abuse_ch
Tags:sh sliver
URLMalware sample (SHA256 hash)SignatureTags
http://181.223.9.36:9000/script2n/an/ash Sliver ua-wget
http://181.223.9.36:9000/linuxcd757c1ef9cc99018ea1ef52e85208264c2f1724470027ceabd2eabde30b7f70 SliverSliver ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
366
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68ab6e7d2a70220b68d8ed86/reports/fbcf912a-4900-4a2b-af7f-ab92761fbd17/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-08-24T14:14:00Z UTC
Last seen:
2025-08-24T14:14:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/48368be04445e66954f72073e04dae6f2b71f436c2b128e5158f53ccf6fa9935/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2aee05b3-df4b-4363-be4f-a602bb5c5104
Behavior Graph:
Download SVG
%3 guuid=607a6528-1a00-0000-8e8b-d2b98c0a0000 pid=2700 /usr/bin/sudo guuid=1f44002a-1a00-0000-8e8b-d2b9930a0000 pid=2707 /tmp/sample.bin guuid=607a6528-1a00-0000-8e8b-d2b98c0a0000 pid=2700->guuid=1f44002a-1a00-0000-8e8b-d2b9930a0000 pid=2707 execve guuid=aad7892a-1a00-0000-8e8b-d2b9960a0000 pid=2710 /usr/bin/wget guuid=1f44002a-1a00-0000-8e8b-d2b9930a0000 pid=2707->guuid=aad7892a-1a00-0000-8e8b-d2b9960a0000 pid=2710 execve guuid=bca2172d-1a00-0000-8e8b-d2b99e0a0000 pid=2718 /usr/bin/chmod guuid=1f44002a-1a00-0000-8e8b-d2b9930a0000 pid=2707->guuid=bca2172d-1a00-0000-8e8b-d2b99e0a0000 pid=2718 execve guuid=38766b2d-1a00-0000-8e8b-d2b9a00a0000 pid=2720 /usr/bin/chattr guuid=1f44002a-1a00-0000-8e8b-d2b9930a0000 pid=2707->guuid=38766b2d-1a00-0000-8e8b-d2b9a00a0000 pid=2720 execve guuid=e5f3082e-1a00-0000-8e8b-d2b9a30a0000 pid=2723 /usr/bin/wget net send-data write-file guuid=1f44002a-1a00-0000-8e8b-d2b9930a0000 pid=2707->guuid=e5f3082e-1a00-0000-8e8b-d2b9a30a0000 pid=2723 execve guuid=0f4c91d0-1b00-0000-8e8b-d2b9cc0c0000 pid=3276 /usr/bin/chmod guuid=1f44002a-1a00-0000-8e8b-d2b9930a0000 pid=2707->guuid=0f4c91d0-1b00-0000-8e8b-d2b9cc0c0000 pid=3276 execve guuid=cfcce8d0-1b00-0000-8e8b-d2b9cd0c0000 pid=3277 /usr/bin/chattr guuid=1f44002a-1a00-0000-8e8b-d2b9930a0000 pid=2707->guuid=cfcce8d0-1b00-0000-8e8b-d2b9cd0c0000 pid=3277 execve guuid=9e68edd6-1b00-0000-8e8b-d2b9d80c0000 pid=3288 /usr/bin/bash guuid=1f44002a-1a00-0000-8e8b-d2b9930a0000 pid=2707->guuid=9e68edd6-1b00-0000-8e8b-d2b9d80c0000 pid=3288 clone guuid=ee4d42dc-1b00-0000-8e8b-d2b9e60c0000 pid=3302 /usr/bin/bash guuid=1f44002a-1a00-0000-8e8b-d2b9930a0000 pid=2707->guuid=ee4d42dc-1b00-0000-8e8b-d2b9e60c0000 pid=3302 clone 46f33d1e-3df6-59cc-8ee2-420cdf0e55d8 181.223.9.36:9000 guuid=e5f3082e-1a00-0000-8e8b-d2b9a30a0000 pid=2723->46f33d1e-3df6-59cc-8ee2-420cdf0e55d8 send: 137B guuid=a00509d7-1b00-0000-8e8b-d2b9d90c0000 pid=3289 /usr/bin/ps guuid=9e68edd6-1b00-0000-8e8b-d2b9d80c0000 pid=3288->guuid=a00509d7-1b00-0000-8e8b-d2b9d90c0000 pid=3289 execve guuid=59f817d7-1b00-0000-8e8b-d2b9da0c0000 pid=3290 /usr/bin/grep guuid=9e68edd6-1b00-0000-8e8b-d2b9d80c0000 pid=3288->guuid=59f817d7-1b00-0000-8e8b-d2b9da0c0000 pid=3290 execve guuid=f0b124d7-1b00-0000-8e8b-d2b9db0c0000 pid=3291 /usr/bin/wc guuid=9e68edd6-1b00-0000-8e8b-d2b9d80c0000 pid=3288->guuid=f0b124d7-1b00-0000-8e8b-d2b9db0c0000 pid=3291 execve guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3303 /usr/bin/linux net guuid=ee4d42dc-1b00-0000-8e8b-d2b9e60c0000 pid=3302->guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3303 execve a540b5d0-f675-57c0-ba6c-cf458cc16c93 181.223.9.36:8888 guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3303->a540b5d0-f675-57c0-ba6c-cf458cc16c93 con guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3311 /usr/bin/linux guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3303->guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3311 clone guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3312 /usr/bin/linux guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3303->guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3312 clone guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3313 /usr/bin/linux guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3303->guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3313 clone guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3314 /usr/bin/linux guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3303->guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3314 clone guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3315 /usr/bin/linux send-data guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3303->guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3315 clone guuid=71a556dc-1b00-0000-8e8b-d2b9e70c0000 pid=3315->a540b5d0-f675-57c0-ba6c-cf458cc16c93 send: 1208B
Score:
20%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/48368be04445e66954f72073e04dae6f2b71f436c2b128e5158f53ccf6fa9935
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/48368be04445e66954f72073e04dae6f2b71f436c2b128e5158f53ccf6fa9935/
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-08-24 18:07:44 UTC
File Type:
Text (Shell)
AV detection:
4 of 38 (10.53%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ja3ixyceixtgsvhxebz6atnon4vxd5bwykysrzivr5j4z5x2te2q._file
Result
Malware family:
sliver
Create hunting rule
Score:
  10/10
Tags:
family:sliver backdoor defense_evasion discovery execution linux persistence privilege_escalation trojan
Link:
https://tria.ge/reports/250824-yn248ax1cz/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
System Network Configuration Discovery
Reads CPU attributes
Creates/modifies Cron job
Enumerates running processes
Write file to user bin folder
File and Directory Permissions Modification
Executes dropped EXE
Sliver RAT v2
Sliver family
SliverRAT
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/48368be04445e66954f72073e04dae6f2b71f436c2b128e5158f53ccf6fa9935

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Sliver

sh 48368be04445e66954f72073e04dae6f2b71f436c2b128e5158f53ccf6fa9935

(this sample)

elf a62be453d1c56ee06ffec886288a1a6ce5bf1af7be8554c883af6c1b634764d0

  
URLhaus
https://urlhaus.abuse.ch/url/3610037/
  
Delivery method
Distributed via web download
  
Dropping
MD5 99374e1c1dd503c344681fac28caa37e
  
Dropping
SHA256 a62be453d1c56ee06ffec886288a1a6ce5bf1af7be8554c883af6c1b634764d0

Comments