MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 694447b18338e6dc074603a1a149e4e470fefc78fd4bed3cd99e965df0cb44a8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 694447b18338e6dc074603a1a149e4e470fefc78fd4bed3cd99e965df0cb44a8
SHA3-384 hash: 504909fe999310954412fb13ca103aed6ea9fa689e5ba9f38bd0e4f8563e55c1f48719bd9913fbc15be8a6d80d104a4b
SHA1 hash: 14291bd116a89a6fda15a8e0f9d74e3026dfae02
MD5 hash: 240e98f8fb7d5d41022f66dd5adb994d
humanhash: harry-asparagus-july-hawaii
File name:694447b18338e6dc074603a1a149e4e470fefc78fd4bed3cd99e965df0cb44a8
Download: download sample
File size:2'196 bytes
First seen:2026-01-04 22:06:42 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:Cr6Tr6A0aoLp+LIKEBIsCiC/pC5ZybyJTT4G+XC:Cr8rhoLpPJCakyJTTh+S
TLSH T1CD41FAEBC0F2207578A0201D07CE504AD4C31E8A7EA454DC7DBC99248B7E168EB75EF4
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter l0psec
Tags:DPRK script sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
US US
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/695ae4902fb7bb52ca86e13a/reports/8423695c-1420-466f-976c-da4639582ae2/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-22T01:43:00Z UTC
Last seen:
2026-01-04T21:44:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.OSX.Agent.au
Link:
https://opentip.kaspersky.com/694447b18338e6dc074603a1a149e4e470fefc78fd4bed3cd99e965df0cb44a8/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/03fc443b-e2d0-4a56-b631-3e7a77802944
Behavior Graph:
Download SVG
%3 guuid=fc0eb2b5-1700-0000-2619-9993890b0000 pid=2953 /usr/bin/sudo guuid=ab637cb7-1700-0000-2619-99938e0b0000 pid=2958 /tmp/sample.bin guuid=fc0eb2b5-1700-0000-2619-9993890b0000 pid=2953->guuid=ab637cb7-1700-0000-2619-99938e0b0000 pid=2958 execve guuid=bd48e3b7-1700-0000-2619-99938f0b0000 pid=2959 /usr/bin/uname guuid=ab637cb7-1700-0000-2619-99938e0b0000 pid=2958->guuid=bd48e3b7-1700-0000-2619-99938f0b0000 pid=2959 execve guuid=207e6bb8-1700-0000-2619-9993900b0000 pid=2960 /usr/bin/mkdir guuid=ab637cb7-1700-0000-2619-99938e0b0000 pid=2958->guuid=207e6bb8-1700-0000-2619-9993900b0000 pid=2960 execve guuid=bb3ab9b8-1700-0000-2619-9993920b0000 pid=2962 /usr/bin/curl net guuid=ab637cb7-1700-0000-2619-99938e0b0000 pid=2958->guuid=bb3ab9b8-1700-0000-2619-9993920b0000 pid=2962 execve 6e381c76-31dd-5444-97c1-8342e80bf6ef patch.levinpros.com:443 guuid=bb3ab9b8-1700-0000-2619-9993920b0000 pid=2962->6e381c76-31dd-5444-97c1-8342e80bf6ef con guuid=bb3ab9b8-1700-0000-2619-9993920b0000 pid=2976 /usr/bin/curl dns net send-data guuid=bb3ab9b8-1700-0000-2619-9993920b0000 pid=2962->guuid=bb3ab9b8-1700-0000-2619-9993920b0000 pid=2976 clone 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=bb3ab9b8-1700-0000-2619-9993920b0000 pid=2976->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 74B
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/694447b18338e6dc074603a1a149e4e470fefc78fd4bed3cd99e965df0cb44a8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/694447b18338e6dc074603a1a149e4e470fefc78fd4bed3cd99e965df0cb44a8/
Verdict:
Malicious
Threat:
Trojan-Downloader.OSX.Agent
Link:
https://tip.neiki.dev/file/694447b18338e6dc074603a1a149e4e470fefc78fd4bed3cd99e965df0cb44a8
Threat name:
MacOS.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-11-21 15:53:38 UTC
File Type:
Text (Shell)
AV detection:
9 of 36 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nfcepmmdhdtnyb2gaoq2cspe4ryp57dy7vf62pgzt2lf34glisua._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery linux
Link:
https://tria.ge/reports/260104-11xrdafq9x/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/694447b18338e6dc074603a1a149e4e470fefc78fd4bed3cd99e965df0cb44a8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://x.com/L0Psec/status/1992348070101791152

Comments