MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 576c7ec626df5317c75eccb70885cb14ff73e29e6b85e30a234f7cffebed784b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 576c7ec626df5317c75eccb70885cb14ff73e29e6b85e30a234f7cffebed784b
SHA3-384 hash: 112e3d342dcfcb2aec9d9103fa979eb61d7b88dd88a6bc49cfec30b1b755bbacb9fbe8e77387be02980e993cfadeb5a8
SHA1 hash: 9cc503239aa585f684a80fc1da1e1fdab5f70f84
MD5 hash: 650378a2e1c16d9772fc6bbbd3b65205
humanhash: emma-pizza-winter-ten
File name:ds.sh
Download: download sample
File size:2'489 bytes
First seen:2026-02-08 19:35:42 UTC
Last seen:2026-02-09 06:31:30 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 48:jUrmNBL6DGmI/23v1WoIpne4Ipd/fHAvMgX4yLJ1c7PX/fVcHEzVc2:jUryL6DNIuNz4WAEdM1c7GHb2
TLSH T1D45112B5D6A2CAB4CE8CA1370AC971116039501B0A069AA93D5F69B37F7C9B403F574F
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
2
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6988e5ba981ff1d38a4d5e0e/reports/f0d2be07-3349-4ea6-8dd2-af0a159220d7/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/19e55b0e-8104-4ffc-a08a-c5f6a82538d4
Behavior Graph:
Download SVG
%3 guuid=08e22963-1600-0000-459c-9b6be70c0000 pid=3303 /usr/bin/sudo guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310 /tmp/sample.bin guuid=08e22963-1600-0000-459c-9b6be70c0000 pid=3303->guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310 execve guuid=15c4d566-1600-0000-459c-9b6bf10c0000 pid=3313 /usr/bin/bash guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=15c4d566-1600-0000-459c-9b6bf10c0000 pid=3313 clone guuid=fc28b667-1600-0000-459c-9b6bf60c0000 pid=3318 /usr/bin/flock guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=fc28b667-1600-0000-459c-9b6bf60c0000 pid=3318 execve guuid=11939c68-1600-0000-459c-9b6bf70c0000 pid=3319 /usr/bin/date guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=11939c68-1600-0000-459c-9b6bf70c0000 pid=3319 execve guuid=c73a5c69-1600-0000-459c-9b6bf80c0000 pid=3320 /usr/bin/touch guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=c73a5c69-1600-0000-459c-9b6bf80c0000 pid=3320 execve guuid=38aaf469-1600-0000-459c-9b6bf90c0000 pid=3321 /usr/bin/bash guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=38aaf469-1600-0000-459c-9b6bf90c0000 pid=3321 clone guuid=1e1f2f6a-1600-0000-459c-9b6bfa0c0000 pid=3322 /usr/bin/stat guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=1e1f2f6a-1600-0000-459c-9b6bfa0c0000 pid=3322 execve guuid=c9bd606b-1600-0000-459c-9b6bfb0c0000 pid=3323 /usr/bin/date guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=c9bd606b-1600-0000-459c-9b6bfb0c0000 pid=3323 execve guuid=8c171a6c-1600-0000-459c-9b6bfc0c0000 pid=3324 /usr/bin/touch guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=8c171a6c-1600-0000-459c-9b6bfc0c0000 pid=3324 execve guuid=3e2aa36c-1600-0000-459c-9b6bfd0c0000 pid=3325 /usr/bin/bash guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=3e2aa36c-1600-0000-459c-9b6bfd0c0000 pid=3325 clone guuid=df98c76c-1600-0000-459c-9b6bfe0c0000 pid=3326 /usr/bin/stat guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=df98c76c-1600-0000-459c-9b6bfe0c0000 pid=3326 execve guuid=b66b5b6d-1600-0000-459c-9b6bff0c0000 pid=3327 /usr/bin/date guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=b66b5b6d-1600-0000-459c-9b6bff0c0000 pid=3327 execve guuid=af87df6d-1600-0000-459c-9b6b000d0000 pid=3328 /usr/bin/touch guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=af87df6d-1600-0000-459c-9b6b000d0000 pid=3328 execve guuid=02e63d6e-1600-0000-459c-9b6b010d0000 pid=3329 /usr/bin/bash guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=02e63d6e-1600-0000-459c-9b6b010d0000 pid=3329 clone guuid=1395626e-1600-0000-459c-9b6b020d0000 pid=3330 /usr/bin/stat guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=1395626e-1600-0000-459c-9b6b020d0000 pid=3330 execve guuid=465ae86e-1600-0000-459c-9b6b030d0000 pid=3331 /usr/bin/date guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=465ae86e-1600-0000-459c-9b6b030d0000 pid=3331 execve guuid=9bd3536f-1600-0000-459c-9b6b040d0000 pid=3332 /usr/bin/touch guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=9bd3536f-1600-0000-459c-9b6b040d0000 pid=3332 execve guuid=a247b26f-1600-0000-459c-9b6b050d0000 pid=3333 /usr/bin/bash guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=a247b26f-1600-0000-459c-9b6b050d0000 pid=3333 clone guuid=104c2370-1600-0000-459c-9b6b060d0000 pid=3334 /usr/bin/stat guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=104c2370-1600-0000-459c-9b6b060d0000 pid=3334 execve guuid=9d2e9e70-1600-0000-459c-9b6b070d0000 pid=3335 /usr/bin/date guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=9d2e9e70-1600-0000-459c-9b6b070d0000 pid=3335 execve guuid=50244d71-1600-0000-459c-9b6b090d0000 pid=3337 /usr/bin/touch guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=50244d71-1600-0000-459c-9b6b090d0000 pid=3337 execve guuid=001dce71-1600-0000-459c-9b6b0a0d0000 pid=3338 /usr/bin/bash guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=001dce71-1600-0000-459c-9b6b0a0d0000 pid=3338 clone guuid=25140d72-1600-0000-459c-9b6b0b0d0000 pid=3339 /usr/bin/stat guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=25140d72-1600-0000-459c-9b6b0b0d0000 pid=3339 execve guuid=64699c72-1600-0000-459c-9b6b0c0d0000 pid=3340 /usr/bin/date guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=64699c72-1600-0000-459c-9b6b0c0d0000 pid=3340 execve guuid=f0114073-1600-0000-459c-9b6b0f0d0000 pid=3343 /usr/bin/touch guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=f0114073-1600-0000-459c-9b6b0f0d0000 pid=3343 execve guuid=df329473-1600-0000-459c-9b6b110d0000 pid=3345 /usr/bin/bash guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=df329473-1600-0000-459c-9b6b110d0000 pid=3345 clone guuid=d93cb173-1600-0000-459c-9b6b120d0000 pid=3346 /usr/bin/stat guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=d93cb173-1600-0000-459c-9b6b120d0000 pid=3346 execve guuid=71dc1474-1600-0000-459c-9b6b150d0000 pid=3349 /usr/bin/date guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=71dc1474-1600-0000-459c-9b6b150d0000 pid=3349 execve guuid=3e0a6a74-1600-0000-459c-9b6b170d0000 pid=3351 /usr/bin/touch guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=3e0a6a74-1600-0000-459c-9b6b170d0000 pid=3351 execve guuid=0b56a474-1600-0000-459c-9b6b190d0000 pid=3353 /usr/bin/bash guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=0b56a474-1600-0000-459c-9b6b190d0000 pid=3353 clone guuid=cba3c274-1600-0000-459c-9b6b1a0d0000 pid=3354 /usr/bin/stat guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=cba3c274-1600-0000-459c-9b6b1a0d0000 pid=3354 execve guuid=3f1a1e75-1600-0000-459c-9b6b1c0d0000 pid=3356 /usr/bin/date guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=3f1a1e75-1600-0000-459c-9b6b1c0d0000 pid=3356 execve guuid=9c986775-1600-0000-459c-9b6b1e0d0000 pid=3358 /usr/bin/touch guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=9c986775-1600-0000-459c-9b6b1e0d0000 pid=3358 execve guuid=d7cfb775-1600-0000-459c-9b6b200d0000 pid=3360 /usr/bin/bash guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=d7cfb775-1600-0000-459c-9b6b200d0000 pid=3360 clone guuid=4152ce75-1600-0000-459c-9b6b210d0000 pid=3361 /usr/bin/stat guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=4152ce75-1600-0000-459c-9b6b210d0000 pid=3361 execve guuid=7b246076-1600-0000-459c-9b6b230d0000 pid=3363 /usr/bin/date guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=7b246076-1600-0000-459c-9b6b230d0000 pid=3363 execve guuid=6662c776-1600-0000-459c-9b6b240d0000 pid=3364 /usr/bin/touch guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=6662c776-1600-0000-459c-9b6b240d0000 pid=3364 execve guuid=f44e1977-1600-0000-459c-9b6b250d0000 pid=3365 /usr/bin/bash guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=f44e1977-1600-0000-459c-9b6b250d0000 pid=3365 clone guuid=c3273d77-1600-0000-459c-9b6b260d0000 pid=3366 /usr/bin/stat guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=c3273d77-1600-0000-459c-9b6b260d0000 pid=3366 execve guuid=afefac77-1600-0000-459c-9b6b290d0000 pid=3369 /usr/bin/date guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=afefac77-1600-0000-459c-9b6b290d0000 pid=3369 execve guuid=0177f877-1600-0000-459c-9b6b2b0d0000 pid=3371 /usr/bin/date guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=0177f877-1600-0000-459c-9b6b2b0d0000 pid=3371 execve guuid=ff1c3c78-1600-0000-459c-9b6b2d0d0000 pid=3373 /usr/bin/flock guuid=4e138266-1600-0000-459c-9b6bee0c0000 pid=3310->guuid=ff1c3c78-1600-0000-459c-9b6b2d0d0000 pid=3373 execve guuid=a8e4f066-1600-0000-459c-9b6bf20c0000 pid=3314 /usr/bin/hostname guuid=15c4d566-1600-0000-459c-9b6bf10c0000 pid=3313->guuid=a8e4f066-1600-0000-459c-9b6bf20c0000 pid=3314 execve guuid=90520467-1600-0000-459c-9b6bf30c0000 pid=3315 /usr/bin/mawk guuid=15c4d566-1600-0000-459c-9b6bf10c0000 pid=3313->guuid=90520467-1600-0000-459c-9b6bf30c0000 pid=3315 execve
Score:
4%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/576c7ec626df5317c75eccb70885cb14ff73e29e6b85e30a234f7cffebed784b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/576c7ec626df5317c75eccb70885cb14ff73e29e6b85e30a234f7cffebed784b/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/576c7ec626df5317c75eccb70885cb14ff73e29e6b85e30a234f7cffebed784b
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=k5wh5rrg35jrpr26zs3qrbolct7xhyu6noc6gcrdj56p727npbfq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery linux
Link:
https://tria.ge/reports/260208-ybf18ahv3c/
Behaviour
Reads runtime system information
Writes file to tmp directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.64
Link:
https://yomi.yoroi.company/submissions/576c7ec626df5317c75eccb70885cb14ff73e29e6b85e30a234f7cffebed784b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 576c7ec626df5317c75eccb70885cb14ff73e29e6b85e30a234f7cffebed784b

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3774764/
  
Delivery method
Distributed via web download

Comments