MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8cbb43bb19040d5f5382fd11b1c5da50b803e2de8cb58e9a6c04ebb01acf5398. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8cbb43bb19040d5f5382fd11b1c5da50b803e2de8cb58e9a6c04ebb01acf5398
SHA3-384 hash: 9309478f1a3ac6bc332d332dcd16e8c0b15e6646264f4a7e1d46721237491febd272bd3730b6ea7aca93444b0191ea01
SHA1 hash: c51f4cdb24a043a69df23a2c666aa6c97cee93d3
MD5 hash: 164995f42218095f1fc04fe306c865e5
humanhash: magnesium-seventeen-oxygen-crazy
File name:cln.sh
Download: download sample
File size:9'831 bytes
First seen:2025-07-16 02:42:01 UTC
Last seen:2025-07-16 16:45:10 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 192:LG0ovZkg3zw3w3TJE3J3TrFrqKeOhZnQF17kcgs9G:cvEqaKK4C
TLSH T1601252036BAA62F52159C1BC5D839155164D510326282839BFBCFB443F2872CE2F7BAF
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
2
# of downloads :
24
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.BV.Agent-CBH.14180.17311.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ff7c092e-535e-4884-84b6-2141306067a2
Behavior Graph:
Download SVG
%3 guuid=a1e464d8-1a00-0000-82df-8401aa0b0000 pid=2986 /usr/bin/sudo guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994 /tmp/sample.bin guuid=a1e464d8-1a00-0000-82df-8401aa0b0000 pid=2986->guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994 execve guuid=b6d15fdd-1a00-0000-82df-8401b30b0000 pid=2995 /usr/bin/bash guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=b6d15fdd-1a00-0000-82df-8401b30b0000 pid=2995 clone guuid=a46d90dd-1a00-0000-82df-8401b40b0000 pid=2996 /usr/bin/tee write-file guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=a46d90dd-1a00-0000-82df-8401b40b0000 pid=2996 execve guuid=43f250de-1a00-0000-82df-8401b80b0000 pid=3000 /usr/bin/ps guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=43f250de-1a00-0000-82df-8401b80b0000 pid=3000 execve guuid=c13a57de-1a00-0000-82df-8401b90b0000 pid=3001 /usr/bin/grep guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=c13a57de-1a00-0000-82df-8401b90b0000 pid=3001 execve guuid=eb075ede-1a00-0000-82df-8401ba0b0000 pid=3002 /usr/bin/mawk write-file guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=eb075ede-1a00-0000-82df-8401ba0b0000 pid=3002 execve guuid=d59e63e4-1a00-0000-82df-8401c60b0000 pid=3014 /usr/bin/bash guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=d59e63e4-1a00-0000-82df-8401c60b0000 pid=3014 clone guuid=639a07e5-1a00-0000-82df-8401ca0b0000 pid=3018 /usr/bin/bash guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=639a07e5-1a00-0000-82df-8401ca0b0000 pid=3018 clone guuid=fb35a0e5-1a00-0000-82df-8401ce0b0000 pid=3022 /usr/bin/bash guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=fb35a0e5-1a00-0000-82df-8401ce0b0000 pid=3022 clone guuid=a32e48e6-1a00-0000-82df-8401d30b0000 pid=3027 /usr/bin/bash guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=a32e48e6-1a00-0000-82df-8401d30b0000 pid=3027 clone guuid=bafd1ae8-1a00-0000-82df-8401dd0b0000 pid=3037 /usr/bin/bash guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=bafd1ae8-1a00-0000-82df-8401dd0b0000 pid=3037 clone guuid=a7a426e8-1a00-0000-82df-8401de0b0000 pid=3038 /usr/bin/tee write-file guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=a7a426e8-1a00-0000-82df-8401de0b0000 pid=3038 execve guuid=04db1ee9-1a00-0000-82df-8401e00b0000 pid=3040 /usr/bin/bash guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=04db1ee9-1a00-0000-82df-8401e00b0000 pid=3040 clone guuid=5bc891ef-1a00-0000-82df-8401f80b0000 pid=3064 /usr/bin/bash guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=5bc891ef-1a00-0000-82df-8401f80b0000 pid=3064 clone guuid=889e9aef-1a00-0000-82df-8401fa0b0000 pid=3066 /usr/bin/tee write-file guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=889e9aef-1a00-0000-82df-8401fa0b0000 pid=3066 execve guuid=627630f0-1a00-0000-82df-8401fd0b0000 pid=3069 /usr/bin/rm delete-file guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=627630f0-1a00-0000-82df-8401fd0b0000 pid=3069 execve guuid=533a94f0-1a00-0000-82df-8401ff0b0000 pid=3071 /usr/bin/bash guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=533a94f0-1a00-0000-82df-8401ff0b0000 pid=3071 clone guuid=e2de9cf0-1a00-0000-82df-8401000c0000 pid=3072 /usr/bin/tee write-file guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=e2de9cf0-1a00-0000-82df-8401000c0000 pid=3072 execve guuid=08e80bf1-1a00-0000-82df-8401040c0000 pid=3076 /usr/bin/bash guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=08e80bf1-1a00-0000-82df-8401040c0000 pid=3076 clone guuid=b2df12f1-1a00-0000-82df-8401050c0000 pid=3077 /usr/bin/tee write-file guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=b2df12f1-1a00-0000-82df-8401050c0000 pid=3077 execve guuid=e3929cf1-1a00-0000-82df-8401090c0000 pid=3081 /usr/bin/bash guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=e3929cf1-1a00-0000-82df-8401090c0000 pid=3081 clone guuid=afd9a4f1-1a00-0000-82df-84010a0c0000 pid=3082 /usr/bin/tee write-file guuid=bd5f81db-1a00-0000-82df-8401b20b0000 pid=2994->guuid=afd9a4f1-1a00-0000-82df-84010a0c0000 pid=3082 execve guuid=a0239bdd-1a00-0000-82df-8401b50b0000 pid=2997 /usr/bin/date guuid=b6d15fdd-1a00-0000-82df-8401b30b0000 pid=2995->guuid=a0239bdd-1a00-0000-82df-8401b50b0000 pid=2997 execve guuid=d27c73e4-1a00-0000-82df-8401c70b0000 pid=3015 /usr/bin/bash guuid=d59e63e4-1a00-0000-82df-8401c60b0000 pid=3014->guuid=d27c73e4-1a00-0000-82df-8401c70b0000 pid=3015 clone guuid=e3f379e4-1a00-0000-82df-8401c80b0000 pid=3016 /usr/bin/mawk guuid=d59e63e4-1a00-0000-82df-8401c60b0000 pid=3014->guuid=e3f379e4-1a00-0000-82df-8401c80b0000 pid=3016 execve guuid=ef2522e5-1a00-0000-82df-8401cb0b0000 pid=3019 /usr/bin/bash guuid=639a07e5-1a00-0000-82df-8401ca0b0000 pid=3018->guuid=ef2522e5-1a00-0000-82df-8401cb0b0000 pid=3019 clone guuid=16dc33e5-1a00-0000-82df-8401cc0b0000 pid=3020 /usr/bin/mawk guuid=639a07e5-1a00-0000-82df-8401ca0b0000 pid=3018->guuid=16dc33e5-1a00-0000-82df-8401cc0b0000 pid=3020 execve guuid=b4b5b5e5-1a00-0000-82df-8401cf0b0000 pid=3023 /usr/bin/bash guuid=fb35a0e5-1a00-0000-82df-8401ce0b0000 pid=3022->guuid=b4b5b5e5-1a00-0000-82df-8401cf0b0000 pid=3023 clone guuid=1e00bce5-1a00-0000-82df-8401d00b0000 pid=3024 /usr/bin/mawk guuid=fb35a0e5-1a00-0000-82df-8401ce0b0000 pid=3022->guuid=1e00bce5-1a00-0000-82df-8401d00b0000 pid=3024 execve guuid=c88857e6-1a00-0000-82df-8401d40b0000 pid=3028 /usr/bin/bash guuid=a32e48e6-1a00-0000-82df-8401d30b0000 pid=3027->guuid=c88857e6-1a00-0000-82df-8401d40b0000 pid=3028 clone guuid=296067e6-1a00-0000-82df-8401d60b0000 pid=3030 /usr/bin/mawk guuid=a32e48e6-1a00-0000-82df-8401d30b0000 pid=3027->guuid=296067e6-1a00-0000-82df-8401d60b0000 pid=3030 execve guuid=aff48ce6-1a00-0000-82df-8401d70b0000 pid=3031 /usr/bin/xargs guuid=a32e48e6-1a00-0000-82df-8401d30b0000 pid=3027->guuid=aff48ce6-1a00-0000-82df-8401d70b0000 pid=3031 execve guuid=910165e7-1a00-0000-82df-8401db0b0000 pid=3035 /usr/bin/echo guuid=aff48ce6-1a00-0000-82df-8401d70b0000 pid=3031->guuid=910165e7-1a00-0000-82df-8401db0b0000 pid=3035 execve guuid=d9e52fe8-1a00-0000-82df-8401df0b0000 pid=3039 /usr/bin/date guuid=bafd1ae8-1a00-0000-82df-8401dd0b0000 pid=3037->guuid=d9e52fe8-1a00-0000-82df-8401df0b0000 pid=3039 execve guuid=906a37e9-1a00-0000-82df-8401e10b0000 pid=3041 /usr/bin/bash guuid=04db1ee9-1a00-0000-82df-8401e00b0000 pid=3040->guuid=906a37e9-1a00-0000-82df-8401e10b0000 pid=3041 clone guuid=af1d54e9-1a00-0000-82df-8401e20b0000 pid=3042 /usr/bin/ss guuid=906a37e9-1a00-0000-82df-8401e10b0000 pid=3041->guuid=af1d54e9-1a00-0000-82df-8401e20b0000 pid=3042 execve guuid=901868e9-1a00-0000-82df-8401e30b0000 pid=3043 /usr/bin/mawk guuid=906a37e9-1a00-0000-82df-8401e10b0000 pid=3041->guuid=901868e9-1a00-0000-82df-8401e30b0000 pid=3043 execve guuid=ac5b9eef-1a00-0000-82df-8401fb0b0000 pid=3067 /usr/bin/date guuid=5bc891ef-1a00-0000-82df-8401f80b0000 pid=3064->guuid=ac5b9eef-1a00-0000-82df-8401fb0b0000 pid=3067 execve guuid=45dfa1f0-1a00-0000-82df-8401010c0000 pid=3073 /usr/bin/date guuid=533a94f0-1a00-0000-82df-8401ff0b0000 pid=3071->guuid=45dfa1f0-1a00-0000-82df-8401010c0000 pid=3073 execve guuid=094724f1-1a00-0000-82df-8401060c0000 pid=3078 /usr/bin/date guuid=08e80bf1-1a00-0000-82df-8401040c0000 pid=3076->guuid=094724f1-1a00-0000-82df-8401060c0000 pid=3078 execve guuid=e73caaf1-1a00-0000-82df-84010b0c0000 pid=3083 /usr/bin/date guuid=e3929cf1-1a00-0000-82df-8401090c0000 pid=3081->guuid=e73caaf1-1a00-0000-82df-84010b0c0000 pid=3083 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/8cbb43bb19040d5f5382fd11b1c5da50b803e2de8cb58e9a6c04ebb01acf5398
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8cbb43bb19040d5f5382fd11b1c5da50b803e2de8cb58e9a6c04ebb01acf5398/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rs5uhoyzaqgv6u4c7ui3dro2kc4ahyw6rs2y5gtmatv3agwpkoma._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery linux
Link:
https://tria.ge/reports/250716-c67xjahn3y/
Behaviour
Reads runtime system information
Writes file to tmp directory
Reads CPU attributes
Enumerates running processes
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.23
Link:
https://yomi.yoroi.company/submissions/8cbb43bb19040d5f5382fd11b1c5da50b803e2de8cb58e9a6c04ebb01acf5398

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 8cbb43bb19040d5f5382fd11b1c5da50b803e2de8cb58e9a6c04ebb01acf5398

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3584183/
  
Delivery method
Distributed via web download

Comments