MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4bbbe5e8fbfb58e8bdc5d2275b61ebae9cedd6ba0bf6f35d3db63426312482a2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 2

Intelligence 2 IOCs YARA File information Comments

SHA256 hash:	4bbbe5e8fbfb58e8bdc5d2275b61ebae9cedd6ba0bf6f35d3db63426312482a2
SHA3-384 hash:	39a21615446bceb60e08e14ad951088b42f8b1bd13af1c8df443650217280aad0e5181e70b9cb54a09e2419c96b3a13f
SHA1 hash:	0d91c49549c4e9ccc70d1b97196f59eff7003da6
MD5 hash:	d3d363c1a41a6e5905c94dd93ce3f3ee
humanhash:	fourteen-west-foxtrot-paris
File name:	test22.sh
Download:	download sample
File size:	3'650 bytes
First seen:	2025-07-16 02:45:06 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:vL/5miMT3vKybWgRHZ+d/T4pKhnShcAanliDz+yQhK44T7D02K42cgMQzd/uAE:1mi7om7ZhnShcAal1yv7D1K42crAVE
TLSH	T171712116388092BD111AC4B4A2CA94553A04C11B0B483E3C7AEED4361F757F4B7FA7E6
Magika	shell
Reporter	abuse_ch
Tags:	sh

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/7c730d71-fb44-4259-9961-1c26c3cf0326

Behavior Graph:

Download SVG

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/4bbbe5e8fbfb58e8bdc5d2275b61ebae9cedd6ba0bf6f35d3db63426312482a2

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4bbbe5e8fbfb58e8bdc5d2275b61ebae9cedd6ba0bf6f35d3db63426312482a2/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jo56l2h37nmorpof2itvwyplv2oo3vv2bp3pgxj5wy2cmmjeqkra._file

Result

Malware family:

n/a

Score:

7/10

Tags:

antivm credential_access defense_evasion discovery execution linux privilege_escalation

Link:

https://tria.ge/reports/250716-c849eshn5y/

Behaviour

Software Deployment Tools

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Deobfuscate/Decode Files or Information

Changes its process name

Checks CPU configuration

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

Legitimate hosting services abused for malware hosting/C2

Reads Bash history

File and Directory Permissions Modification

Executes dropped EXE

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Suspicious File

Score:

0.31

Link:

https://yomi.yoroi.company/submissions/4bbbe5e8fbfb58e8bdc5d2275b61ebae9cedd6ba0bf6f35d3db63426312482a2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 4bbbe5e8fbfb58e8bdc5d2275b61ebae9cedd6ba0bf6f35d3db63426312482a2

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3584188/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample