MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7ea71aab26a225de67984f1b795bd1690aa834d7960aa95e438e9af0d9a90bc7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Sliver


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7ea71aab26a225de67984f1b795bd1690aa834d7960aa95e438e9af0d9a90bc7
SHA3-384 hash: dcf28e39f613ff1b6b94409422bed2118575a15b95cd248fc941f8ca66643c978f825f1997dea49abc0d1175be3e0969
SHA1 hash: 0e4b012448f6b9f011da9e97c6818e4aba74e983
MD5 hash: c0f273a209511ca6ef2786d9cc262fec
humanhash: blossom-delaware-colorado-bulldog
File name:one_liner.sh
Download: download sample
Signature Sliver
Create hunting rule
File size:127 bytes
First seen:2026-01-11 06:42:20 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 3:TKH/JOfFSCHfOtUSkzR7LFvLkDaFOd4XVMMhFaATsFz:lSaYOToDapXGMhFLgFz
TLSH T168B02BC44824DC815C1C408C3148F17072522051344C090DA0540E502446248300FF80
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh sliver
URLMalware sample (SHA256 hash)SignatureTags
http://184.174.32.240:9000/bpexch_implant_linux68ef23797c846410d4e63044c35daa758a38aa6f9582aa60574eae281388a53b SliverSliver

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6963465f30368802bb7fd805/reports/60f03195-2ecc-4dc0-be9a-af5ec0346ffd/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-01-11T03:55:00Z UTC
Last seen:
2026-01-12T12:48:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/7ea71aab26a225de67984f1b795bd1690aa834d7960aa95e438e9af0d9a90bc7/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/401198e4-f3c9-4325-8963-5c868ae4ce08
Behavior Graph:
Download SVG
%3 guuid=8863d6e3-1a00-0000-3d3c-401c390b0000 pid=2873 /usr/bin/sudo guuid=95e8ece5-1a00-0000-3d3c-401c400b0000 pid=2880 /tmp/sample.bin guuid=8863d6e3-1a00-0000-3d3c-401c390b0000 pid=2873->guuid=95e8ece5-1a00-0000-3d3c-401c400b0000 pid=2880 execve guuid=8bc9e7ea-1a00-0000-3d3c-401c4c0b0000 pid=2892 /usr/bin/bash guuid=95e8ece5-1a00-0000-3d3c-401c400b0000 pid=2880->guuid=8bc9e7ea-1a00-0000-3d3c-401c4c0b0000 pid=2892 clone guuid=b8d0fdea-1a00-0000-3d3c-401c4d0b0000 pid=2893 /usr/bin/wget net send-data write-file guuid=8bc9e7ea-1a00-0000-3d3c-401c4c0b0000 pid=2892->guuid=b8d0fdea-1a00-0000-3d3c-401c4d0b0000 pid=2893 execve guuid=d9b7e0b3-1b00-0000-3d3c-401c700c0000 pid=3184 /usr/bin/chmod guuid=8bc9e7ea-1a00-0000-3d3c-401c4c0b0000 pid=2892->guuid=d9b7e0b3-1b00-0000-3d3c-401c700c0000 pid=3184 execve guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3185 /tmp/i guuid=8bc9e7ea-1a00-0000-3d3c-401c4c0b0000 pid=2892->guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3185 execve b14c85bd-0978-5c79-b092-970c3c49f9db 184.174.32.240:9000 guuid=b8d0fdea-1a00-0000-3d3c-401c4d0b0000 pid=2893->b14c85bd-0978-5c79-b092-970c3c49f9db send: 154B guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3186 /tmp/i guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3185->guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3186 clone guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3187 /tmp/i send-data guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3185->guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3187 clone guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3188 /tmp/i send-data guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3185->guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3188 clone guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3189 /tmp/i net guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3185->guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3189 clone 383513cb-e377-5fde-940f-65e50466ddc9 184.174.32.240:8888 guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3187->383513cb-e377-5fde-940f-65e50466ddc9 send: 933B guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3188->383513cb-e377-5fde-940f-65e50466ddc9 send: 1483B guuid=4c273cb4-1b00-0000-3d3c-401c710c0000 pid=3189->383513cb-e377-5fde-940f-65e50466ddc9 con
Score:
91%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/7ea71aab26a225de67984f1b795bd1690aa834d7960aa95e438e9af0d9a90bc7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7ea71aab26a225de67984f1b795bd1690aa834d7960aa95e438e9af0d9a90bc7/
Verdict:
Malicious
Threat:
Family.SLIVER
Link:
https://tip.neiki.dev/file/7ea71aab26a225de67984f1b795bd1690aa834d7960aa95e438e9af0d9a90bc7
Threat name:
Linux.Downloader.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2026-01-11 06:43:29 UTC
File Type:
Text (Shell)
AV detection:
1 of 24 (4.17%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=p2trvkzguis54z4yj4nxsw6rnefkqngxsyfksxsdr2npbwnjbpdq._file
Result
Malware family:
sliver
Create hunting rule
Score:
  10/10
Tags:
family:sliver backdoor defense_evasion discovery linux trojan
Link:
https://tria.ge/reports/260111-hglwnacx6d/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
File and Directory Permissions Modification
Executes dropped EXE
Detects Sliver payload
Sliver family
SliverRAT
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7ea71aab26a225de67984f1b795bd1690aa834d7960aa95e438e9af0d9a90bc7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Sliver

sh 7ea71aab26a225de67984f1b795bd1690aa834d7960aa95e438e9af0d9a90bc7

(this sample)

Sliver

elf 68ef23797c846410d4e63044c35daa758a38aa6f9582aa60574eae281388a53b

  
URLhaus
https://urlhaus.abuse.ch/url/3755970/
  
Delivery method
Distributed via web download
  
Dropping
MD5 9d1510a04ee4d4a2e7d79f583cf3cd2b
  
Dropping
SHA256 68ef23797c846410d4e63044c35daa758a38aa6f9582aa60574eae281388a53b

Comments