MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5071bccbf4febcda396f6c588f9ff03155225300a6286a1b9700bcfa547d6e7c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5071bccbf4febcda396f6c588f9ff03155225300a6286a1b9700bcfa547d6e7c
SHA3-384 hash: f9db9f636c46d7db844c3176128b5ad2a4d0bd3ab615067a08020de0b8c2589afa14985003e89e6eb56c98a8277a77c3
SHA1 hash: f9c4f5c49737c84b35dcc2ddcb09bad1829fba57
MD5 hash: 9d62c5b8b6fcced04421e77138992ee6
humanhash: edward-princess-tennessee-vegan
File name:5071bccbf4febcda396f6c588f9ff03155225300a6286a1b9700bcfa547d6e7c.sh
Download: download sample
File size:743 bytes
First seen:2026-04-01 18:04:03 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:SPh897dG3BCFrCR5VZFHYfDlKpFeixnLQmT/adGXhG1ugykYP9RcADB73O9y:1xdGxCFmX1EDlgNjTidGXhGIBFVR989y
TLSH T11C0110FE743234B26F4385EA9D5350D60976D36F0BD06DAC2CE58B3414AE050A12222E
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter JAMESWT_WT
Tags:datasphere-us-com sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
IT IT
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.MacOS.Stealer-HG.44341774.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
evasive stealer
Link:
https://www.filescan.io/uploads/69cd5e232346b9da57b7829f/reports/6ed7cd70-b788-4465-b0e3-611b1ba0fb02/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-03-26T14:30:00Z UTC
Last seen:
2026-03-26T20:40:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.dv not-a-virus:HEUR:Downloader.OSX.Agent.ad
Link:
https://opentip.kaspersky.com/5071bccbf4febcda396f6c588f9ff03155225300a6286a1b9700bcfa547d6e7c/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/82dc64f5-a6b0-43cf-a6d1-7f0d2eb70f95
Behavior Graph:
Download SVG
%3 guuid=9c180362-1800-0000-e50f-c6c2ae0d0000 pid=3502 /usr/bin/sudo guuid=b2600d65-1800-0000-e50f-c6c2b00d0000 pid=3504 /tmp/sample.bin guuid=9c180362-1800-0000-e50f-c6c2ae0d0000 pid=3502->guuid=b2600d65-1800-0000-e50f-c6c2b00d0000 pid=3504 execve guuid=88838765-1800-0000-e50f-c6c2b10d0000 pid=3505 /usr/bin/bash guuid=b2600d65-1800-0000-e50f-c6c2b00d0000 pid=3504->guuid=88838765-1800-0000-e50f-c6c2b10d0000 pid=3505 clone guuid=6a1f3366-1800-0000-e50f-c6c2b60d0000 pid=3510 /usr/bin/hostname guuid=b2600d65-1800-0000-e50f-c6c2b00d0000 pid=3504->guuid=6a1f3366-1800-0000-e50f-c6c2b60d0000 pid=3510 execve guuid=c7bf7166-1800-0000-e50f-c6c2b70d0000 pid=3511 /usr/bin/bash guuid=b2600d65-1800-0000-e50f-c6c2b00d0000 pid=3504->guuid=c7bf7166-1800-0000-e50f-c6c2b70d0000 pid=3511 clone guuid=ec871a90-1800-0000-e50f-c6c2cf0d0000 pid=3535 /usr/bin/bash guuid=b2600d65-1800-0000-e50f-c6c2b00d0000 pid=3504->guuid=ec871a90-1800-0000-e50f-c6c2cf0d0000 pid=3535 clone guuid=b0f74a90-1800-0000-e50f-c6c2d10d0000 pid=3537 /usr/bin/curl guuid=b2600d65-1800-0000-e50f-c6c2b00d0000 pid=3504->guuid=b0f74a90-1800-0000-e50f-c6c2d10d0000 pid=3537 execve guuid=9ac29296-1800-0000-e50f-c6c2de0d0000 pid=3550 /usr/bin/bash guuid=b2600d65-1800-0000-e50f-c6c2b00d0000 pid=3504->guuid=9ac29296-1800-0000-e50f-c6c2de0d0000 pid=3550 clone guuid=5e5ab865-1800-0000-e50f-c6c2b30d0000 pid=3507 /usr/bin/bash guuid=88838765-1800-0000-e50f-c6c2b10d0000 pid=3505->guuid=5e5ab865-1800-0000-e50f-c6c2b30d0000 pid=3507 clone guuid=b06ac865-1800-0000-e50f-c6c2b40d0000 pid=3508 /usr/bin/mawk guuid=88838765-1800-0000-e50f-c6c2b10d0000 pid=3505->guuid=b06ac865-1800-0000-e50f-c6c2b40d0000 pid=3508 execve guuid=b9f98466-1800-0000-e50f-c6c2b80d0000 pid=3512 /usr/bin/curl net send-data guuid=c7bf7166-1800-0000-e50f-c6c2b70d0000 pid=3511->guuid=b9f98466-1800-0000-e50f-c6c2b80d0000 pid=3512 execve 71d5fbeb-6e3e-587d-bea9-4cc9e23c5081 api.ipify.org:443 guuid=b9f98466-1800-0000-e50f-c6c2b80d0000 pid=3512->71d5fbeb-6e3e-587d-bea9-4cc9e23c5081 send: 775B guuid=b9f98466-1800-0000-e50f-c6c2b80d0000 pid=3527 /usr/bin/curl dns net send-data guuid=b9f98466-1800-0000-e50f-c6c2b80d0000 pid=3512->guuid=b9f98466-1800-0000-e50f-c6c2b80d0000 pid=3527 clone guuid=b9f98466-1800-0000-e50f-c6c2b80d0000 pid=3527->71d5fbeb-6e3e-587d-bea9-4cc9e23c5081 con 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=b9f98466-1800-0000-e50f-c6c2b80d0000 pid=3527->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 62B guuid=b0f74a90-1800-0000-e50f-c6c2d10d0000 pid=3542 /usr/bin/curl dns net send-data guuid=b0f74a90-1800-0000-e50f-c6c2d10d0000 pid=3537->guuid=b0f74a90-1800-0000-e50f-c6c2d10d0000 pid=3542 clone guuid=b0f74a90-1800-0000-e50f-c6c2d10d0000 pid=3542->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 140B guuid=2f5ca996-1800-0000-e50f-c6c2df0d0000 pid=3551 /usr/bin/bash guuid=9ac29296-1800-0000-e50f-c6c2de0d0000 pid=3550->guuid=2f5ca996-1800-0000-e50f-c6c2df0d0000 pid=3551 clone guuid=0f3eb596-1800-0000-e50f-c6c2e00d0000 pid=3552 /usr/bin/sed guuid=9ac29296-1800-0000-e50f-c6c2de0d0000 pid=3550->guuid=0f3eb596-1800-0000-e50f-c6c2e00d0000 pid=3552 execve
Score:
16%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/5071bccbf4febcda396f6c588f9ff03155225300a6286a1b9700bcfa547d6e7c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5071bccbf4febcda396f6c588f9ff03155225300a6286a1b9700bcfa547d6e7c/
Verdict:
Malicious
Threat:
Downloader.OSX.Agent
Link:
https://tip.neiki.dev/file/5071bccbf4febcda396f6c588f9ff03155225300a6286a1b9700bcfa547d6e7c
Threat name:
MacOS.Trojan.SuspMalScript
Create hunting rule
Status:
Malicious
First seen:
2026-03-26 21:56:28 UTC
File Type:
Text (Shell)
AV detection:
12 of 36 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kby3zs7u726nuolpnrmi7h7qgfkseuyauyugug4xac6puvd5nz6a._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
antivm discovery linux
Link:
https://tria.ge/reports/260401-wnrx5sey6l/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Checks CPU configuration
Looks up external IP address via web service
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/5071bccbf4febcda396f6c588f9ff03155225300a6286a1b9700bcfa547d6e7c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments