MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7fce835900f60a8f55c64c3a3b8cc9a4d34e23ef24e5905f4bdbc284d98368b4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	7fce835900f60a8f55c64c3a3b8cc9a4d34e23ef24e5905f4bdbc284d98368b4
SHA3-384 hash:	b15a7b455b724882ab045846e60066a4474451b992a0f52641cf2a7bbd2225bd79b0c2496b84d271e5e5703466e5ed85
SHA1 hash:	85262b8ebd0cd133f8a4142ab7d587d9f4dc72e3
MD5 hash:	9fd66da185fcf4d3b4537de755d894db
humanhash:	blue-enemy-hotel-friend
File name:	o
Download:	download sample
File size:	95 bytes
First seen:	2025-05-19 13:33:55 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	3:LMFD1ZyBzSbAzMATL79URJX9SSSSv:LMFD1Zy4AsVhSc
TLSH	T1CCB012D610583230C40335441011CBC82013E0A3FA274704E48C0F39C7C47F0B103B93
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://42.112.26.71/rev.mips	n/a	n/a	elf ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL

Verdict:

Clean

Score:

89.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=682c32d2c28c67d66642384clinux22vpnfull_triage

Tags:

n/a

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

lolbin remote

Link:

https://www.filescan.io/uploads/682b334d0de036ed65abb3b4/reports/a2196276-b757-465e-8982-a3738cb887ad/overview

Verdict:

Suspicious

Labled as:

TrojanDownloader/Linux.Agent

Link:

https://www.hybrid-analysis.com/sample/7fce835900f60a8f55c64c3a3b8cc9a4d34e23ef24e5905f4bdbc284d98368b4

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/7fce835900f60a8f55c64c3a3b8cc9a4d34e23ef24e5905f4bdbc284d98368b4

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7fce835900f60a8f55c64c3a3b8cc9a4d34e23ef24e5905f4bdbc284d98368b4/

Threat name:

Linux.Downloader.Generic

Status:

Suspicious

First seen:

2025-05-20 01:07:00 UTC

File Type:

Text (Shell)

AV detection:

2 of 24 (8.33%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=p7higwia6yfi6vogjq5dxdgjutju4i7petszax2l3pbijwmdnc2a._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7fce835900f60a8f55c64c3a3b8cc9a4d34e23ef24e5905f4bdbc284d98368b4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 7fce835900f60a8f55c64c3a3b8cc9a4d34e23ef24e5905f4bdbc284d98368b4

(this sample)

elf ac33249fc060b3d1007fc1d6c6d95173b57fc954a4eab5ebbcf9589675ce6e0e

URLhaus

https://urlhaus.abuse.ch/url/3546571/

Delivery method

Distributed via web download

Dropping

MD5 7fb85d2a194158441f174e8d3675224e

Dropping

SHA256 ac33249fc060b3d1007fc1d6c6d95173b57fc954a4eab5ebbcf9589675ce6e0e

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample