MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 59d52bc0555e77b9fa897d5a4d87d61a78e03ff3dc55cb966946997782bd7fee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 59d52bc0555e77b9fa897d5a4d87d61a78e03ff3dc55cb966946997782bd7fee
SHA3-384 hash: 6f73fdb85ed0f401e4ed0223db1a082bd8307c00291b27013b1aee48359b30d45314922913b5ac07aa5a52ce358ffb46
SHA1 hash: 0b429dfc3f7e13cac5dd9de1d7eb51a8d1826257
MD5 hash: 8d0999cdfa86946343f89eced37b2a98
humanhash: ohio-gee-magnesium-kansas
File name:clean
Download: download sample
File size:943 bytes
First seen:2026-06-13 22:47:52 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:4ud1jvF3dudpRduJinDSx1wyx1+u5C2uK6QuTzaH+2TQuTzuCI2m2p4nKTNXK:4uddudpRduJiny1wO1+uA2uK6QuTu+2I
TLSH T1E7119C8E6721D63425DDD524BBF24F3C6E72A3852C126806308B30FCE0EC69037A8C36
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6a2dde3d8161ac6cb5609465/reports/5b35d653-8515-463f-95d7-0fb1cfa98548/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/e2298286-88e7-4006-9d12-258266fb4fe9
Behavior Graph:
Download SVG
%3 guuid=2ebb2817-1800-0000-94a0-2f27910c0000 pid=3217 /usr/bin/sudo guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224 /tmp/sample.bin guuid=2ebb2817-1800-0000-94a0-2f27910c0000 pid=3217->guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224 execve guuid=09a93e19-1800-0000-94a0-2f27990c0000 pid=3225 /usr/bin/systemctl guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=09a93e19-1800-0000-94a0-2f27990c0000 pid=3225 execve guuid=3ab4b71b-1800-0000-94a0-2f279b0c0000 pid=3227 /usr/bin/systemctl guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=3ab4b71b-1800-0000-94a0-2f279b0c0000 pid=3227 execve guuid=daf3bb1c-1800-0000-94a0-2f279f0c0000 pid=3231 /usr/bin/chattr guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=daf3bb1c-1800-0000-94a0-2f279f0c0000 pid=3231 execve guuid=acce211d-1800-0000-94a0-2f27a10c0000 pid=3233 /usr/bin/chattr guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=acce211d-1800-0000-94a0-2f27a10c0000 pid=3233 execve guuid=3ec8631d-1800-0000-94a0-2f27a30c0000 pid=3235 /usr/bin/chattr guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=3ec8631d-1800-0000-94a0-2f27a30c0000 pid=3235 execve guuid=5738bc1d-1800-0000-94a0-2f27a50c0000 pid=3237 /usr/bin/chattr guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=5738bc1d-1800-0000-94a0-2f27a50c0000 pid=3237 execve guuid=6adf201e-1800-0000-94a0-2f27a60c0000 pid=3238 /usr/bin/grep write-file guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=6adf201e-1800-0000-94a0-2f27a60c0000 pid=3238 execve guuid=1769b91e-1800-0000-94a0-2f27a70c0000 pid=3239 /usr/bin/mv guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=1769b91e-1800-0000-94a0-2f27a70c0000 pid=3239 execve guuid=5796571f-1800-0000-94a0-2f27a80c0000 pid=3240 /usr/bin/chattr guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=5796571f-1800-0000-94a0-2f27a80c0000 pid=3240 execve guuid=4a3ad71f-1800-0000-94a0-2f27a90c0000 pid=3241 /usr/bin/grep write-file guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=4a3ad71f-1800-0000-94a0-2f27a90c0000 pid=3241 execve guuid=34836220-1800-0000-94a0-2f27aa0c0000 pid=3242 /usr/bin/mv guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=34836220-1800-0000-94a0-2f27aa0c0000 pid=3242 execve guuid=f7f5f820-1800-0000-94a0-2f27ab0c0000 pid=3243 /usr/bin/chattr guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=f7f5f820-1800-0000-94a0-2f27ab0c0000 pid=3243 execve guuid=f0f25621-1800-0000-94a0-2f27ac0c0000 pid=3244 /usr/bin/grep write-file guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=f0f25621-1800-0000-94a0-2f27ac0c0000 pid=3244 execve guuid=a3d8ef21-1800-0000-94a0-2f27ad0c0000 pid=3245 /usr/bin/mv guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=a3d8ef21-1800-0000-94a0-2f27ad0c0000 pid=3245 execve guuid=10d77c22-1800-0000-94a0-2f27ae0c0000 pid=3246 /usr/bin/chattr guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=10d77c22-1800-0000-94a0-2f27ae0c0000 pid=3246 execve guuid=a303fb22-1800-0000-94a0-2f27af0c0000 pid=3247 /usr/bin/chattr guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=a303fb22-1800-0000-94a0-2f27af0c0000 pid=3247 execve guuid=5c5c5123-1800-0000-94a0-2f27b10c0000 pid=3249 /usr/bin/grep write-file guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=5c5c5123-1800-0000-94a0-2f27b10c0000 pid=3249 execve guuid=74e17124-1800-0000-94a0-2f27b40c0000 pid=3252 /usr/bin/mv guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=74e17124-1800-0000-94a0-2f27b40c0000 pid=3252 execve guuid=b6e2ec24-1800-0000-94a0-2f27b70c0000 pid=3255 /usr/bin/chattr guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=b6e2ec24-1800-0000-94a0-2f27b70c0000 pid=3255 execve guuid=f78a4525-1800-0000-94a0-2f27b90c0000 pid=3257 /usr/bin/chattr guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=f78a4525-1800-0000-94a0-2f27b90c0000 pid=3257 execve guuid=e719b625-1800-0000-94a0-2f27bb0c0000 pid=3259 /usr/bin/chattr guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=e719b625-1800-0000-94a0-2f27bb0c0000 pid=3259 execve guuid=fc14fe25-1800-0000-94a0-2f27bd0c0000 pid=3261 /usr/bin/grep write-file guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=fc14fe25-1800-0000-94a0-2f27bd0c0000 pid=3261 execve guuid=d8c66026-1800-0000-94a0-2f27be0c0000 pid=3262 /usr/bin/mv guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=d8c66026-1800-0000-94a0-2f27be0c0000 pid=3262 execve guuid=3b0dd126-1800-0000-94a0-2f27c10c0000 pid=3265 /usr/bin/chattr guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=3b0dd126-1800-0000-94a0-2f27c10c0000 pid=3265 execve guuid=77743627-1800-0000-94a0-2f27c40c0000 pid=3268 /usr/bin/grep guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=77743627-1800-0000-94a0-2f27c40c0000 pid=3268 execve guuid=ee908127-1800-0000-94a0-2f27c60c0000 pid=3270 /usr/bin/mv guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=ee908127-1800-0000-94a0-2f27c60c0000 pid=3270 execve guuid=5367d827-1800-0000-94a0-2f27c80c0000 pid=3272 /usr/bin/bash guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=5367d827-1800-0000-94a0-2f27c80c0000 pid=3272 clone guuid=8990ef27-1800-0000-94a0-2f27c90c0000 pid=3273 /usr/bin/bash guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=8990ef27-1800-0000-94a0-2f27c90c0000 pid=3273 clone guuid=74c0f627-1800-0000-94a0-2f27ca0c0000 pid=3274 /usr/bin/grep guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=74c0f627-1800-0000-94a0-2f27ca0c0000 pid=3274 execve guuid=75484128-1800-0000-94a0-2f27cc0c0000 pid=3276 /usr/bin/find guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=75484128-1800-0000-94a0-2f27cc0c0000 pid=3276 execve guuid=d7213b29-1800-0000-94a0-2f27ce0c0000 pid=3278 /usr/bin/bash guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=d7213b29-1800-0000-94a0-2f27ce0c0000 pid=3278 clone guuid=4fda4229-1800-0000-94a0-2f27cf0c0000 pid=3279 /usr/bin/grep guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=4fda4229-1800-0000-94a0-2f27cf0c0000 pid=3279 execve guuid=680bd629-1800-0000-94a0-2f27d10c0000 pid=3281 /usr/bin/find guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=680bd629-1800-0000-94a0-2f27d10c0000 pid=3281 execve guuid=38b8872d-1800-0000-94a0-2f27dd0c0000 pid=3293 /usr/bin/bash guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=38b8872d-1800-0000-94a0-2f27dd0c0000 pid=3293 clone guuid=be608f2d-1800-0000-94a0-2f27de0c0000 pid=3294 /usr/bin/grep guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=be608f2d-1800-0000-94a0-2f27de0c0000 pid=3294 execve guuid=c020ef2d-1800-0000-94a0-2f27e10c0000 pid=3297 /usr/bin/find guuid=adfaee18-1800-0000-94a0-2f27980c0000 pid=3224->guuid=c020ef2d-1800-0000-94a0-2f27e10c0000 pid=3297 execve guuid=cda4af28-1800-0000-94a0-2f27cd0c0000 pid=3277 /usr/bin/rm delete-file guuid=75484128-1800-0000-94a0-2f27cc0c0000 pid=3276->guuid=cda4af28-1800-0000-94a0-2f27cd0c0000 pid=3277 execve guuid=f60a202a-1800-0000-94a0-2f27d30c0000 pid=3283 /usr/bin/rm delete-file guuid=680bd629-1800-0000-94a0-2f27d10c0000 pid=3281->guuid=f60a202a-1800-0000-94a0-2f27d30c0000 pid=3283 execve
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/59d52bc0555e77b9fa897d5a4d87d61a78e03ff3dc55cb966946997782bd7fee
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/59d52bc0555e77b9fa897d5a4d87d61a78e03ff3dc55cb966946997782bd7fee/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lhksxqcvlz33t6ujpvne3b6wdj4oap7t3rk4xftji2mxpav5p7xa._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery linux
Link:
https://tria.ge/reports/260613-2rbyzsas9w/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
Attempts to change immutable files
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 59d52bc0555e77b9fa897d5a4d87d61a78e03ff3dc55cb966946997782bd7fee

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3864231/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3849685/

Comments