MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6b94e16e486df4ae0960c0cf0ce0e0425a5b9a4b98ea18503468d4cdde93409e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6b94e16e486df4ae0960c0cf0ce0e0425a5b9a4b98ea18503468d4cdde93409e
SHA3-384 hash: 3a1cd20c70ed7f9a60311ad61b131f0f16201426afe3ab17b607099647363ae1b3ca5e2bb66cf6b51a6ddb552f284b76
SHA1 hash: f1990fadb8b67c52859474dfde448462e9ebb60e
MD5 hash: 6a8bb543b3d7e2e193e472161f7740ae
humanhash: avocado-cola-vegan-summer
File name:6b94e16e486df4ae0960c0cf0ce0e0425a5b9a4b98ea18503468d4cdde93409e
Download: download sample
File size:745 bytes
First seen:2026-04-01 10:29:02 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:Sjly97dG3BCFrCR5Va7hFHYfDlKpFeixnLQmT/adGXhG1ugykYP9RcADB73O9y:OUxdGxCFmkt1EDlgNjTidGXhGIBFVR9l
TLSH T1380110FE783234B25F43C5EA9D5394970976D36F5FD02DAC28E6873414AE010A13222D
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter JAMESWT_WT
Tags:pilautfile-com sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
IT IT
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.MacOS.Stealer-HG.83242592.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive stealer
Link:
https://www.filescan.io/uploads/69ccf37d00ad3636940995ed/reports/5950fbb0-45ce-4c64-b23e-d43aabc3cda6/overview
Result
Gathering data
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-03-29T07:03:00Z UTC
Last seen:
2026-03-29T12:43:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/6b94e16e486df4ae0960c0cf0ce0e0425a5b9a4b98ea18503468d4cdde93409e/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/0b01668d-1bde-4d02-a349-62670d9ae2a7
Behavior Graph:
Download SVG
%3 guuid=06a7afe5-1900-0000-9314-6ec7fd080000 pid=2301 /usr/bin/sudo guuid=e8d4fde7-1900-0000-9314-6ec7fe080000 pid=2302 /tmp/sample.bin guuid=06a7afe5-1900-0000-9314-6ec7fd080000 pid=2301->guuid=e8d4fde7-1900-0000-9314-6ec7fe080000 pid=2302 execve guuid=6b18a8e8-1900-0000-9314-6ec7ff080000 pid=2303 /usr/bin/bash guuid=e8d4fde7-1900-0000-9314-6ec7fe080000 pid=2302->guuid=6b18a8e8-1900-0000-9314-6ec7ff080000 pid=2303 clone guuid=e0f7a1e9-1900-0000-9314-6ec702090000 pid=2306 /usr/bin/hostname guuid=e8d4fde7-1900-0000-9314-6ec7fe080000 pid=2302->guuid=e0f7a1e9-1900-0000-9314-6ec702090000 pid=2306 execve guuid=96e9dfe9-1900-0000-9314-6ec703090000 pid=2307 /usr/bin/bash guuid=e8d4fde7-1900-0000-9314-6ec7fe080000 pid=2302->guuid=96e9dfe9-1900-0000-9314-6ec703090000 pid=2307 clone guuid=27ccfa09-1a00-0000-9314-6ec72a090000 pid=2346 /usr/bin/bash guuid=e8d4fde7-1900-0000-9314-6ec7fe080000 pid=2302->guuid=27ccfa09-1a00-0000-9314-6ec72a090000 pid=2346 clone guuid=bfc4170a-1a00-0000-9314-6ec72b090000 pid=2347 /usr/bin/curl net send-data guuid=e8d4fde7-1900-0000-9314-6ec7fe080000 pid=2302->guuid=bfc4170a-1a00-0000-9314-6ec72b090000 pid=2347 execve guuid=ffabb01f-1a00-0000-9314-6ec75d090000 pid=2397 /usr/bin/bash guuid=e8d4fde7-1900-0000-9314-6ec7fe080000 pid=2302->guuid=ffabb01f-1a00-0000-9314-6ec75d090000 pid=2397 clone guuid=95f0dfe8-1900-0000-9314-6ec700090000 pid=2304 /usr/bin/bash guuid=6b18a8e8-1900-0000-9314-6ec7ff080000 pid=2303->guuid=95f0dfe8-1900-0000-9314-6ec700090000 pid=2304 clone guuid=29cef1e8-1900-0000-9314-6ec701090000 pid=2305 /usr/bin/mawk guuid=6b18a8e8-1900-0000-9314-6ec7ff080000 pid=2303->guuid=29cef1e8-1900-0000-9314-6ec701090000 pid=2305 execve guuid=982deee9-1900-0000-9314-6ec704090000 pid=2308 /usr/bin/curl net send-data guuid=96e9dfe9-1900-0000-9314-6ec703090000 pid=2307->guuid=982deee9-1900-0000-9314-6ec704090000 pid=2308 execve 71d5fbeb-6e3e-587d-bea9-4cc9e23c5081 api.ipify.org:443 guuid=982deee9-1900-0000-9314-6ec704090000 pid=2308->71d5fbeb-6e3e-587d-bea9-4cc9e23c5081 send: 775B guuid=982deee9-1900-0000-9314-6ec704090000 pid=2320 /usr/bin/curl dns net send-data guuid=982deee9-1900-0000-9314-6ec704090000 pid=2308->guuid=982deee9-1900-0000-9314-6ec704090000 pid=2320 clone guuid=982deee9-1900-0000-9314-6ec704090000 pid=2320->71d5fbeb-6e3e-587d-bea9-4cc9e23c5081 con 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=982deee9-1900-0000-9314-6ec704090000 pid=2320->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 62B 54920ffe-aefd-5a31-b18f-d386b2322b17 pilautfile.com:443 guuid=bfc4170a-1a00-0000-9314-6ec72b090000 pid=2347->54920ffe-aefd-5a31-b18f-d386b2322b17 send: 988B guuid=bfc4170a-1a00-0000-9314-6ec72b090000 pid=2355 /usr/bin/curl dns net send-data guuid=bfc4170a-1a00-0000-9314-6ec72b090000 pid=2347->guuid=bfc4170a-1a00-0000-9314-6ec72b090000 pid=2355 clone guuid=bfc4170a-1a00-0000-9314-6ec72b090000 pid=2355->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 64B guuid=bfc4170a-1a00-0000-9314-6ec72b090000 pid=2355->54920ffe-aefd-5a31-b18f-d386b2322b17 con guuid=ed73f71f-1a00-0000-9314-6ec75f090000 pid=2399 /usr/bin/bash guuid=ffabb01f-1a00-0000-9314-6ec75d090000 pid=2397->guuid=ed73f71f-1a00-0000-9314-6ec75f090000 pid=2399 clone guuid=917e0e20-1a00-0000-9314-6ec760090000 pid=2400 /usr/bin/sed guuid=ffabb01f-1a00-0000-9314-6ec75d090000 pid=2397->guuid=917e0e20-1a00-0000-9314-6ec760090000 pid=2400 execve
Score:
17%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/6b94e16e486df4ae0960c0cf0ce0e0425a5b9a4b98ea18503468d4cdde93409e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6b94e16e486df4ae0960c0cf0ce0e0425a5b9a4b98ea18503468d4cdde93409e/
Verdict:
Malicious
Threat:
Downloader.OSX.Agent
Link:
https://tip.neiki.dev/file/6b94e16e486df4ae0960c0cf0ce0e0425a5b9a4b98ea18503468d4cdde93409e
Threat name:
MacOS.Trojan.SuspMalScript
Create hunting rule
Status:
Malicious
First seen:
2026-03-29 11:58:01 UTC
File Type:
Text (Shell)
AV detection:
10 of 36 (27.78%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nokoc3sinx2k4claydhqzyhaijnfxgsltdvbqubundkm3xuticpa._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
antivm discovery linux
Link:
https://tria.ge/reports/260401-mjdehset2v/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Checks CPU configuration
Looks up external IP address via web service
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/6b94e16e486df4ae0960c0cf0ce0e0425a5b9a4b98ea18503468d4cdde93409e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments