MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8da159dceacbd76b38c1876f00bd122e7f6624c8e74cdbfe2b4c977641ea6e3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8da159dceacbd76b38c1876f00bd122e7f6624c8e74cdbfe2b4c977641ea6e3e
SHA3-384 hash: 38cca2cf3d661ef38213c54ff033f8e5a5e5cc3a0ab8ee0a1688ad1d32013914e1343b35f4c2ce9071f3af004d7134ed
SHA1 hash: a437e116ef16841af398171f7cc842929459bb31
MD5 hash: 1b21b7752ef33e265fe5b91f00135bcb
humanhash: don-mockingbird-lithium-louisiana
File name:cores.sh
Download: download sample
File size:858 bytes
First seen:2025-07-16 02:45:02 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:13GodDN4Hcuv4EAal24UNT50/+dS551+dhFqbHcoO4:jnGyZaAZNT50/MSzsdhUrJb
TLSH T13D116B3771903B35071F4414410A64C16B8411E79A875D3E3DDEA2233F9BEA0B0F95DB
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
24
Origin country :
DE DE
Vendor Threat Intelligence
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/cc04f263-dfab-4c4c-bcec-54b12004e888
Behavior Graph:
Download SVG
%3 guuid=b9737277-1a00-0000-dc09-62d44e0c0000 pid=3150 /usr/bin/sudo guuid=0e7cfe79-1a00-0000-dc09-62d4550c0000 pid=3157 /tmp/sample.bin guuid=b9737277-1a00-0000-dc09-62d44e0c0000 pid=3150->guuid=0e7cfe79-1a00-0000-dc09-62d4550c0000 pid=3157 execve guuid=c6eec47a-1a00-0000-dc09-62d4580c0000 pid=3160 /usr/bin/nproc guuid=0e7cfe79-1a00-0000-dc09-62d4550c0000 pid=3157->guuid=c6eec47a-1a00-0000-dc09-62d4580c0000 pid=3160 execve guuid=ce357c7b-1a00-0000-dc09-62d45a0c0000 pid=3162 /usr/bin/wget dns net send-data guuid=0e7cfe79-1a00-0000-dc09-62d4550c0000 pid=3157->guuid=ce357c7b-1a00-0000-dc09-62d45a0c0000 pid=3162 execve 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=ce357c7b-1a00-0000-dc09-62d45a0c0000 pid=3162->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 58B 2d062add-54df-5d1e-82f4-fd14162ed347 ifconfig.me:0 guuid=ce357c7b-1a00-0000-dc09-62d45a0c0000 pid=3162->2d062add-54df-5d1e-82f4-fd14162ed347 con e1f9bcbd-fc59-5429-9359-3d4eca276af4 ifconfig.me:80 guuid=ce357c7b-1a00-0000-dc09-62d45a0c0000 pid=3162->e1f9bcbd-fc59-5429-9359-3d4eca276af4 send: 126B
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/8da159dceacbd76b38c1876f00bd122e7f6624c8e74cdbfe2b4c977641ea6e3e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8da159dceacbd76b38c1876f00bd122e7f6624c8e74cdbfe2b4c977641ea6e3e/
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-01-11 07:02:12 UTC
File Type:
Text (Shell)
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rwqvtxhkzplwwogbq5xqbpisfz7wmjgi45gnx7rljslxmqpkny7a._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/250716-c849eshn5w/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8da159dceacbd76b38c1876f00bd122e7f6624c8e74cdbfe2b4c977641ea6e3e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 8da159dceacbd76b38c1876f00bd122e7f6624c8e74cdbfe2b4c977641ea6e3e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3584202/
  
Delivery method
Distributed via web download

Comments