MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f86ce7ce5ccd94576216fb9cda7625d982492cddac10e18566a33925ccbb7ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f86ce7ce5ccd94576216fb9cda7625d982492cddac10e18566a33925ccbb7ff
SHA3-384 hash: ab55946202d8a219fcd1401b9d243ccdf1aff94393c60516fa09562926ba7a8afcf2134fcd24df6055ecf1a469d6f785
SHA1 hash: 97899f5b0c449ec0900ea91055677d0f8d246538
MD5 hash: 4f843c0d1fcda8320fe2e107248ecc18
humanhash: video-steak-video-fanta
File name:d.sh
Download: download sample
File size:1'539 bytes
First seen:2026-01-19 16:08:06 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:UJ9DxGQ1nbcVglpm1sl6R1/WV/TSBt75u7sb1Lad/Py:e9dJZIC6fKQt75u7U1LUi
TLSH T14431D04330A3207B134C4175877E654A7549900B9014CD6EB93FB638FF66185F2B97D3
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
28
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/696e570e5db9ae477089034d/reports/bc55d369-9b1f-4c0b-8ab7-3bc821a9803e/overview
Verdict:
Clean
File Type:
unix shell
First seen:
2026-01-19T13:15:00Z UTC
Last seen:
2026-01-19T14:10:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/6f86ce7ce5ccd94576216fb9cda7625d982492cddac10e18566a33925ccbb7ff/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/126d5cd6-da8d-409f-a41b-8eefcf7671c0
Behavior Graph:
Download SVG
%3 guuid=b6c178b3-1a00-0000-c02c-24f9840b0000 pid=2948 /usr/bin/sudo guuid=39486ab5-1a00-0000-c02c-24f98b0b0000 pid=2955 /tmp/sample.bin guuid=b6c178b3-1a00-0000-c02c-24f9840b0000 pid=2948->guuid=39486ab5-1a00-0000-c02c-24f98b0b0000 pid=2955 execve guuid=fb26cab5-1a00-0000-c02c-24f98d0b0000 pid=2957 /usr/bin/bash guuid=39486ab5-1a00-0000-c02c-24f98b0b0000 pid=2955->guuid=fb26cab5-1a00-0000-c02c-24f98d0b0000 pid=2957 clone guuid=d3e547b6-1a00-0000-c02c-24f98f0b0000 pid=2959 /usr/bin/uname guuid=39486ab5-1a00-0000-c02c-24f98b0b0000 pid=2955->guuid=d3e547b6-1a00-0000-c02c-24f98f0b0000 pid=2959 execve guuid=d97fc2b6-1a00-0000-c02c-24f9900b0000 pid=2960 /usr/bin/wget net send-data guuid=39486ab5-1a00-0000-c02c-24f98b0b0000 pid=2955->guuid=d97fc2b6-1a00-0000-c02c-24f9900b0000 pid=2960 execve guuid=0259eeba-1a00-0000-c02c-24f9980b0000 pid=2968 /usr/bin/curl net send-data write-file guuid=39486ab5-1a00-0000-c02c-24f98b0b0000 pid=2955->guuid=0259eeba-1a00-0000-c02c-24f9980b0000 pid=2968 execve guuid=ee52bcc2-1a00-0000-c02c-24f9a60b0000 pid=2982 /usr/bin/chmod guuid=39486ab5-1a00-0000-c02c-24f98b0b0000 pid=2955->guuid=ee52bcc2-1a00-0000-c02c-24f9a60b0000 pid=2982 execve guuid=92bd15c3-1a00-0000-c02c-24f9a70b0000 pid=2983 /usr/bin/bash zombie guuid=39486ab5-1a00-0000-c02c-24f98b0b0000 pid=2955->guuid=92bd15c3-1a00-0000-c02c-24f9a70b0000 pid=2983 clone guuid=7624ddb5-1a00-0000-c02c-24f98e0b0000 pid=2958 /usr/bin/uname guuid=fb26cab5-1a00-0000-c02c-24f98d0b0000 pid=2957->guuid=7624ddb5-1a00-0000-c02c-24f98e0b0000 pid=2958 execve d56ba372-36f9-503f-931b-b7b91a898510 176.65.148.239:80 guuid=d97fc2b6-1a00-0000-c02c-24f9900b0000 pid=2960->d56ba372-36f9-503f-931b-b7b91a898510 send: 152B guuid=0259eeba-1a00-0000-c02c-24f9980b0000 pid=2968->d56ba372-36f9-503f-931b-b7b91a898510 send: 101B
Score:
2%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/6f86ce7ce5ccd94576216fb9cda7625d982492cddac10e18566a33925ccbb7ff
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6f86ce7ce5ccd94576216fb9cda7625d982492cddac10e18566a33925ccbb7ff/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/6f86ce7ce5ccd94576216fb9cda7625d982492cddac10e18566a33925ccbb7ff
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=n6dm47hfztmuk5rbn6443j3clwmcjewn3laq4gcwnizzexglw77q._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux
Link:
https://tria.ge/reports/260119-tljsmsgv2c/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.34
Link:
https://yomi.yoroi.company/submissions/6f86ce7ce5ccd94576216fb9cda7625d982492cddac10e18566a33925ccbb7ff

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 4a2186ed17f0a9b0e880f799ebc117efa5f0d3aa4fb5a7ae912cfae59474e989

sh 6f86ce7ce5ccd94576216fb9cda7625d982492cddac10e18566a33925ccbb7ff

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3760339/
  
Delivery method
Distributed via web download
  
Dropped by
SHA256 4a2186ed17f0a9b0e880f799ebc117efa5f0d3aa4fb5a7ae912cfae59474e989
  
Dropped by
MD5 3e634b5fd7b4e336d583bceea6430b44
  
URLhaus
https://urlhaus.abuse.ch/url/3760348/

Comments