MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 56da8e576255b19490b476a2b0b5a09985898222abb964d9d6294a0653c49a39. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 56da8e576255b19490b476a2b0b5a09985898222abb964d9d6294a0653c49a39
SHA3-384 hash: 6b1d6bf81b36a4f5aadaef1d78fc1affbcdec07e9d42704b2e5f69d6e27fd55071717526c2f35d8f279242767b63b977
SHA1 hash: eedf449b151200830fd25b6847e0cbd8a6f840a3
MD5 hash: 21ad955579a3e107f6f853fd7ae2b226
humanhash: five-social-alaska-may
File name:l
Download: download sample
File size:463 bytes
First seen:2025-07-06 05:45:13 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:oWLgewmKWLBmMSXJREmMSt7YJREmMSUUsv:oWLgfDWLLMqWuqj
TLSH T1E0F054F10D0C7470F1D5A475B5379B5A64DF40C35C110D19DC78D2F65CD4E249990E90
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.109.21.93/lmipsn/an/aelf ua-wget
http://185.109.21.93/lmpsln/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
15
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
89.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=686a8d2ec9eb974737671543linux22vpnfull_triage
Tags:
n/a
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/56da8e576255b19490b476a2b0b5a09985898222abb964d9d6294a0653c49a39
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/65862104-b283-4972-96fc-d3d4f911045f
Behavior Graph:
Download SVG
%3 guuid=264473e3-1900-0000-3668-9803b20d0000 pid=3506 /usr/bin/sudo guuid=cfdbf4e6-1900-0000-3668-9803b40d0000 pid=3508 /tmp/sample.bin guuid=264473e3-1900-0000-3668-9803b20d0000 pid=3506->guuid=cfdbf4e6-1900-0000-3668-9803b40d0000 pid=3508 execve guuid=157f2fe7-1900-0000-3668-9803b60d0000 pid=3510 /usr/bin/wget net send-data guuid=cfdbf4e6-1900-0000-3668-9803b40d0000 pid=3508->guuid=157f2fe7-1900-0000-3668-9803b60d0000 pid=3510 execve guuid=376308ee-1900-0000-3668-9803c60d0000 pid=3526 /usr/bin/chmod guuid=cfdbf4e6-1900-0000-3668-9803b40d0000 pid=3508->guuid=376308ee-1900-0000-3668-9803c60d0000 pid=3526 execve guuid=ecb65dee-1900-0000-3668-9803c70d0000 pid=3527 /tmp/msps guuid=cfdbf4e6-1900-0000-3668-9803b40d0000 pid=3508->guuid=ecb65dee-1900-0000-3668-9803c70d0000 pid=3527 execve guuid=60642fef-1900-0000-3668-9803c90d0000 pid=3529 /usr/bin/wget net send-data guuid=cfdbf4e6-1900-0000-3668-9803b40d0000 pid=3508->guuid=60642fef-1900-0000-3668-9803c90d0000 pid=3529 execve guuid=a86e19f5-1900-0000-3668-9803ce0d0000 pid=3534 /usr/bin/chmod guuid=cfdbf4e6-1900-0000-3668-9803b40d0000 pid=3508->guuid=a86e19f5-1900-0000-3668-9803ce0d0000 pid=3534 execve guuid=1d1c5af5-1900-0000-3668-9803d00d0000 pid=3536 /tmp/mssl guuid=cfdbf4e6-1900-0000-3668-9803b40d0000 pid=3508->guuid=1d1c5af5-1900-0000-3668-9803d00d0000 pid=3536 execve guuid=d2fffaf6-1900-0000-3668-9803d60d0000 pid=3542 /usr/sbin/xtables-nft-multi guuid=cfdbf4e6-1900-0000-3668-9803b40d0000 pid=3508->guuid=d2fffaf6-1900-0000-3668-9803d60d0000 pid=3542 execve guuid=c1d60d02-1a00-0000-3668-9803f40d0000 pid=3572 /usr/sbin/xtables-nft-multi guuid=cfdbf4e6-1900-0000-3668-9803b40d0000 pid=3508->guuid=c1d60d02-1a00-0000-3668-9803f40d0000 pid=3572 execve guuid=71255d09-1a00-0000-3668-98030a0e0000 pid=3594 /usr/sbin/xtables-nft-multi guuid=cfdbf4e6-1900-0000-3668-9803b40d0000 pid=3508->guuid=71255d09-1a00-0000-3668-98030a0e0000 pid=3594 execve guuid=26aa2f13-1a00-0000-3668-9803210e0000 pid=3617 /usr/sbin/xtables-nft-multi guuid=cfdbf4e6-1900-0000-3668-9803b40d0000 pid=3508->guuid=26aa2f13-1a00-0000-3668-9803210e0000 pid=3617 execve ab7ec3c8-0094-58fc-b76b-500ab96bb0c3 185.109.21.93:80 guuid=157f2fe7-1900-0000-3668-9803b60d0000 pid=3510->ab7ec3c8-0094-58fc-b76b-500ab96bb0c3 send: 133B guuid=60642fef-1900-0000-3668-9803c90d0000 pid=3529->ab7ec3c8-0094-58fc-b76b-500ab96bb0c3 send: 133B
Score:
90%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/56da8e576255b19490b476a2b0b5a09985898222abb964d9d6294a0653c49a39
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/56da8e576255b19490b476a2b0b5a09985898222abb964d9d6294a0653c49a39/
Threat name:
Text.Browser.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-06-28 13:19:28 UTC
File Type:
Text (Shell)
AV detection:
2 of 38 (5.26%)
Threat level:
  4/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k3ni4v3ckwyzjefuo2rlbnnatgcytarcvo4wjwowfffamu6eti4q._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/56da8e576255b19490b476a2b0b5a09985898222abb964d9d6294a0653c49a39

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 56da8e576255b19490b476a2b0b5a09985898222abb964d9d6294a0653c49a39

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3538919/
  
Delivery method
Distributed via web download

Comments