MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7c7023e85e7d72f5bb7eed28c780a57e0cd641850d2f7920bebaf1cc7b883d37. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7c7023e85e7d72f5bb7eed28c780a57e0cd641850d2f7920bebaf1cc7b883d37
SHA3-384 hash: 74f2b68b1ddadf943b486227c9483d5c88b93e4ac6d50a14a79af2219ce466ac7d90ba7f7fa50b87891f4deca7e8b8e9
SHA1 hash: 8683618da63e05be1a0b22fe111e877706d1dd4e
MD5 hash: ed5a103918cc122968a16dab0d3a04ca
humanhash: india-nineteen-ink-saturn
File name:wget.sh
Download: download sample
File size:528 bytes
First seen:2025-12-30 13:48:47 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:xLS/vklDt54pgPJyc5bCsMuaIuOA9yDB2/vXUgoDu/oTU+Q7ZYL4wsy7:avklDRycZC3fIuz9yd2nXeDuAewh
TLSH T107F0A7CB108B44FA80C42C8BF25B60C059C68B7B8B3F2AE47D6FA1576385B1451C6C80
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6953d854127d6a14e0c863ce/reports/c3a4e61f-b895-41fa-9ba4-dc5e2ae2bc6e/overview
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/77228b5f-6df2-4dd0-980f-325647c49421
Behavior Graph:
Download SVG
%3 guuid=1514f1fe-1800-0000-9a07-eb6e5c140000 pid=5212 /usr/bin/sudo guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213 /tmp/sample.bin guuid=1514f1fe-1800-0000-9a07-eb6e5c140000 pid=5212->guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213 execve guuid=0a295d02-1900-0000-9a07-eb6e5e140000 pid=5214 /usr/bin/rm guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=0a295d02-1900-0000-9a07-eb6e5e140000 pid=5214 execve guuid=933feb02-1900-0000-9a07-eb6e5f140000 pid=5215 /usr/bin/wget net send-data write-file guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=933feb02-1900-0000-9a07-eb6e5f140000 pid=5215 execve guuid=d8865e09-1900-0000-9a07-eb6e60140000 pid=5216 /usr/bin/chmod guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=d8865e09-1900-0000-9a07-eb6e60140000 pid=5216 execve guuid=82d8a409-1900-0000-9a07-eb6e61140000 pid=5217 /usr/bin/dash guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=82d8a409-1900-0000-9a07-eb6e61140000 pid=5217 clone guuid=5c663e0a-1900-0000-9a07-eb6e63140000 pid=5219 /usr/bin/wget net send-data write-file guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=5c663e0a-1900-0000-9a07-eb6e63140000 pid=5219 execve guuid=b446c30d-1900-0000-9a07-eb6e64140000 pid=5220 /usr/bin/chmod guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=b446c30d-1900-0000-9a07-eb6e64140000 pid=5220 execve guuid=30ed100e-1900-0000-9a07-eb6e65140000 pid=5221 /usr/bin/dash guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=30ed100e-1900-0000-9a07-eb6e65140000 pid=5221 clone guuid=5ee5c70e-1900-0000-9a07-eb6e67140000 pid=5223 /usr/bin/wget net send-data write-file guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=5ee5c70e-1900-0000-9a07-eb6e67140000 pid=5223 execve guuid=483b8512-1900-0000-9a07-eb6e68140000 pid=5224 /usr/bin/chmod guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=483b8512-1900-0000-9a07-eb6e68140000 pid=5224 execve guuid=2c65ce12-1900-0000-9a07-eb6e69140000 pid=5225 /usr/bin/dash guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=2c65ce12-1900-0000-9a07-eb6e69140000 pid=5225 clone guuid=c9fe1614-1900-0000-9a07-eb6e6b140000 pid=5227 /usr/bin/wget net send-data write-file guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=c9fe1614-1900-0000-9a07-eb6e6b140000 pid=5227 execve guuid=43498318-1900-0000-9a07-eb6e6c140000 pid=5228 /usr/bin/chmod guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=43498318-1900-0000-9a07-eb6e6c140000 pid=5228 execve guuid=d4aacc18-1900-0000-9a07-eb6e6d140000 pid=5229 /usr/bin/dash guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=d4aacc18-1900-0000-9a07-eb6e6d140000 pid=5229 clone guuid=ed825d19-1900-0000-9a07-eb6e6f140000 pid=5231 /usr/bin/wget net send-data write-file guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=ed825d19-1900-0000-9a07-eb6e6f140000 pid=5231 execve guuid=450b0d1d-1900-0000-9a07-eb6e70140000 pid=5232 /usr/bin/chmod guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=450b0d1d-1900-0000-9a07-eb6e70140000 pid=5232 execve guuid=38d4541d-1900-0000-9a07-eb6e71140000 pid=5233 /usr/bin/dash guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=38d4541d-1900-0000-9a07-eb6e71140000 pid=5233 clone guuid=7fcb2a1f-1900-0000-9a07-eb6e73140000 pid=5235 /usr/bin/wget net send-data write-file guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=7fcb2a1f-1900-0000-9a07-eb6e73140000 pid=5235 execve guuid=3368d722-1900-0000-9a07-eb6e74140000 pid=5236 /usr/bin/chmod guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=3368d722-1900-0000-9a07-eb6e74140000 pid=5236 execve guuid=b5462223-1900-0000-9a07-eb6e75140000 pid=5237 /usr/bin/dash guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=b5462223-1900-0000-9a07-eb6e75140000 pid=5237 clone guuid=6b9bbd23-1900-0000-9a07-eb6e77140000 pid=5239 /usr/bin/wget net send-data guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=6b9bbd23-1900-0000-9a07-eb6e77140000 pid=5239 execve guuid=de696e26-1900-0000-9a07-eb6e78140000 pid=5240 /usr/bin/chmod guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=de696e26-1900-0000-9a07-eb6e78140000 pid=5240 execve guuid=4409b526-1900-0000-9a07-eb6e79140000 pid=5241 /mnt/loll guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=4409b526-1900-0000-9a07-eb6e79140000 pid=5241 execve guuid=c8099e27-1900-0000-9a07-eb6e7b140000 pid=5243 /usr/bin/wget net send-data guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=c8099e27-1900-0000-9a07-eb6e7b140000 pid=5243 execve guuid=10166c2a-1900-0000-9a07-eb6e7c140000 pid=5244 /usr/bin/chmod guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=10166c2a-1900-0000-9a07-eb6e7c140000 pid=5244 execve guuid=ce85b02a-1900-0000-9a07-eb6e7d140000 pid=5245 /mnt/loll guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=ce85b02a-1900-0000-9a07-eb6e7d140000 pid=5245 execve guuid=bb326a2b-1900-0000-9a07-eb6e7f140000 pid=5247 /usr/bin/wget net send-data write-file guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=bb326a2b-1900-0000-9a07-eb6e7f140000 pid=5247 execve guuid=85d71b2f-1900-0000-9a07-eb6e80140000 pid=5248 /usr/bin/chmod guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=85d71b2f-1900-0000-9a07-eb6e80140000 pid=5248 execve guuid=6262642f-1900-0000-9a07-eb6e81140000 pid=5249 /usr/bin/dash guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=6262642f-1900-0000-9a07-eb6e81140000 pid=5249 clone guuid=17a7fc2f-1900-0000-9a07-eb6e83140000 pid=5251 /usr/bin/wget net send-data write-file guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=17a7fc2f-1900-0000-9a07-eb6e83140000 pid=5251 execve guuid=b1d6fe33-1900-0000-9a07-eb6e84140000 pid=5252 /usr/bin/chmod guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=b1d6fe33-1900-0000-9a07-eb6e84140000 pid=5252 execve guuid=4c1b7934-1900-0000-9a07-eb6e85140000 pid=5253 /mnt/loll guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=4c1b7934-1900-0000-9a07-eb6e85140000 pid=5253 execve guuid=0490b534-1900-0000-9a07-eb6e87140000 pid=5255 /usr/bin/chmod guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=0490b534-1900-0000-9a07-eb6e87140000 pid=5255 execve guuid=f317ff34-1900-0000-9a07-eb6e89140000 pid=5257 /mnt/loll guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=f317ff34-1900-0000-9a07-eb6e89140000 pid=5257 execve guuid=3f273435-1900-0000-9a07-eb6e8b140000 pid=5259 /usr/bin/rm delete-file guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=3f273435-1900-0000-9a07-eb6e8b140000 pid=5259 execve guuid=b142a835-1900-0000-9a07-eb6e8d140000 pid=5261 /usr/bin/rm delete-file guuid=3805ec01-1900-0000-9a07-eb6e5d140000 pid=5213->guuid=b142a835-1900-0000-9a07-eb6e8d140000 pid=5261 execve b104693e-fe28-56dc-bd48-05d8322e6f3c 130.12.180.132:80 guuid=933feb02-1900-0000-9a07-eb6e5f140000 pid=5215->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 148B guuid=5c663e0a-1900-0000-9a07-eb6e63140000 pid=5219->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 149B guuid=5ee5c70e-1900-0000-9a07-eb6e67140000 pid=5223->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 149B guuid=c9fe1614-1900-0000-9a07-eb6e6b140000 pid=5227->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 149B guuid=ed825d19-1900-0000-9a07-eb6e6f140000 pid=5231->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 149B guuid=7fcb2a1f-1900-0000-9a07-eb6e73140000 pid=5235->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 149B guuid=6b9bbd23-1900-0000-9a07-eb6e77140000 pid=5239->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 151B guuid=c8099e27-1900-0000-9a07-eb6e7b140000 pid=5243->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 150B guuid=bb326a2b-1900-0000-9a07-eb6e7f140000 pid=5247->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 148B guuid=17a7fc2f-1900-0000-9a07-eb6e83140000 pid=5251->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 148B guuid=fa58a834-1900-0000-9a07-eb6e86140000 pid=5254 /mnt/loll net send-data zombie guuid=4c1b7934-1900-0000-9a07-eb6e85140000 pid=5253->guuid=fa58a834-1900-0000-9a07-eb6e86140000 pid=5254 clone 3cfa5d04-5ede-5a5b-909b-9687ce977796 130.12.180.134:33966 guuid=fa58a834-1900-0000-9a07-eb6e86140000 pid=5254->3cfa5d04-5ede-5a5b-909b-9687ce977796 send: 15B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=fa58a834-1900-0000-9a07-eb6e86140000 pid=5254->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2576b934-1900-0000-9a07-eb6e88140000 pid=5256 /mnt/loll guuid=fa58a834-1900-0000-9a07-eb6e86140000 pid=5254->guuid=2576b934-1900-0000-9a07-eb6e88140000 pid=5256 clone guuid=64472b35-1900-0000-9a07-eb6e8a140000 pid=5258 /mnt/loll net send-data zombie guuid=f317ff34-1900-0000-9a07-eb6e89140000 pid=5257->guuid=64472b35-1900-0000-9a07-eb6e8a140000 pid=5258 clone guuid=64472b35-1900-0000-9a07-eb6e8a140000 pid=5258->3cfa5d04-5ede-5a5b-909b-9687ce977796 send: 15B guuid=64472b35-1900-0000-9a07-eb6e8a140000 pid=5258->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d5df3b35-1900-0000-9a07-eb6e8c140000 pid=5260 /mnt/loll guuid=64472b35-1900-0000-9a07-eb6e8a140000 pid=5258->guuid=d5df3b35-1900-0000-9a07-eb6e8c140000 pid=5260 clone
Score:
66%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/7c7023e85e7d72f5bb7eed28c780a57e0cd641850d2f7920bebaf1cc7b883d37
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7c7023e85e7d72f5bb7eed28c780a57e0cd641850d2f7920bebaf1cc7b883d37/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/7c7023e85e7d72f5bb7eed28c780a57e0cd641850d2f7920bebaf1cc7b883d37
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-30 13:49:09 UTC
File Type:
Text (Shell)
AV detection:
2 of 36 (5.56%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=prych2c6pvzplo365uumpaffpygnmqmfbuxxsif6xly4y64ihu3q._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7c7023e85e7d72f5bb7eed28c780a57e0cd641850d2f7920bebaf1cc7b883d37

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 7c7023e85e7d72f5bb7eed28c780a57e0cd641850d2f7920bebaf1cc7b883d37

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3737107/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3737106/

Comments