MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cd75aa45345e33b64e85a4c69a409b13724a190a5321ff280b3203303e9af25. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7cd75aa45345e33b64e85a4c69a409b13724a190a5321ff280b3203303e9af25
SHA3-384 hash: 8a0225d38ba9d14f6fdaac9dfb5676886ec677fd82f4f32162d1b31a4d35abecb8b64787f16c33db80f03799e6c9f056
SHA1 hash: cff009d4e9e9bf04d4aa5d8be5d872365a90154c
MD5 hash: 4f8e3051457bcc41c6d0431084b0caca
humanhash: nine-violet-hamper-equal
File name:AtQKnWvZdtF4cnQVkCt85c11CQlXQQ5sDJeot9j0Wo7WVzkj0fq0XDa0d4rmCuYh1GKX.aspx
Download: download sample
File size:584 bytes
First seen:2026-02-02 14:02:10 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:UMvlpzsnZc5Sv7oFHY/vGXFhl7RVQiFbCFHY/vGXFhlDG+0Wm:U8my5Sjo1Ge57rVC1Ge5DfRm
TLSH T124F0E1E5CBC09D757547879C36D1F46E8B4328AF6A0C4800B6958F2001DD6E0D7B9F13
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
https://pjf61vhjf1q49wkxpx8xcjjnswpx0il4ne876vsfzoefyyw.pages.dev/IWmYEAWtKLoC8naZASgZOKvXkfxklXI6ZPotespqcceEyTFZ6WJY9Hy5xEQGE4O8dBVtG0bu75FEN.aspxn/an/aDigitStealer macOS
https://pjf61vhjf1q49wkxpx8xcjjnswpx0il4ne876vsfzoefyyw.pages.dev/f766dkmSlcN6k10D9usVKwHUiQk2luOAT1wapFpVEpkPadbRyxZtP0aYkSw465iC6Sm.aspxn/an/aDigitStealer macOS

Intelligence

File Origin
# of uploads :
1
# of downloads :
29
Origin country :
DE DE
Vendor Threat Intelligence
Gathering data
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
bash lolbin masquerade
Link:
https://www.filescan.io/uploads/6980ae69930564ff3c83d3ef/reports/bd316f6b-367d-4364-aa1e-80c1ad6671fe/overview
Result
Gathering data
Verdict:
Malicious
File Type:
Script
Detections:
HEUR:Trojan-Downloader.Shell.Agent.ds HEUR:Trojan-Downloader.OSX.Coins.k
Link:
https://opentip.kaspersky.com/7cd75aa45345e33b64e85a4c69a409b13724a190a5321ff280b3203303e9af25/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/fc11dd47-aa21-4b20-9fc4-8d9deb02d812
Behavior Graph:
Download SVG
%3 guuid=fea7d8ab-1700-0000-763c-84f35b0b0000 pid=2907 /usr/bin/sudo guuid=ffcdafad-1700-0000-763c-84f3630b0000 pid=2915 /tmp/sample.bin guuid=fea7d8ab-1700-0000-763c-84f35b0b0000 pid=2907->guuid=ffcdafad-1700-0000-763c-84f3630b0000 pid=2915 execve guuid=2d3671ae-1700-0000-763c-84f3640b0000 pid=2916 /usr/bin/date write-file guuid=ffcdafad-1700-0000-763c-84f3630b0000 pid=2915->guuid=2d3671ae-1700-0000-763c-84f3640b0000 pid=2916 execve guuid=662fa4af-1700-0000-763c-84f3660b0000 pid=2918 /usr/bin/bash guuid=ffcdafad-1700-0000-763c-84f3630b0000 pid=2915->guuid=662fa4af-1700-0000-763c-84f3660b0000 pid=2918 clone guuid=2f03a1b0-1700-0000-763c-84f36a0b0000 pid=2922 /usr/bin/curl net send-data zombie guuid=ffcdafad-1700-0000-763c-84f3630b0000 pid=2915->guuid=2f03a1b0-1700-0000-763c-84f36a0b0000 pid=2922 execve guuid=c62daab0-1700-0000-763c-84f36b0b0000 pid=2923 /usr/bin/bash zombie guuid=ffcdafad-1700-0000-763c-84f3630b0000 pid=2915->guuid=c62daab0-1700-0000-763c-84f36b0b0000 pid=2923 execve guuid=8c5cb4b0-1700-0000-763c-84f36c0b0000 pid=2924 /usr/bin/curl net send-data zombie guuid=ffcdafad-1700-0000-763c-84f3630b0000 pid=2915->guuid=8c5cb4b0-1700-0000-763c-84f36c0b0000 pid=2924 execve guuid=90e8bab0-1700-0000-763c-84f36d0b0000 pid=2925 /usr/bin/bash zombie guuid=ffcdafad-1700-0000-763c-84f3630b0000 pid=2915->guuid=90e8bab0-1700-0000-763c-84f36d0b0000 pid=2925 clone guuid=6e8cb6af-1700-0000-763c-84f3670b0000 pid=2919 /usr/bin/uuidgen guuid=662fa4af-1700-0000-763c-84f3660b0000 pid=2918->guuid=6e8cb6af-1700-0000-763c-84f3670b0000 pid=2919 execve guuid=a2d6c5af-1700-0000-763c-84f3680b0000 pid=2920 /usr/bin/bash guuid=662fa4af-1700-0000-763c-84f3660b0000 pid=2918->guuid=a2d6c5af-1700-0000-763c-84f3680b0000 pid=2920 clone e6d94f61-c9ec-549a-a3ea-cd6cc01b0210 pjf61vhjf1q49wkxpx8xcjjnswpx0il4ne876vsfzoefyyw.pages.dev:443 guuid=2f03a1b0-1700-0000-763c-84f36a0b0000 pid=2922->e6d94f61-c9ec-549a-a3ea-cd6cc01b0210 send: 877B guuid=2f03a1b0-1700-0000-763c-84f36a0b0000 pid=2935 /usr/bin/curl dns net send-data zombie guuid=2f03a1b0-1700-0000-763c-84f36a0b0000 pid=2922->guuid=2f03a1b0-1700-0000-763c-84f36a0b0000 pid=2935 clone guuid=4bc47fc6-1700-0000-763c-84f3960b0000 pid=2966 /usr/bin/bash guuid=c62daab0-1700-0000-763c-84f36b0b0000 pid=2923->guuid=4bc47fc6-1700-0000-763c-84f3960b0000 pid=2966 clone guuid=bfc660c7-1700-0000-763c-84f3990b0000 pid=2969 /usr/bin/bash guuid=c62daab0-1700-0000-763c-84f36b0b0000 pid=2923->guuid=bfc660c7-1700-0000-763c-84f3990b0000 pid=2969 clone guuid=b839fdd1-1700-0000-763c-84f3c00b0000 pid=3008 /usr/bin/curl net send-data zombie guuid=c62daab0-1700-0000-763c-84f36b0b0000 pid=2923->guuid=b839fdd1-1700-0000-763c-84f3c00b0000 pid=3008 execve guuid=c2760dd2-1700-0000-763c-84f3c10b0000 pid=3009 /usr/bin/bash guuid=c62daab0-1700-0000-763c-84f36b0b0000 pid=2923->guuid=c2760dd2-1700-0000-763c-84f3c10b0000 pid=3009 clone guuid=b1ca35d2-1700-0000-763c-84f3c30b0000 pid=3011 /usr/bin/curl net send-data zombie guuid=c62daab0-1700-0000-763c-84f36b0b0000 pid=2923->guuid=b1ca35d2-1700-0000-763c-84f3c30b0000 pid=3011 execve guuid=bb6958d2-1700-0000-763c-84f3c40b0000 pid=3012 /usr/bin/bash zombie guuid=c62daab0-1700-0000-763c-84f36b0b0000 pid=2923->guuid=bb6958d2-1700-0000-763c-84f3c40b0000 pid=3012 clone guuid=8c5cb4b0-1700-0000-763c-84f36c0b0000 pid=2924->e6d94f61-c9ec-549a-a3ea-cd6cc01b0210 send: 867B guuid=8c5cb4b0-1700-0000-763c-84f36c0b0000 pid=2933 /usr/bin/curl dns net send-data zombie guuid=8c5cb4b0-1700-0000-763c-84f36c0b0000 pid=2924->guuid=8c5cb4b0-1700-0000-763c-84f36c0b0000 pid=2933 clone guuid=8c5cb4b0-1700-0000-763c-84f36c0b0000 pid=2933->e6d94f61-c9ec-549a-a3ea-cd6cc01b0210 con 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=8c5cb4b0-1700-0000-763c-84f36c0b0000 pid=2933->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 150B guuid=2f03a1b0-1700-0000-763c-84f36a0b0000 pid=2935->e6d94f61-c9ec-549a-a3ea-cd6cc01b0210 con guuid=2f03a1b0-1700-0000-763c-84f36a0b0000 pid=2935->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 150B guuid=181d8dc6-1700-0000-763c-84f3970b0000 pid=2967 /usr/bin/uuidgen guuid=4bc47fc6-1700-0000-763c-84f3960b0000 pid=2966->guuid=181d8dc6-1700-0000-763c-84f3970b0000 pid=2967 execve guuid=903995c6-1700-0000-763c-84f3980b0000 pid=2968 /usr/bin/bash guuid=4bc47fc6-1700-0000-763c-84f3960b0000 pid=2966->guuid=903995c6-1700-0000-763c-84f3980b0000 pid=2968 clone guuid=c0ea6dc7-1700-0000-763c-84f39a0b0000 pid=2970 /usr/bin/curl net send-data guuid=bfc660c7-1700-0000-763c-84f3990b0000 pid=2969->guuid=c0ea6dc7-1700-0000-763c-84f39a0b0000 pid=2970 execve guuid=a22c74c7-1700-0000-763c-84f39b0b0000 pid=2971 /usr/bin/bash guuid=bfc660c7-1700-0000-763c-84f3990b0000 pid=2969->guuid=a22c74c7-1700-0000-763c-84f39b0b0000 pid=2971 clone guuid=c0ea6dc7-1700-0000-763c-84f39a0b0000 pid=2970->e6d94f61-c9ec-549a-a3ea-cd6cc01b0210 send: 877B guuid=c0ea6dc7-1700-0000-763c-84f39a0b0000 pid=2979 /usr/bin/curl dns net send-data guuid=c0ea6dc7-1700-0000-763c-84f39a0b0000 pid=2970->guuid=c0ea6dc7-1700-0000-763c-84f39a0b0000 pid=2979 clone guuid=c0ea6dc7-1700-0000-763c-84f39a0b0000 pid=2979->e6d94f61-c9ec-549a-a3ea-cd6cc01b0210 con guuid=c0ea6dc7-1700-0000-763c-84f39a0b0000 pid=2979->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 150B guuid=b839fdd1-1700-0000-763c-84f3c00b0000 pid=3008->e6d94f61-c9ec-549a-a3ea-cd6cc01b0210 send: 872B guuid=b839fdd1-1700-0000-763c-84f3c00b0000 pid=3021 /usr/bin/curl dns net send-data zombie guuid=b839fdd1-1700-0000-763c-84f3c00b0000 pid=3008->guuid=b839fdd1-1700-0000-763c-84f3c00b0000 pid=3021 clone guuid=b1ca35d2-1700-0000-763c-84f3c30b0000 pid=3011->e6d94f61-c9ec-549a-a3ea-cd6cc01b0210 send: 877B guuid=b1ca35d2-1700-0000-763c-84f3c30b0000 pid=3026 /usr/bin/curl dns net send-data zombie guuid=b1ca35d2-1700-0000-763c-84f3c30b0000 pid=3011->guuid=b1ca35d2-1700-0000-763c-84f3c30b0000 pid=3026 clone guuid=b839fdd1-1700-0000-763c-84f3c00b0000 pid=3021->e6d94f61-c9ec-549a-a3ea-cd6cc01b0210 con guuid=b839fdd1-1700-0000-763c-84f3c00b0000 pid=3021->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 150B guuid=b1ca35d2-1700-0000-763c-84f3c30b0000 pid=3026->e6d94f61-c9ec-549a-a3ea-cd6cc01b0210 con guuid=b1ca35d2-1700-0000-763c-84f3c30b0000 pid=3026->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 150B
Score:
74%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/7cd75aa45345e33b64e85a4c69a409b13724a190a5321ff280b3203303e9af25
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7cd75aa45345e33b64e85a4c69a409b13724a190a5321ff280b3203303e9af25/
Verdict:
Malicious
Threat:
Trojan-Downloader.OSX.Coins
Link:
https://tip.neiki.dev/file/7cd75aa45345e33b64e85a4c69a409b13724a190a5321ff280b3203303e9af25
Threat name:
MacOS.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-02 14:03:45 UTC
File Type:
Text (Shell)
AV detection:
1 of 36 (2.78%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ptlvvjctixrtwzhiljggtjajwe3sjimquuzb74uawmqdga7jv4sq._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
antivm discovery linux
Link:
https://tria.ge/reports/260202-rb9j7sax6e/
Behaviour
Reads runtime system information
Writes file to tmp directory
Checks CPU configuration
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7cd75aa45345e33b64e85a4c69a409b13724a190a5321ff280b3203303e9af25

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 7cd75aa45345e33b64e85a4c69a409b13724a190a5321ff280b3203303e9af25

(this sample)

sh 7e0737b43b0b58481f1741d0ff13baf7a54a284b7404e19a06812c2f71ee506e

  
URLhaus
https://urlhaus.abuse.ch/url/3770632/
  
Delivery method
Distributed via web download
  
Dropping
MD5 64fdbc83009d89801b5fb6b3afeb3c0c
  
Dropping
SHA256 7e0737b43b0b58481f1741d0ff13baf7a54a284b7404e19a06812c2f71ee506e

Comments