MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 742345c53671e85c327ff9e1883eee28d190119b751e2fe96d8be4074716dd29. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 742345c53671e85c327ff9e1883eee28d190119b751e2fe96d8be4074716dd29
SHA3-384 hash: 7aa2fd155d46e5b349b72b91339a5f7ac4f70cf8607fa042a32c43953c44eb8b32e97d50b71b8164fc35b276c024b524
SHA1 hash: 6cbe3e1c2922c6630209614e817c0f02f0933f0b
MD5 hash: ac76d53c082b6549c713eb75faf4cd4c
humanhash: ceiling-charlie-iowa-nuts
File name:spread_fern.sh
Download: download sample
File size:2'205 bytes
First seen:2026-05-16 14:25:42 UTC
Last seen:2026-05-16 17:52:45 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 48:aAz3rL+J3OFydX37Z8lrPtFEc3vqyVYNB3q206hKhZHn53XdUd/2Y3c:aGLbydbZ2RquqyO/K/Hnmjc
TLSH T154414199FE2036B8690AE8785366F078EB5BD0CF4760159F752F81242F213C122BE4D2
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter BlinkzSec

Intelligence

File Origin
# of uploads :
2
# of downloads :
28
Origin country :
ES ES
Vendor Threat Intelligence
No detections
Verdict:
Clean
File Type:
unix shell
First seen:
2026-05-16T12:37:00Z UTC
Last seen:
2026-05-16T13:10:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/742345c53671e85c327ff9e1883eee28d190119b751e2fe96d8be4074716dd29/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/4b9f7a3a-216a-451a-81b3-2d65ec38863d
Behavior Graph:
Download SVG
%3 guuid=c498f5c0-1800-0000-bef4-7c589f0c0000 pid=3231 /usr/bin/sudo guuid=64e5b5c3-1800-0000-bef4-7c58a50c0000 pid=3237 /tmp/sample.bin guuid=c498f5c0-1800-0000-bef4-7c589f0c0000 pid=3231->guuid=64e5b5c3-1800-0000-bef4-7c58a50c0000 pid=3237 execve guuid=978f23c4-1800-0000-bef4-7c58a60c0000 pid=3238 /usr/bin/bash guuid=64e5b5c3-1800-0000-bef4-7c58a50c0000 pid=3237->guuid=978f23c4-1800-0000-bef4-7c58a60c0000 pid=3238 clone guuid=0d8b22c5-1800-0000-bef4-7c58ac0c0000 pid=3244 /usr/bin/bash guuid=64e5b5c3-1800-0000-bef4-7c58a50c0000 pid=3237->guuid=0d8b22c5-1800-0000-bef4-7c58ac0c0000 pid=3244 clone guuid=7c4b8bc5-1800-0000-bef4-7c58b00c0000 pid=3248 /usr/bin/base64 guuid=64e5b5c3-1800-0000-bef4-7c58a50c0000 pid=3237->guuid=7c4b8bc5-1800-0000-bef4-7c58b00c0000 pid=3248 execve guuid=2f3918c6-1800-0000-bef4-7c58b30c0000 pid=3251 /usr/bin/bash guuid=64e5b5c3-1800-0000-bef4-7c58a50c0000 pid=3237->guuid=2f3918c6-1800-0000-bef4-7c58b30c0000 pid=3251 clone guuid=06b533c6-1800-0000-bef4-7c58b40c0000 pid=3252 /usr/bin/rm delete-file guuid=64e5b5c3-1800-0000-bef4-7c58a50c0000 pid=3237->guuid=06b533c6-1800-0000-bef4-7c58b40c0000 pid=3252 execve guuid=a81449c4-1800-0000-bef4-7c58a70c0000 pid=3239 /usr/bin/bash guuid=978f23c4-1800-0000-bef4-7c58a60c0000 pid=3238->guuid=a81449c4-1800-0000-bef4-7c58a70c0000 pid=3239 clone guuid=8bbb58c4-1800-0000-bef4-7c58a80c0000 pid=3240 /usr/bin/head guuid=978f23c4-1800-0000-bef4-7c58a60c0000 pid=3238->guuid=8bbb58c4-1800-0000-bef4-7c58a80c0000 pid=3240 execve guuid=796d2ec5-1800-0000-bef4-7c58ad0c0000 pid=3245 /usr/bin/bash guuid=0d8b22c5-1800-0000-bef4-7c58ac0c0000 pid=3244->guuid=796d2ec5-1800-0000-bef4-7c58ad0c0000 pid=3245 clone guuid=b07933c5-1800-0000-bef4-7c58ae0c0000 pid=3246 /usr/bin/head guuid=0d8b22c5-1800-0000-bef4-7c58ac0c0000 pid=3244->guuid=b07933c5-1800-0000-bef4-7c58ae0c0000 pid=3246 execve
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/742345c53671e85c327ff9e1883eee28d190119b751e2fe96d8be4074716dd29
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/742345c53671e85c327ff9e1883eee28d190119b751e2fe96d8be4074716dd29/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/742345c53671e85c327ff9e1883eee28d190119b751e2fe96d8be4074716dd29
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-05-16 14:22:02 UTC
File Type:
Text (Shell)
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oqrulrjwohufymt77hqyqpxofdizaem3oupc72lnrpsaoryw3uuq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
linux
Link:
https://tria.ge/reports/260516-rrw9taey8t/
Behaviour
Writes file to tmp directory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/742345c53671e85c327ff9e1883eee28d190119b751e2fe96d8be4074716dd29

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 742345c53671e85c327ff9e1883eee28d190119b751e2fe96d8be4074716dd29

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3847806/
  
Delivery method
Distributed via web download

Comments