MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9f98cb6433591c6ad46051bb926e5230d0b0c43d8fb6bd4a8ecff6d10937112c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9f98cb6433591c6ad46051bb926e5230d0b0c43d8fb6bd4a8ecff6d10937112c
SHA3-384 hash: 35f9e805b4b25398b3aba183d2a079e80ee4943ce4726b06521b40e2f5005a7acdac41dfbbd5a44551f72d4f933c8ee5
SHA1 hash: 3512e927dcaf3faaa76866e64855571a501128d3
MD5 hash: eb24d7e2230f311e35c5275a23ecf1cf
humanhash: purple-saturn-grey-ink
File name:install.sh
Download: download sample
File size:4'947 bytes
First seen:2026-02-22 19:27:14 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:/fL1FczktwyfRVjRivaIHgf60sxJZy9r4SfVzuGDg58uL/uL5xBW:HszTyfRVQfxm0StiGUmxw
TLSH T10BA1418778A266302B8B807A5B4D65827587022F1424AC5CB59EFC306F785B4F2F9FE1
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Result
Gathering data
Verdict:
Malicious
File Type:
unix shell
Link:
https://opentip.kaspersky.com/9f98cb6433591c6ad46051bb926e5230d0b0c43d8fb6bd4a8ecff6d10937112c/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/fc1fdf3d-7e9f-4431-9cc9-2ebc2ddd7156
Behavior Graph:
Download SVG
%3 guuid=26009e62-1900-0000-3f2d-226aaf080000 pid=2223 /usr/bin/sudo guuid=0e274b65-1900-0000-3f2d-226ab8080000 pid=2232 /tmp/sample.bin guuid=26009e62-1900-0000-3f2d-226aaf080000 pid=2223->guuid=0e274b65-1900-0000-3f2d-226ab8080000 pid=2232 execve guuid=aab21667-1900-0000-3f2d-226abb080000 pid=2235 /usr/bin/bash guuid=0e274b65-1900-0000-3f2d-226ab8080000 pid=2232->guuid=aab21667-1900-0000-3f2d-226abb080000 pid=2235 clone guuid=f4629267-1900-0000-3f2d-226ac1080000 pid=2241 /usr/bin/pgrep guuid=0e274b65-1900-0000-3f2d-226ab8080000 pid=2232->guuid=f4629267-1900-0000-3f2d-226ac1080000 pid=2241 execve guuid=cf00c06f-1900-0000-3f2d-226aca080000 pid=2250 /usr/bin/pgrep guuid=0e274b65-1900-0000-3f2d-226ab8080000 pid=2232->guuid=cf00c06f-1900-0000-3f2d-226aca080000 pid=2250 execve guuid=11c63c74-1900-0000-3f2d-226ad0080000 pid=2256 /usr/bin/pgrep guuid=0e274b65-1900-0000-3f2d-226ab8080000 pid=2232->guuid=11c63c74-1900-0000-3f2d-226ad0080000 pid=2256 execve guuid=a5a1cf78-1900-0000-3f2d-226adb080000 pid=2267 /usr/bin/pgrep guuid=0e274b65-1900-0000-3f2d-226ab8080000 pid=2232->guuid=a5a1cf78-1900-0000-3f2d-226adb080000 pid=2267 execve guuid=bd2c867b-1900-0000-3f2d-226add080000 pid=2269 /usr/bin/pgrep guuid=0e274b65-1900-0000-3f2d-226ab8080000 pid=2232->guuid=bd2c867b-1900-0000-3f2d-226add080000 pid=2269 execve guuid=9d6a9f7e-1900-0000-3f2d-226ade080000 pid=2270 /usr/bin/pgrep guuid=0e274b65-1900-0000-3f2d-226ab8080000 pid=2232->guuid=9d6a9f7e-1900-0000-3f2d-226ade080000 pid=2270 execve guuid=8a215d83-1900-0000-3f2d-226ae2080000 pid=2274 /usr/bin/killall guuid=0e274b65-1900-0000-3f2d-226ab8080000 pid=2232->guuid=8a215d83-1900-0000-3f2d-226ae2080000 pid=2274 execve guuid=48073e85-1900-0000-3f2d-226ae7080000 pid=2279 /usr/bin/touch guuid=0e274b65-1900-0000-3f2d-226ab8080000 pid=2232->guuid=48073e85-1900-0000-3f2d-226ae7080000 pid=2279 execve guuid=2a24b785-1900-0000-3f2d-226ae9080000 pid=2281 /usr/bin/rm delete-file guuid=0e274b65-1900-0000-3f2d-226ab8080000 pid=2232->guuid=2a24b785-1900-0000-3f2d-226ae9080000 pid=2281 execve guuid=65c84286-1900-0000-3f2d-226aeb080000 pid=2283 /usr/bin/timeout guuid=0e274b65-1900-0000-3f2d-226ab8080000 pid=2232->guuid=65c84286-1900-0000-3f2d-226aeb080000 pid=2283 execve guuid=0e812b05-1d00-0000-3f2d-226a2a100000 pid=4138 /usr/bin/timeout guuid=0e274b65-1900-0000-3f2d-226ab8080000 pid=2232->guuid=0e812b05-1d00-0000-3f2d-226a2a100000 pid=4138 execve guuid=a6cce783-2000-0000-3f2d-226a75140000 pid=5237 /usr/bin/busybox guuid=0e274b65-1900-0000-3f2d-226ab8080000 pid=2232->guuid=a6cce783-2000-0000-3f2d-226a75140000 pid=5237 execve guuid=5d102867-1900-0000-3f2d-226abc080000 pid=2236 /usr/bin/bash guuid=aab21667-1900-0000-3f2d-226abb080000 pid=2235->guuid=5d102867-1900-0000-3f2d-226abc080000 pid=2236 clone guuid=6ce23467-1900-0000-3f2d-226abd080000 pid=2237 /usr/bin/uname guuid=5d102867-1900-0000-3f2d-226abc080000 pid=2236->guuid=6ce23467-1900-0000-3f2d-226abd080000 pid=2237 execve guuid=e36bdc86-1900-0000-3f2d-226aee080000 pid=2286 /usr/bin/wget net guuid=65c84286-1900-0000-3f2d-226aeb080000 pid=2283->guuid=e36bdc86-1900-0000-3f2d-226aee080000 pid=2286 execve d129e592-c4c5-5e2c-8b57-ac6a680fba13 177.161.176.25:3000 guuid=e36bdc86-1900-0000-3f2d-226aee080000 pid=2286->d129e592-c4c5-5e2c-8b57-ac6a680fba13 con guuid=d23a9105-1d00-0000-3f2d-226a2b100000 pid=4139 /usr/bin/curl net guuid=0e812b05-1d00-0000-3f2d-226a2a100000 pid=4138->guuid=d23a9105-1d00-0000-3f2d-226a2b100000 pid=4139 execve guuid=d23a9105-1d00-0000-3f2d-226a2b100000 pid=4139->d129e592-c4c5-5e2c-8b57-ac6a680fba13 con
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/9f98cb6433591c6ad46051bb926e5230d0b0c43d8fb6bd4a8ecff6d10937112c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9f98cb6433591c6ad46051bb926e5230d0b0c43d8fb6bd4a8ecff6d10937112c/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/9f98cb6433591c6ad46051bb926e5230d0b0c43d8fb6bd4a8ecff6d10937112c
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=t6mmwzbtleogvvdakg5ze3ssgdilbrb5r63l2suoz73nccjxcewa._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
antivm discovery linux
Link:
https://tria.ge/reports/260222-x6q91afv6c/
Behaviour
Reads runtime system information
Writes file to shm directory
Checks CPU configuration
Reads CPU attributes
Enumerates running processes
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/9f98cb6433591c6ad46051bb926e5230d0b0c43d8fb6bd4a8ecff6d10937112c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 9f98cb6433591c6ad46051bb926e5230d0b0c43d8fb6bd4a8ecff6d10937112c

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3783614/
  
Delivery method
Distributed via web download

Comments