MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 71d94479d58c32d5618ca1e2329d8fa62f930e0612eb108ba3298441c6ba0302. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 71d94479d58c32d5618ca1e2329d8fa62f930e0612eb108ba3298441c6ba0302
SHA3-384 hash: 3cfdc3d36d8615b41cab31e0b76917d8dfc7ca893660795b1e12a49c1c2d3c42d800d9f3a5b1ae8dfb905ef941d09dc6
SHA1 hash: 057911429ac28d1e0bdac83799193d8336dce8bd
MD5 hash: 5056a28d3b582277a979f584118f7f69
humanhash: comet-cola-summer-delta
File name:c
Download: download sample
File size:25'103 bytes
First seen:2026-02-24 01:34:19 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 384:I3ow8U2BlUvlB/LKtn4Vmkvotn4Vmkv4LW20M3vgRbqOBABo0i+Zf:Iow8U2PxymVxymz5m+OBABB
TLSH T163B27D950588383C3BC989787B9C1F894965B3CF9EA23E44746B3755C12E9ADA70C3CB
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.234.176.202/new/n/an/an/a
http://45.234.176.202/new/k.phpn/an/ageofenced ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
{HEX}php.exe.globals.419.UNOFFICIAL
Create hunting rule

Result
Gathering data
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-17T06:37:00Z UTC
Last seen:
2026-01-30T02:31:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.bc
Link:
https://opentip.kaspersky.com/71d94479d58c32d5618ca1e2329d8fa62f930e0612eb108ba3298441c6ba0302/results?tab=lookup
Score:
94%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/71d94479d58c32d5618ca1e2329d8fa62f930e0612eb108ba3298441c6ba0302
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/71d94479d58c32d5618ca1e2329d8fa62f930e0612eb108ba3298441c6ba0302/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/71d94479d58c32d5618ca1e2329d8fa62f930e0612eb108ba3298441c6ba0302
Threat name:
Script-Shell.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-01-28 17:29:04 UTC
File Type:
Text (Shell)
AV detection:
11 of 36 (30.56%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ohmui6ovrqznkymmuhrdfhmpuyxzgdqgclvrbc5dfgcedrv2amba._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
credential_access defense_evasion discovery execution linux persistence privilege_escalation
Link:
https://tria.ge/reports/260224-bztwnahw8b/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Deobfuscate/Decode Files or Information
Reads CPU attributes
Modifies Bash startup script
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Adds a user to the system
Creates/modifies Cron job
Creates/modifies environment variables
Enumerates running processes
Modifies rc script
OS Credential Dumping
Adds new SSH keys
Modifies password files for system users/ groups
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/71d94479d58c32d5618ca1e2329d8fa62f930e0612eb108ba3298441c6ba0302

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 71d94479d58c32d5618ca1e2329d8fa62f930e0612eb108ba3298441c6ba0302

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3784566/
  
Delivery method
Distributed via web download

Comments