MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f876f99f27b080977e41f01eb7381870481663aa3e7625d4cd58d7952cf4807. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f876f99f27b080977e41f01eb7381870481663aa3e7625d4cd58d7952cf4807
SHA3-384 hash: 55b232b5f97219bb28c208b99690fd0bc2f32f99b12c367e4660c7a10df85763754137e63ccff77f1026a19f900f82e1
SHA1 hash: 5b06b732f4b1df18ebfd5053ebc3e1b87f5793a6
MD5 hash: 50945d7ce12462d88b3c51531f445051
humanhash: music-beer-ohio-salami
File name:set.sh
Download: download sample
File size:379 bytes
First seen:2025-12-07 06:35:18 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 6:hLqxBeJJqlDtuKzINNzAZA2qlLwPa5FFFxnrPaJCGv/AoGJaVEql4JaVKfjFFFxF:4k6nzgAZGV5/Fxn2U4AoSaVOaVKfj/F7
TLSH T10BE06846E0DC143C17E76F3091C40804D764E78A4E3AE26C6936D9EDEB032705169BC3
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter juroots
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.57.46.28/libprocesshider.son/an/aopendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
28
Origin country :
CH CH
Vendor Threat Intelligence
No detections
Detection(s):
URLhaus.3728447.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6935205ebba50eaf0424f101/reports/31f3769b-6224-40b2-8e61-b4cfd9f67994/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-07T04:49:00Z UTC
Last seen:
2025-12-07T07:26:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/6f876f99f27b080977e41f01eb7381870481663aa3e7625d4cd58d7952cf4807/results?tab=lookup
Score:
5%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/6f876f99f27b080977e41f01eb7381870481663aa3e7625d4cd58d7952cf4807
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6f876f99f27b080977e41f01eb7381870481663aa3e7625d4cd58d7952cf4807/
Verdict:
Malicious
Threat:
Rootkit.Linux.Processhider
Link:
https://tip.neiki.dev/file/6f876f99f27b080977e41f01eb7381870481663aa3e7625d4cd58d7952cf4807
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=n6dw7gpspmeas57ed4a6w44bq4ciczr2uptwexkm2wgxsuwpjadq._file
Result
Malware family:
n/a
Score:
  9/10
Tags:
defense_evasion discovery exection linux persistence privilege_escalation
Link:
https://tria.ge/reports/251207-hc1t1se13g/
Behaviour
Reads runtime system information
Writes file to tmp directory
Modifies the dynamic linker configuration file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/6f876f99f27b080977e41f01eb7381870481663aa3e7625d4cd58d7952cf4807

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 6f876f99f27b080977e41f01eb7381870481663aa3e7625d4cd58d7952cf4807

(this sample)

elf 70fb8ada3c9511b5c4f39052975d8566365c89d3e90fdbf46673e6297cf105b7

  
Dropping
MD5 6bf3025daa507d1ea4ae28ffb7398670
  
Dropping
SHA256 70fb8ada3c9511b5c4f39052975d8566365c89d3e90fdbf46673e6297cf105b7
  
URLhaus
https://urlhaus.abuse.ch/url/3728446/
  
Delivery method
Distributed via web download

Comments