MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7daeeec6a883165d6849e0611e7fe39fbc4ad340bb2aeba416fb7cec3cb92917. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7daeeec6a883165d6849e0611e7fe39fbc4ad340bb2aeba416fb7cec3cb92917
SHA3-384 hash: 1a61be42acf84eeddecfd09486d088597de912b2889ef0a76a66ec22942dc0475c889d326bc2f18a9a898fbc2f5fe095
SHA1 hash: df20d30e25f8d50b88359e008ef1e1ce4338fc47
MD5 hash: 791140c1f30168412118a24e00bc69b8
humanhash: nine-rugby-robin-single
File name:7daeeec6a883165d6849e0611e7fe39fbc4ad340bb2aeba416fb7cec3cb92917.sh
Download: download sample
File size:740 bytes
First seen:2026-03-18 06:31:12 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:Sebh97dG3BCFrCR5VhFHYfDlKpFeixnLQmT/adGXhG1ugykYP9RcADB73O9y:/9xdGxCFmP1EDlgNjTidGXhGIBFVR98c
TLSH T1470110FE743234B26F4385EA9D5351970976D37F1BD02DAC28EA9B3415AD010B13222D
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter JAMESWT_WT
Tags:metramon-com sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
72
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.MacOS.Stealer-HG.79157755.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive stealer
Link:
https://www.filescan.io/uploads/69ba46b52000fc76c3e84676/reports/7569d9d6-6694-4727-b1b5-0d35ef2707ec/overview
Result
Gathering data
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.dv not-a-virus:HEUR:Downloader.OSX.Agent.ad
Link:
https://opentip.kaspersky.com/7daeeec6a883165d6849e0611e7fe39fbc4ad340bb2aeba416fb7cec3cb92917/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/fa6478eb-6ffe-41ff-9bf1-9c85e1004fcf
Behavior Graph:
Download SVG
%3 guuid=edb227b5-1600-0000-6596-abf8b70d0000 pid=3511 /usr/bin/sudo guuid=07acdeb6-1600-0000-6596-abf8be0d0000 pid=3518 /tmp/sample.bin guuid=edb227b5-1600-0000-6596-abf8b70d0000 pid=3511->guuid=07acdeb6-1600-0000-6596-abf8be0d0000 pid=3518 execve guuid=c4a855b7-1600-0000-6596-abf8c00d0000 pid=3520 /usr/bin/bash guuid=07acdeb6-1600-0000-6596-abf8be0d0000 pid=3518->guuid=c4a855b7-1600-0000-6596-abf8c00d0000 pid=3520 clone guuid=ca203eb8-1600-0000-6596-abf8c40d0000 pid=3524 /usr/bin/hostname guuid=07acdeb6-1600-0000-6596-abf8be0d0000 pid=3518->guuid=ca203eb8-1600-0000-6596-abf8c40d0000 pid=3524 execve guuid=276e8db8-1600-0000-6596-abf8c50d0000 pid=3525 /usr/bin/bash guuid=07acdeb6-1600-0000-6596-abf8be0d0000 pid=3518->guuid=276e8db8-1600-0000-6596-abf8c50d0000 pid=3525 clone guuid=a49965cf-1600-0000-6596-abf8f50d0000 pid=3573 /usr/bin/bash guuid=07acdeb6-1600-0000-6596-abf8be0d0000 pid=3518->guuid=a49965cf-1600-0000-6596-abf8f50d0000 pid=3573 clone guuid=d2e29dcf-1600-0000-6596-abf8f70d0000 pid=3575 /usr/bin/curl net send-data guuid=07acdeb6-1600-0000-6596-abf8be0d0000 pid=3518->guuid=d2e29dcf-1600-0000-6596-abf8f70d0000 pid=3575 execve guuid=f78b1de3-1600-0000-6596-abf82f0e0000 pid=3631 /usr/bin/bash guuid=07acdeb6-1600-0000-6596-abf8be0d0000 pid=3518->guuid=f78b1de3-1600-0000-6596-abf82f0e0000 pid=3631 clone guuid=f9d587b7-1600-0000-6596-abf8c10d0000 pid=3521 /usr/bin/bash guuid=c4a855b7-1600-0000-6596-abf8c00d0000 pid=3520->guuid=f9d587b7-1600-0000-6596-abf8c10d0000 pid=3521 clone guuid=41a9a8b7-1600-0000-6596-abf8c20d0000 pid=3522 /usr/bin/mawk guuid=c4a855b7-1600-0000-6596-abf8c00d0000 pid=3520->guuid=41a9a8b7-1600-0000-6596-abf8c20d0000 pid=3522 execve guuid=a411a9b8-1600-0000-6596-abf8c60d0000 pid=3526 /usr/bin/curl net send-data guuid=276e8db8-1600-0000-6596-abf8c50d0000 pid=3525->guuid=a411a9b8-1600-0000-6596-abf8c60d0000 pid=3526 execve 71d5fbeb-6e3e-587d-bea9-4cc9e23c5081 api.ipify.org:443 guuid=a411a9b8-1600-0000-6596-abf8c60d0000 pid=3526->71d5fbeb-6e3e-587d-bea9-4cc9e23c5081 send: 775B guuid=a411a9b8-1600-0000-6596-abf8c60d0000 pid=3528 /usr/bin/curl dns net send-data guuid=a411a9b8-1600-0000-6596-abf8c60d0000 pid=3526->guuid=a411a9b8-1600-0000-6596-abf8c60d0000 pid=3528 clone guuid=a411a9b8-1600-0000-6596-abf8c60d0000 pid=3528->71d5fbeb-6e3e-587d-bea9-4cc9e23c5081 con 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=a411a9b8-1600-0000-6596-abf8c60d0000 pid=3528->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 62B fed28d25-0855-534e-8da7-8cc48e73d8b1 metramon.com:443 guuid=d2e29dcf-1600-0000-6596-abf8f70d0000 pid=3575->fed28d25-0855-534e-8da7-8cc48e73d8b1 send: 987B guuid=d2e29dcf-1600-0000-6596-abf8f70d0000 pid=3587 /usr/bin/curl dns net send-data guuid=d2e29dcf-1600-0000-6596-abf8f70d0000 pid=3575->guuid=d2e29dcf-1600-0000-6596-abf8f70d0000 pid=3587 clone guuid=d2e29dcf-1600-0000-6596-abf8f70d0000 pid=3587->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 60B guuid=d2e29dcf-1600-0000-6596-abf8f70d0000 pid=3587->fed28d25-0855-534e-8da7-8cc48e73d8b1 con guuid=b0e13ce3-1600-0000-6596-abf8300e0000 pid=3632 /usr/bin/bash guuid=f78b1de3-1600-0000-6596-abf82f0e0000 pid=3631->guuid=b0e13ce3-1600-0000-6596-abf8300e0000 pid=3632 clone guuid=10f849e3-1600-0000-6596-abf8310e0000 pid=3633 /usr/bin/sed guuid=f78b1de3-1600-0000-6596-abf82f0e0000 pid=3631->guuid=10f849e3-1600-0000-6596-abf8310e0000 pid=3633 execve
Score:
18%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/7daeeec6a883165d6849e0611e7fe39fbc4ad340bb2aeba416fb7cec3cb92917
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7daeeec6a883165d6849e0611e7fe39fbc4ad340bb2aeba416fb7cec3cb92917/
Verdict:
Malicious
Threat:
Downloader.OSX.Agent
Link:
https://tip.neiki.dev/file/7daeeec6a883165d6849e0611e7fe39fbc4ad340bb2aeba416fb7cec3cb92917
Threat name:
MacOS.Trojan.SuspMalScript
Create hunting rule
Status:
Malicious
First seen:
2026-03-16 15:22:44 UTC
File Type:
Text (Shell)
AV detection:
7 of 36 (19.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pwxo5rviqmlf22cj4bqr477dt66evu2axmvoxjaw7n6oypfzfelq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
antivm discovery linux
Link:
https://tria.ge/reports/260318-g96k4aav9l/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Checks CPU configuration
Looks up external IP address via web service
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.69
Link:
https://yomi.yoroi.company/submissions/7daeeec6a883165d6849e0611e7fe39fbc4ad340bb2aeba416fb7cec3cb92917

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments