MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9a0e2a443cc6e7ef86280342bea30543bf40a44df83f97400c28f3b4f1c0fb62. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9a0e2a443cc6e7ef86280342bea30543bf40a44df83f97400c28f3b4f1c0fb62
SHA3-384 hash: 043e6de332a51dcb1d0e8ff551cb5f806f342a19691e7da3aefe7f0f502acfb366c26c3c25d1047f334db815953657e0
SHA1 hash: c4ab2cc7eed19d4dcd7e14828f6d6a1c19139e0b
MD5 hash: 93910ee7dee3ad64ca3c93d676b85a45
humanhash: arizona-purple-apart-snake
File name:ccl
Download: download sample
File size:302 bytes
First seen:2025-11-20 20:38:51 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 6:ho58ziyZzw0yh/Fj/6DV/j7YFs7smI9//P5Td/D7B/+bZJbKXFs7Yjs:1aV/6DV37CdsJbKKEjs
TLSH T197E0C252C4961C0A397E8580F0BE01A0E6196833FF19451C3A5BFB9C4B7822875680A9
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
36
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.1801.23058.14631.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69201a49eecb08e4aa430d1f/reports/5adf0179-b5d8-4732-876e-4ff6f4d529ba/overview
Verdict:
Malicious
Labled as:
Trojan[Downloader]/Shell.Agent
Link:
https://www.hybrid-analysis.com/sample/9a0e2a443cc6e7ef86280342bea30543bf40a44df83f97400c28f3b4f1c0fb62
Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-20T17:58:00Z UTC
Last seen:
2025-11-21T09:27:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.bc
Link:
https://opentip.kaspersky.com/9a0e2a443cc6e7ef86280342bea30543bf40a44df83f97400c28f3b4f1c0fb62/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/49f47079-2b88-4a19-9bed-d582902cc067
Behavior Graph:
Download SVG
%3
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/9a0e2a443cc6e7ef86280342bea30543bf40a44df83f97400c28f3b4f1c0fb62
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9a0e2a443cc6e7ef86280342bea30543bf40a44df83f97400c28f3b4f1c0fb62/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/9a0e2a443cc6e7ef86280342bea30543bf40a44df83f97400c28f3b4f1c0fb62
Threat name:
Linux.Downloader.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-11-20 20:54:11 UTC
File Type:
Text (Shell)
AV detection:
7 of 36 (19.44%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tihcurb4y3t67brianbl5iyfio7ubjcn7a7zoqamfdz3j4oa7nra._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9a0e2a443cc6e7ef86280342bea30543bf40a44df83f97400c28f3b4f1c0fb62

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 9a0e2a443cc6e7ef86280342bea30543bf40a44df83f97400c28f3b4f1c0fb62

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3713103/
  
Delivery method
Distributed via web download

Comments