MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8348d62c205798f5992a1e139d0ed917a9007604b9334ed6d5a8f0bbec8006e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8348d62c205798f5992a1e139d0ed917a9007604b9334ed6d5a8f0bbec8006e1
SHA3-384 hash: 2e655d40ffd8b1c30235af82c1010303d756fd005253ab8f7fb9a093ba0077b7997bb21f6b2ce5e7a9043f66967288ba
SHA1 hash: d1873de749364681d5efd6a707cf3ccb2e03f70d
MD5 hash: 134e5a095e66a2c8677d2d38fcb2ff44
humanhash: comet-twenty-sixteen-rugby
File name:sys
Download: download sample
File size:7'135 bytes
First seen:2026-01-07 06:01:05 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 192:ZNZ9RMeOmvO4QnL/rA+74IoRNVik1ZREQ:p9RHhvOL/8+7wNV13
TLSH T183E196C6FE79D9343689C179FB866111F986742F48227F18384E68741F2C35413AD76B
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
60
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
bash lolbin
Link:
https://www.filescan.io/uploads/695df6af87e75cdd5af5be11/reports/21a7c65b-01a2-4b92-8d94-04ac0b984eff/overview
Verdict:
Clean
File Type:
unix shell
First seen:
2026-01-07T03:08:00Z UTC
Last seen:
2026-01-07T04:18:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/8348d62c205798f5992a1e139d0ed917a9007604b9334ed6d5a8f0bbec8006e1/results?tab=lookup
Score:
3%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/8348d62c205798f5992a1e139d0ed917a9007604b9334ed6d5a8f0bbec8006e1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8348d62c205798f5992a1e139d0ed917a9007604b9334ed6d5a8f0bbec8006e1/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/8348d62c205798f5992a1e139d0ed917a9007604b9334ed6d5a8f0bbec8006e1
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-01-07 06:01:21 UTC
File Type:
Text (Shell)
AV detection:
3 of 24 (12.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qnenmlbak6mplgjkdyjz2dwzc6uqa5qexezu5vwvvdylx3eaa3qq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm credential_access defense_evasion discovery linux privilege_escalation rootkit
Link:
https://tria.ge/reports/260107-gq2g2afp3v/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
Reads CPU attributes
Virtualization/Sandbox Evasion: Time Based Evasion
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Enumerates running processes
Flushes firewall rules
Loads a kernel module
Modifies sudoers policy
OS Credential Dumping
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.43
Link:
https://yomi.yoroi.company/submissions/8348d62c205798f5992a1e139d0ed917a9007604b9334ed6d5a8f0bbec8006e1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 8348d62c205798f5992a1e139d0ed917a9007604b9334ed6d5a8f0bbec8006e1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3751721/
  
Delivery method
Distributed via web download

Comments