MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 56696f8f91b5ff3a268c8e597416b35ac9a4e51d1fc6b65d7616853fc7ccd1ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | 56696f8f91b5ff3a268c8e597416b35ac9a4e51d1fc6b65d7616853fc7ccd1ea |
|---|---|
| SHA3-384 hash: | adb06e7105e9ad6920ecf3aab99e0beca702da7ab5cf638a89374e4a3e17694d444534c7202bac6437ef9920a1c9800b |
| SHA1 hash: | 2f4f02e1abe7f3228030db8a2716c21f7aa15e33 |
| MD5 hash: | fe604f80dbdb7960142d71365ec49ace |
| humanhash: | emma-winner-oregon-vegan |
| File name: | x |
| Download: | download sample |
| File size: | 26'059 bytes |
| First seen: | 2026-06-29 00:42:56 UTC |
| Last seen: | Never |
| File type: | sh |
| MIME type: | text/x-shellscript |
| ssdeep | 384:NVVud3s1yu7isjsKG6qkSgjkjV/A4UAcGM3JNRhQuW57:VQsylUMkSgjkjVdUAcR3JN34 |
| TLSH | T150C2F0F1F8ECA436369D453ABB9CA805A9CF7C2F4DAB7D2014575938421CB1DA019B3E |
| TrID | 70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1) |
| Magika | shell |
| Reporter | |
| Tags: | sh |
Intelligence
File Origin
# of uploads :
1
# of downloads :
54
Origin country :
DEVendor Threat Intelligence
No detections
Gathering data
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
base64 bash downloader evasive lolbin obfuscated obfuscated
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-06-28T21:49:00Z UTC
Last seen:
2026-06-28T21:49:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.bc
Status:
Failed
Score:
87%
Verdict:
Malware
File Type:
SCRIPT
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Threat name:
Script-BAT.Trojan.Heuristic
Status:
Malicious
First seen:
2026-06-29 00:43:33 UTC
File Type:
Text (Shell)
AV detection:
8 of 36 (22.22%)
Threat level:
2/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
8/10
Tags:
credential_access defense_evasion discovery execution linux persistence privilege_escalation
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Deobfuscate/Decode Files or Information
Creates .desktop file
Modifies Bash startup script
Adds a user to the system
Creates/modifies Cron job
Creates/modifies environment variables
Deletes log files
Enumerates running processes
Modifies rc script
Deletes Audit logs
Deletes system logs
OS Credential Dumping
Modifies password files for system users/ groups
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.26
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh 56696f8f91b5ff3a268c8e597416b35ac9a4e51d1fc6b65d7616853fc7ccd1ea
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.