MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c0bd85c53739eb4cef69bd887027e1b6bc008bbef34a794caece296615e7c27. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5c0bd85c53739eb4cef69bd887027e1b6bc008bbef34a794caece296615e7c27
SHA3-384 hash: 17d39ceafc9db03de074bcab69105ff3a2a552bd86a9632007495ae36d171b7c3a4118268509810ba2f8827a1722b1e7
SHA1 hash: 052d9190344c7f097ab093cb5ae4468e271db700
MD5 hash: 43e9c51d0d929a77648561e6bf7691eb
humanhash: tango-nine-virginia-early
File name:shk
Download: download sample
File size:589 bytes
First seen:2025-10-02 05:14:34 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:Ze1uEYVF0ghsQHFBd8ghzYuTyisJFz5ghswpFBd8gh0ghmMTh4WYO80:ZeMxVKZQlBWluoLz5ZwrBW7z6udG
TLSH T18BF0468E7D80407B3035C8607AF70875F90F93991E8721ADA7EE620BF9E8C927000673
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Labled as:
Trojan[Downloader]/Shell.Agent
Link:
https://www.hybrid-analysis.com/sample/5c0bd85c53739eb4cef69bd887027e1b6bc008bbef34a794caece296615e7c27
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-10-02T03:37:00Z UTC
Last seen:
2025-10-03T01:00:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/5c0bd85c53739eb4cef69bd887027e1b6bc008bbef34a794caece296615e7c27/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/5c0bd85c53739eb4cef69bd887027e1b6bc008bbef34a794caece296615e7c27
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5c0bd85c53739eb4cef69bd887027e1b6bc008bbef34a794caece296615e7c27/
Threat name:
Linux.Downloader.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-10-02 05:26:32 UTC
File Type:
Text (Shell)
AV detection:
11 of 36 (30.56%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lqf5qxctoopljtxwtpmioat6dnv4acf3542kpfgk5trjmyk6pqtq._file
Result
Malware family:
n/a
Score:
  9/10
Tags:
credential_access defense_evasion discovery execution linux persistence privilege_escalation
Link:
https://tria.ge/reports/251002-f44nwaxwhs/
Behaviour
Reads runtime system information
Writes file to tmp directory
Changes its process name
Reads process memory
Creates/modifies Cron job
Enumerates running processes
Modifies init.d
Modifies rc script
File and Directory Permissions Modification
Executes dropped EXE
Contacts a large (180187) amount of remote hosts
Creates a large amount of network flows
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/5c0bd85c53739eb4cef69bd887027e1b6bc008bbef34a794caece296615e7c27

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 5c0bd85c53739eb4cef69bd887027e1b6bc008bbef34a794caece296615e7c27

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3620246/
  
Delivery method
Distributed via web download

Comments