MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56696f8f91b5ff3a268c8e597416b35ac9a4e51d1fc6b65d7616853fc7ccd1ea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 56696f8f91b5ff3a268c8e597416b35ac9a4e51d1fc6b65d7616853fc7ccd1ea
SHA3-384 hash: adb06e7105e9ad6920ecf3aab99e0beca702da7ab5cf638a89374e4a3e17694d444534c7202bac6437ef9920a1c9800b
SHA1 hash: 2f4f02e1abe7f3228030db8a2716c21f7aa15e33
MD5 hash: fe604f80dbdb7960142d71365ec49ace
humanhash: emma-winner-oregon-vegan
File name:x
Download: download sample
File size:26'059 bytes
First seen:2026-06-29 00:42:56 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 384:NVVud3s1yu7isjsKG6qkSgjkjV/A4UAcGM3JNRhQuW57:VQsylUMkSgjkjVdUAcR3JN34
TLSH T150C2F0F1F8ECA436369D453ABB9CA805A9CF7C2F4DAB7D2014575938421CB1DA019B3E
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 bash downloader evasive lolbin obfuscated obfuscated
Link:
https://www.filescan.io/uploads/6a41bfad51b1bc2689948c33/reports/6463b7d4-463f-40d9-8eeb-6dd6684bb240/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-06-28T21:49:00Z UTC
Last seen:
2026-06-28T21:49:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.bc
Link:
https://opentip.kaspersky.com/56696f8f91b5ff3a268c8e597416b35ac9a4e51d1fc6b65d7616853fc7ccd1ea/results?tab=lookup
Score:
87%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/56696f8f91b5ff3a268c8e597416b35ac9a4e51d1fc6b65d7616853fc7ccd1ea
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/56696f8f91b5ff3a268c8e597416b35ac9a4e51d1fc6b65d7616853fc7ccd1ea/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/56696f8f91b5ff3a268c8e597416b35ac9a4e51d1fc6b65d7616853fc7ccd1ea
Threat name:
Script-BAT.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-06-29 00:43:33 UTC
File Type:
Text (Shell)
AV detection:
8 of 36 (22.22%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kzuw7d4rwx7tujumrzmxifvtlle2jzi5d7dlmxlwc2ct7r6m2hva._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
credential_access defense_evasion discovery execution linux persistence privilege_escalation
Link:
https://tria.ge/reports/260629-a26gssax6r/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Deobfuscate/Decode Files or Information
Creates .desktop file
Modifies Bash startup script
Adds a user to the system
Creates/modifies Cron job
Creates/modifies environment variables
Deletes log files
Enumerates running processes
Modifies rc script
Deletes Audit logs
Deletes system logs
OS Credential Dumping
Modifies password files for system users/ groups
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.26
Link:
https://yomi.yoroi.company/submissions/56696f8f91b5ff3a268c8e597416b35ac9a4e51d1fc6b65d7616853fc7ccd1ea

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 56696f8f91b5ff3a268c8e597416b35ac9a4e51d1fc6b65d7616853fc7ccd1ea

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3813596/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3813653/

Comments