MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6bcae8f7016b166affdff426d2269c23feb5fcf5f482ee809976adea3e0f9453. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Sliver

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	6bcae8f7016b166affdff426d2269c23feb5fcf5f482ee809976adea3e0f9453
SHA3-384 hash:	15f91f34692c920643a8121b7e790e027e48a23afc6c032d5949971f7748f9e42a5aa1d59e876151a821f73a4559470e
SHA1 hash:	f918923d18d6f01f4600d7491d62bd3bb6fde8a6
MD5 hash:	03844bf4b9b7e39a45c91aea243fccf7
humanhash:	oscar-river-harry-hot
File name:	script2
Download:	download sample
Signature	Sliver Create hunting rule
File size:	326 bytes
First seen:	2025-08-23 12:19:24 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	6:A53z0wyVVKoFH4pcpmZBf+VFNaeMFIxFwK:cYB1uBHeMFIL
TLSH	T1F0E04F81E8648CB5AC250C265936EF40B586ACAE9D5EBA50D4D5AF80746528C3044ED9
Magika	shell
Reporter	abuse_ch
Tags:	sh sliver

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://181.223.9.36:9000/linux	cd757c1ef9cc99018ea1ef52e85208264c2f1724470027ceabd2eabde30b7f70	Sliver	Sliver ua-wget

Intelligence

File Origin

# of uploads :

1

# of downloads :

361

Origin country :

DE

Vendor Threat Intelligence

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/68a9b1e87137d68458392877/reports/ba0e228a-8e5f-4140-997f-5a9ed30477ab/overview

Verdict:

Clean

File Type:

Script

Link:

https://opentip.kaspersky.com/6bcae8f7016b166affdff426d2269c23feb5fcf5f482ee809976adea3e0f9453/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/69db24d4-e786-4110-9987-35dbad7ced28

Behavior Graph:

Score:

18%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/6bcae8f7016b166affdff426d2269c23feb5fcf5f482ee809976adea3e0f9453

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6bcae8f7016b166affdff426d2269c23feb5fcf5f482ee809976adea3e0f9453/

Verdict:

Malicious

Threat:

Family.SLIVER

Link:

https://tip.neiki.dev/file/6bcae8f7016b166affdff426d2269c23feb5fcf5f482ee809976adea3e0f9453

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=npfor5ybnmlgv7676qtneju4ep7ll7hv6sbo5aezo2w6upqpsrjq._file

Result

Malware family:

sliver

Score:

10/10

Tags:

family:sliver backdoor defense_evasion discovery linux persistence trojan

Link:

https://tria.ge/reports/250823-phjagsdj31/

Behaviour

Enumerates kernel/hardware configuration

Reads runtime system information

System Network Configuration Discovery

Reads CPU attributes

Enumerates running processes

Write file to user bin folder

File and Directory Permissions Modification

Executes dropped EXE

Sliver RAT v2

Sliver family

SliverRAT

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.16

Link:

https://yomi.yoroi.company/submissions/6bcae8f7016b166affdff426d2269c23feb5fcf5f482ee809976adea3e0f9453

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 6bcae8f7016b166affdff426d2269c23feb5fcf5f482ee809976adea3e0f9453

(this sample)

elf cd757c1ef9cc99018ea1ef52e85208264c2f1724470027ceabd2eabde30b7f70

URLhaus

https://urlhaus.abuse.ch/url/3610037/

Delivery method

Distributed via web download

Dropping

MD5 5ae1a54de533067508fb243d1b7d8af4

Dropping

SHA256 cd757c1ef9cc99018ea1ef52e85208264c2f1724470027ceabd2eabde30b7f70

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample