MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9184dcb57d28c8418e188de57fa99069736a6d1dd1a32050cf89ca6aa8f76c44. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9184dcb57d28c8418e188de57fa99069736a6d1dd1a32050cf89ca6aa8f76c44
SHA3-384 hash: fe6671affda5dad749fdd561837a9e39253d898a9b66fac5dc415de3149c1d26317b08a24ff2d86e3a8319518beb7813
SHA1 hash: 0d365efc370fa276e792faa64d595139012c8c27
MD5 hash: 553fb19cb69137896c014f3bc8f90e00
humanhash: nuts-speaker-johnny-monkey
File name:pXdN91.sh
Download: download sample
File size:2'036 bytes
First seen:2026-02-03 18:31:56 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:1h9a/seuXErhKAvqZA2YIOUo8oZ3v0biEvvSZXrvNAfE:1V4hKAwYIOUo8oRcI/
TLSH T14A4170CB3360CAB8ACB4696F3269741075F9A1B69BBE9F441BD834D9848DD1C30C5A73
Magika txt
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
39
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive medusa mirai
Link:
https://www.filescan.io/uploads/69823f3a930564ff3c87828e/reports/fa4ce63b-ee0e-44c8-93a6-b0382563e326/overview
Result
Gathering data
Verdict:
Malicious
File Type:
text
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/9184dcb57d28c8418e188de57fa99069736a6d1dd1a32050cf89ca6aa8f76c44/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/597266bd-9375-49a6-82a5-3eaceda5ba14
Behavior Graph:
Download SVG
%3 guuid=47f19421-2400-0000-3a34-26f20e0b0000 pid=2830 /usr/bin/sudo guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832 /tmp/sample.bin guuid=47f19421-2400-0000-3a34-26f20e0b0000 pid=2830->guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832 execve guuid=24baf625-2400-0000-3a34-26f2120b0000 pid=2834 /usr/bin/wget net send-data write-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=24baf625-2400-0000-3a34-26f2120b0000 pid=2834 execve guuid=013fa474-2500-0000-3a34-26f2a00c0000 pid=3232 /usr/bin/chmod guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=013fa474-2500-0000-3a34-26f2a00c0000 pid=3232 execve guuid=3221fb74-2500-0000-3a34-26f2a10c0000 pid=3233 /usr/bin/dash guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=3221fb74-2500-0000-3a34-26f2a10c0000 pid=3233 clone guuid=b5812275-2500-0000-3a34-26f2a20c0000 pid=3234 /usr/bin/rm delete-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=b5812275-2500-0000-3a34-26f2a20c0000 pid=3234 execve guuid=0a99ab75-2500-0000-3a34-26f2a40c0000 pid=3236 /usr/bin/wget net send-data write-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=0a99ab75-2500-0000-3a34-26f2a40c0000 pid=3236 execve guuid=ae22337c-2500-0000-3a34-26f2af0c0000 pid=3247 /usr/bin/chmod guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=ae22337c-2500-0000-3a34-26f2af0c0000 pid=3247 execve guuid=6a95bb7c-2500-0000-3a34-26f2b00c0000 pid=3248 /usr/bin/dash guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=6a95bb7c-2500-0000-3a34-26f2b00c0000 pid=3248 clone guuid=4fdadc7c-2500-0000-3a34-26f2b10c0000 pid=3249 /usr/bin/rm delete-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=4fdadc7c-2500-0000-3a34-26f2b10c0000 pid=3249 execve guuid=ee4a497d-2500-0000-3a34-26f2b30c0000 pid=3251 /usr/bin/wget net send-data write-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=ee4a497d-2500-0000-3a34-26f2b30c0000 pid=3251 execve guuid=07442483-2500-0000-3a34-26f2b90c0000 pid=3257 /usr/bin/chmod guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=07442483-2500-0000-3a34-26f2b90c0000 pid=3257 execve guuid=25ae6483-2500-0000-3a34-26f2ba0c0000 pid=3258 /usr/bin/dash guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=25ae6483-2500-0000-3a34-26f2ba0c0000 pid=3258 clone guuid=c1da7f83-2500-0000-3a34-26f2bb0c0000 pid=3259 /usr/bin/rm delete-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=c1da7f83-2500-0000-3a34-26f2bb0c0000 pid=3259 execve guuid=bb4cc883-2500-0000-3a34-26f2bd0c0000 pid=3261 /usr/bin/wget net send-data write-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=bb4cc883-2500-0000-3a34-26f2bd0c0000 pid=3261 execve guuid=ec5b5b8b-2500-0000-3a34-26f2c20c0000 pid=3266 /usr/bin/chmod guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=ec5b5b8b-2500-0000-3a34-26f2c20c0000 pid=3266 execve guuid=48970c8c-2500-0000-3a34-26f2c30c0000 pid=3267 /usr/bin/dash guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=48970c8c-2500-0000-3a34-26f2c30c0000 pid=3267 clone guuid=7319208c-2500-0000-3a34-26f2c40c0000 pid=3268 /usr/bin/rm delete-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=7319208c-2500-0000-3a34-26f2c40c0000 pid=3268 execve guuid=ff459e8c-2500-0000-3a34-26f2c50c0000 pid=3269 /usr/bin/wget net send-data write-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=ff459e8c-2500-0000-3a34-26f2c50c0000 pid=3269 execve guuid=91bf0593-2500-0000-3a34-26f2cf0c0000 pid=3279 /usr/bin/chmod guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=91bf0593-2500-0000-3a34-26f2cf0c0000 pid=3279 execve guuid=0a874093-2500-0000-3a34-26f2d10c0000 pid=3281 /usr/bin/dash guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=0a874093-2500-0000-3a34-26f2d10c0000 pid=3281 clone guuid=48a55393-2500-0000-3a34-26f2d20c0000 pid=3282 /usr/bin/rm delete-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=48a55393-2500-0000-3a34-26f2d20c0000 pid=3282 execve guuid=22549e93-2500-0000-3a34-26f2d30c0000 pid=3283 /usr/bin/wget net send-data guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=22549e93-2500-0000-3a34-26f2d30c0000 pid=3283 execve guuid=74c48e96-2500-0000-3a34-26f2d80c0000 pid=3288 /usr/bin/chmod guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=74c48e96-2500-0000-3a34-26f2d80c0000 pid=3288 execve guuid=f4940397-2500-0000-3a34-26f2d90c0000 pid=3289 /usr/bin/dash guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=f4940397-2500-0000-3a34-26f2d90c0000 pid=3289 clone guuid=d1ed1497-2500-0000-3a34-26f2da0c0000 pid=3290 /usr/bin/rm guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=d1ed1497-2500-0000-3a34-26f2da0c0000 pid=3290 execve guuid=4e019697-2500-0000-3a34-26f2dc0c0000 pid=3292 /usr/bin/wget net send-data write-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=4e019697-2500-0000-3a34-26f2dc0c0000 pid=3292 execve guuid=4de4f3a1-2500-0000-3a34-26f2e30c0000 pid=3299 /usr/bin/chmod guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=4de4f3a1-2500-0000-3a34-26f2e30c0000 pid=3299 execve guuid=1a943ba3-2500-0000-3a34-26f2e40c0000 pid=3300 /usr/bin/dash guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=1a943ba3-2500-0000-3a34-26f2e40c0000 pid=3300 clone guuid=241c71a3-2500-0000-3a34-26f2e60c0000 pid=3302 /usr/bin/rm delete-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=241c71a3-2500-0000-3a34-26f2e60c0000 pid=3302 execve guuid=483320a4-2500-0000-3a34-26f2e80c0000 pid=3304 /usr/bin/wget net send-data write-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=483320a4-2500-0000-3a34-26f2e80c0000 pid=3304 execve guuid=e9f982a9-2500-0000-3a34-26f2f30c0000 pid=3315 /usr/bin/chmod guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=e9f982a9-2500-0000-3a34-26f2f30c0000 pid=3315 execve guuid=943cc2a9-2500-0000-3a34-26f2f50c0000 pid=3317 /usr/bin/dash guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=943cc2a9-2500-0000-3a34-26f2f50c0000 pid=3317 clone guuid=1b49d5a9-2500-0000-3a34-26f2f60c0000 pid=3318 /usr/bin/rm delete-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=1b49d5a9-2500-0000-3a34-26f2f60c0000 pid=3318 execve guuid=c8a212aa-2500-0000-3a34-26f2f80c0000 pid=3320 /usr/bin/wget net send-data write-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=c8a212aa-2500-0000-3a34-26f2f80c0000 pid=3320 execve guuid=562964af-2500-0000-3a34-26f2ff0c0000 pid=3327 /usr/bin/chmod guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=562964af-2500-0000-3a34-26f2ff0c0000 pid=3327 execve guuid=711803b0-2500-0000-3a34-26f2010d0000 pid=3329 /usr/bin/dash guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=711803b0-2500-0000-3a34-26f2010d0000 pid=3329 clone guuid=c7a52bb0-2500-0000-3a34-26f2030d0000 pid=3331 /usr/bin/rm delete-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=c7a52bb0-2500-0000-3a34-26f2030d0000 pid=3331 execve guuid=3dd8d2b0-2500-0000-3a34-26f2050d0000 pid=3333 /usr/bin/wget net send-data write-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=3dd8d2b0-2500-0000-3a34-26f2050d0000 pid=3333 execve guuid=7cf664b7-2500-0000-3a34-26f20e0d0000 pid=3342 /usr/bin/chmod guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=7cf664b7-2500-0000-3a34-26f20e0d0000 pid=3342 execve guuid=b6abeab7-2500-0000-3a34-26f20f0d0000 pid=3343 /usr/bin/dash guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=b6abeab7-2500-0000-3a34-26f20f0d0000 pid=3343 clone guuid=d1e30db8-2500-0000-3a34-26f2100d0000 pid=3344 /usr/bin/rm delete-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=d1e30db8-2500-0000-3a34-26f2100d0000 pid=3344 execve guuid=851ea0b8-2500-0000-3a34-26f2120d0000 pid=3346 /usr/bin/wget net send-data write-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=851ea0b8-2500-0000-3a34-26f2120d0000 pid=3346 execve guuid=248c10bf-2500-0000-3a34-26f21c0d0000 pid=3356 /usr/bin/chmod guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=248c10bf-2500-0000-3a34-26f21c0d0000 pid=3356 execve guuid=23e770bf-2500-0000-3a34-26f21f0d0000 pid=3359 /usr/bin/dash guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=23e770bf-2500-0000-3a34-26f21f0d0000 pid=3359 clone guuid=79e67abf-2500-0000-3a34-26f2200d0000 pid=3360 /usr/bin/rm delete-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=79e67abf-2500-0000-3a34-26f2200d0000 pid=3360 execve guuid=585eb5bf-2500-0000-3a34-26f2210d0000 pid=3361 /usr/bin/wget net send-data write-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=585eb5bf-2500-0000-3a34-26f2210d0000 pid=3361 execve guuid=ece8c7c4-2500-0000-3a34-26f22a0d0000 pid=3370 /usr/bin/chmod guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=ece8c7c4-2500-0000-3a34-26f22a0d0000 pid=3370 execve guuid=1b5e55c5-2500-0000-3a34-26f22c0d0000 pid=3372 /usr/bin/dash guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=1b5e55c5-2500-0000-3a34-26f22c0d0000 pid=3372 clone guuid=f2105fc5-2500-0000-3a34-26f22d0d0000 pid=3373 /usr/bin/rm delete-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=f2105fc5-2500-0000-3a34-26f22d0d0000 pid=3373 execve guuid=744ebac5-2500-0000-3a34-26f22f0d0000 pid=3375 /usr/bin/wget net send-data write-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=744ebac5-2500-0000-3a34-26f22f0d0000 pid=3375 execve guuid=7cfda0cb-2500-0000-3a34-26f2370d0000 pid=3383 /usr/bin/chmod guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=7cfda0cb-2500-0000-3a34-26f2370d0000 pid=3383 execve guuid=572e49cc-2500-0000-3a34-26f2380d0000 pid=3384 /usr/bin/dash guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=572e49cc-2500-0000-3a34-26f2380d0000 pid=3384 clone guuid=960365cc-2500-0000-3a34-26f2390d0000 pid=3385 /usr/bin/rm delete-file guuid=73ada425-2400-0000-3a34-26f2100b0000 pid=2832->guuid=960365cc-2500-0000-3a34-26f2390d0000 pid=3385 execve a942379b-8084-5573-8465-f9edadb69e5f 185.242.3.144:80 guuid=24baf625-2400-0000-3a34-26f2120b0000 pid=2834->a942379b-8084-5573-8465-f9edadb69e5f send: 139B 07f980ea-6c7d-59f9-90bf-dda55e295103 185.242.3.143:80 guuid=0a99ab75-2500-0000-3a34-26f2a40c0000 pid=3236->07f980ea-6c7d-59f9-90bf-dda55e295103 send: 141B guuid=ee4a497d-2500-0000-3a34-26f2b30c0000 pid=3251->07f980ea-6c7d-59f9-90bf-dda55e295103 send: 138B guuid=bb4cc883-2500-0000-3a34-26f2bd0c0000 pid=3261->07f980ea-6c7d-59f9-90bf-dda55e295103 send: 138B guuid=ff459e8c-2500-0000-3a34-26f2c50c0000 pid=3269->07f980ea-6c7d-59f9-90bf-dda55e295103 send: 141B guuid=22549e93-2500-0000-3a34-26f2d30c0000 pid=3283->07f980ea-6c7d-59f9-90bf-dda55e295103 send: 139B guuid=4e019697-2500-0000-3a34-26f2dc0c0000 pid=3292->07f980ea-6c7d-59f9-90bf-dda55e295103 send: 138B guuid=483320a4-2500-0000-3a34-26f2e80c0000 pid=3304->07f980ea-6c7d-59f9-90bf-dda55e295103 send: 139B guuid=c8a212aa-2500-0000-3a34-26f2f80c0000 pid=3320->07f980ea-6c7d-59f9-90bf-dda55e295103 send: 139B guuid=3dd8d2b0-2500-0000-3a34-26f2050d0000 pid=3333->07f980ea-6c7d-59f9-90bf-dda55e295103 send: 140B guuid=851ea0b8-2500-0000-3a34-26f2120d0000 pid=3346->07f980ea-6c7d-59f9-90bf-dda55e295103 send: 141B guuid=585eb5bf-2500-0000-3a34-26f2210d0000 pid=3361->07f980ea-6c7d-59f9-90bf-dda55e295103 send: 141B guuid=744ebac5-2500-0000-3a34-26f22f0d0000 pid=3375->07f980ea-6c7d-59f9-90bf-dda55e295103 send: 141B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/9184dcb57d28c8418e188de57fa99069736a6d1dd1a32050cf89ca6aa8f76c44
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9184dcb57d28c8418e188de57fa99069736a6d1dd1a32050cf89ca6aa8f76c44/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/9184dcb57d28c8418e188de57fa99069736a6d1dd1a32050cf89ca6aa8f76c44
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-02-03 18:22:05 UTC
File Type:
Text (Shell)
AV detection:
21 of 36 (58.33%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=sgcnznl5fdeeddqyrxsx7kmqnfzwu3i52grsaugprhfgvkhxnrca._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260203-w6sx6adt9e/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9184dcb57d28c8418e188de57fa99069736a6d1dd1a32050cf89ca6aa8f76c44

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 9184dcb57d28c8418e188de57fa99069736a6d1dd1a32050cf89ca6aa8f76c44

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3771730/
  
Delivery method
Distributed via web download

Comments