MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6d46b70196cf60bbee569dc6558e9277ccc7cf06cd774a911495b1ad79aed0f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6d46b70196cf60bbee569dc6558e9277ccc7cf06cd774a911495b1ad79aed0f9
SHA3-384 hash: 9b1d237be7e26d1034fcea77bfc976326e4e6799a05c12a02b7e4b03f101b94b15406fa94c2396f0fc496890510a9d80
SHA1 hash: 1f817b6349c61bc99de9997ce15407e94d8894a7
MD5 hash: 2792ebaa3af5f94bf1358475be978404
humanhash: carbon-texas-oklahoma-india
File name:l
Download: download sample
File size:609 bytes
First seen:2026-03-02 01:42:54 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:8q0HsOt1Vvhs520az2WT8d9mGwgl6kYV0VyVIVs6X:8RHsOt1xhEDWgmbJmYCS6X
TLSH T131F0A241BF453D555335DD1E83E0B20953301BF1B949951A92F699D71F78CC33A4E660
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://ext-checkdin.vercel.app/api/tokenln/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 bash lolbin obfuscated
Link:
https://www.filescan.io/uploads/69a539f110e80629d4f82439/reports/b9aaa1d4-df37-49d0-a832-6d8ad28eae21/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/6d46b70196cf60bbee569dc6558e9277ccc7cf06cd774a911495b1ad79aed0f9
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/81697bf6-601d-4b4c-8343-aee74b0ca8cc
Behavior Graph:
Download SVG
%3 guuid=1dec0a68-1b00-0000-6e9f-b179560c0000 pid=3158 /usr/bin/sudo guuid=29fbc069-1b00-0000-6e9f-b1795b0c0000 pid=3163 /tmp/sample.bin guuid=1dec0a68-1b00-0000-6e9f-b179560c0000 pid=3158->guuid=29fbc069-1b00-0000-6e9f-b1795b0c0000 pid=3163 execve guuid=38b6006a-1b00-0000-6e9f-b1795c0c0000 pid=3164 /usr/bin/clear guuid=29fbc069-1b00-0000-6e9f-b1795b0c0000 pid=3163->guuid=38b6006a-1b00-0000-6e9f-b1795c0c0000 pid=3164 execve
Score:
32%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/6d46b70196cf60bbee569dc6558e9277ccc7cf06cd774a911495b1ad79aed0f9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6d46b70196cf60bbee569dc6558e9277ccc7cf06cd774a911495b1ad79aed0f9/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=nvdloamwz5qlx3swtxdflduso7gmptygzv3uveiuswy226no2d4q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260302-h5k92aaz6b/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6d46b70196cf60bbee569dc6558e9277ccc7cf06cd774a911495b1ad79aed0f9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 6d46b70196cf60bbee569dc6558e9277ccc7cf06cd774a911495b1ad79aed0f9

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3787694/
  
Delivery method
Distributed via web download

Comments