MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 71d94479d58c32d5618ca1e2329d8fa62f930e0612eb108ba3298441c6ba0302. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | 71d94479d58c32d5618ca1e2329d8fa62f930e0612eb108ba3298441c6ba0302 |
|---|---|
| SHA3-384 hash: | 3cfdc3d36d8615b41cab31e0b76917d8dfc7ca893660795b1e12a49c1c2d3c42d800d9f3a5b1ae8dfb905ef941d09dc6 |
| SHA1 hash: | 057911429ac28d1e0bdac83799193d8336dce8bd |
| MD5 hash: | 5056a28d3b582277a979f584118f7f69 |
| humanhash: | comet-cola-summer-delta |
| File name: | c |
| Download: | download sample |
| File size: | 25'103 bytes |
| First seen: | 2026-02-24 01:34:19 UTC |
| Last seen: | Never |
| File type: | sh |
| MIME type: | text/x-shellscript |
| ssdeep | 384:I3ow8U2BlUvlB/LKtn4Vmkvotn4Vmkv4LW20M3vgRbqOBABo0i+Zf:Iow8U2PxymVxymz5m+OBABB |
| TLSH | T163B27D950588383C3BC989787B9C1F894965B3CF9EA23E44746B3755C12E9ADA70C3CB |
| TrID | 70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1) |
| Magika | shell |
| Reporter | |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://45.234.176.202/new/ | n/a | n/a | n/a |
| http://45.234.176.202/new/k.php | n/a | n/a | geofenced ua-wget USA |
Intelligence
File Origin
# of uploads :
1
# of downloads :
75
Origin country :
DEVendor Threat Intelligence
No detections
Detection(s):
Result
Gathering data
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-17T06:37:00Z UTC
Last seen:
2026-01-30T02:31:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.bc
Status:
Failed
Score:
94%
Verdict:
Malware
File Type:
SCRIPT
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Threat name:
Script-Shell.Trojan.Heuristic
Status:
Malicious
First seen:
2026-01-28 17:29:04 UTC
File Type:
Text (Shell)
AV detection:
11 of 36 (30.56%)
Threat level:
2/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
8/10
Tags:
credential_access defense_evasion discovery execution linux persistence privilege_escalation
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Deobfuscate/Decode Files or Information
Reads CPU attributes
Modifies Bash startup script
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Adds a user to the system
Creates/modifies Cron job
Creates/modifies environment variables
Enumerates running processes
Modifies rc script
OS Credential Dumping
Adds new SSH keys
Modifies password files for system users/ groups
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh 71d94479d58c32d5618ca1e2329d8fa62f930e0612eb108ba3298441c6ba0302
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.