MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a92fa2829498349661641378a4bb8d85a46fab5bd96af87c26e490f32cae63cd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a92fa2829498349661641378a4bb8d85a46fab5bd96af87c26e490f32cae63cd
SHA3-384 hash: 63a091c66f93bd5129c7631af8e86c5eb2904052ae29c6a29c3b401529c1fcec54287f5ea3c5668b7e98591f8b643027
SHA1 hash: b71c001c23142fb86079927a18c5e1a095d1953f
MD5 hash: 673e50ce46b6726599638055f6ca65a1
humanhash: arizona-lima-aspen-mississippi
File name:bins.sh
Download: download sample
File size:533 bytes
First seen:2026-04-24 07:34:41 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:lOnFflE0Fr4KtHiMxJ4KtHiMBviMuiMTf4yxocbnMAMQrAgD4e86PcbZusmQ4vD3:v0FrtJIrBTNnrrI2iED5N7Q5q
TLSH T1E3F0B4C802B920390AC79A0B53228984F798C054F82359BC8FDCE895A894C60382CBFF
Magika batch
Reporter BlinkzSec
URLMalware sample (SHA256 hash)SignatureTags
http://45.131.108.107/0x83911d24Fx.shn/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
SK SK
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
text
First seen:
2026-04-24T04:43:00Z UTC
Last seen:
2026-04-26T01:38:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/a92fa2829498349661641378a4bb8d85a46fab5bd96af87c26e490f32cae63cd/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ae6795e9-64da-40dc-b95d-572d8d2bd4bf
Behavior Graph:
Download SVG
%3 guuid=07138328-1700-0000-2e3b-52b7900e0000 pid=3728 /usr/bin/sudo guuid=fed1492a-1700-0000-2e3b-52b7990e0000 pid=3737 /tmp/sample.bin guuid=07138328-1700-0000-2e3b-52b7900e0000 pid=3728->guuid=fed1492a-1700-0000-2e3b-52b7990e0000 pid=3737 execve guuid=4271842a-1700-0000-2e3b-52b79b0e0000 pid=3739 /usr/bin/wget net send-data write-file guuid=fed1492a-1700-0000-2e3b-52b7990e0000 pid=3737->guuid=4271842a-1700-0000-2e3b-52b79b0e0000 pid=3739 execve guuid=8cdcdb2e-1700-0000-2e3b-52b7a60e0000 pid=3750 /usr/bin/curl net send-data write-file guuid=fed1492a-1700-0000-2e3b-52b7990e0000 pid=3737->guuid=8cdcdb2e-1700-0000-2e3b-52b7a60e0000 pid=3750 execve guuid=fd27b836-1700-0000-2e3b-52b7ba0e0000 pid=3770 /usr/bin/chmod guuid=fed1492a-1700-0000-2e3b-52b7990e0000 pid=3737->guuid=fd27b836-1700-0000-2e3b-52b7ba0e0000 pid=3770 execve guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772 /usr/bin/dash guuid=fed1492a-1700-0000-2e3b-52b7990e0000 pid=3737->guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772 execve a0ec741e-5a82-5030-9c9a-d151fb834577 45.131.108.107:80 guuid=4271842a-1700-0000-2e3b-52b79b0e0000 pid=3739->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 144B guuid=8cdcdb2e-1700-0000-2e3b-52b7a60e0000 pid=3750->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 93B guuid=1e963e37-1700-0000-2e3b-52b7bf0e0000 pid=3775 /usr/bin/wget net send-data write-file guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=1e963e37-1700-0000-2e3b-52b7bf0e0000 pid=3775 execve guuid=1814b73e-1700-0000-2e3b-52b7e40e0000 pid=3812 /usr/bin/curl net send-data write-file guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=1814b73e-1700-0000-2e3b-52b7e40e0000 pid=3812 execve guuid=055b8f4b-1700-0000-2e3b-52b7120f0000 pid=3858 /usr/bin/cat guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=055b8f4b-1700-0000-2e3b-52b7120f0000 pid=3858 execve guuid=2f64d74b-1700-0000-2e3b-52b7140f0000 pid=3860 /usr/bin/chmod guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=2f64d74b-1700-0000-2e3b-52b7140f0000 pid=3860 execve guuid=d25f124c-1700-0000-2e3b-52b7150f0000 pid=3861 /tmp/x net guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=d25f124c-1700-0000-2e3b-52b7150f0000 pid=3861 execve guuid=4109444c-1700-0000-2e3b-52b7170f0000 pid=3863 /usr/bin/wget net send-data guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=4109444c-1700-0000-2e3b-52b7170f0000 pid=3863 execve guuid=0b37764f-1700-0000-2e3b-52b7220f0000 pid=3874 /usr/bin/curl net send-data write-file guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=0b37764f-1700-0000-2e3b-52b7220f0000 pid=3874 execve guuid=9bce0855-1700-0000-2e3b-52b7370f0000 pid=3895 /usr/bin/chmod guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=9bce0855-1700-0000-2e3b-52b7370f0000 pid=3895 execve guuid=33655255-1700-0000-2e3b-52b73b0f0000 pid=3899 /tmp/x net guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=33655255-1700-0000-2e3b-52b73b0f0000 pid=3899 execve guuid=7bfd70b8-1900-0000-2e3b-52b77d140000 pid=5245 /usr/bin/wget net send-data write-file guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=7bfd70b8-1900-0000-2e3b-52b77d140000 pid=5245 execve guuid=ad65c7c1-1900-0000-2e3b-52b77f140000 pid=5247 /usr/bin/curl net send-data write-file guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=ad65c7c1-1900-0000-2e3b-52b77f140000 pid=5247 execve guuid=544938cc-1900-0000-2e3b-52b780140000 pid=5248 /usr/bin/chmod guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=544938cc-1900-0000-2e3b-52b780140000 pid=5248 execve guuid=00768bcc-1900-0000-2e3b-52b781140000 pid=5249 /tmp/x net guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=00768bcc-1900-0000-2e3b-52b781140000 pid=5249 execve guuid=ebb35931-1c00-0000-2e3b-52b7a3140000 pid=5283 /usr/bin/wget net send-data write-file guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=ebb35931-1c00-0000-2e3b-52b7a3140000 pid=5283 execve guuid=a944f538-1c00-0000-2e3b-52b7a5140000 pid=5285 /usr/bin/curl net send-data write-file guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=a944f538-1c00-0000-2e3b-52b7a5140000 pid=5285 execve guuid=a90aab41-1c00-0000-2e3b-52b7a6140000 pid=5286 /usr/bin/chmod guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=a90aab41-1c00-0000-2e3b-52b7a6140000 pid=5286 execve guuid=249dee41-1c00-0000-2e3b-52b7a7140000 pid=5287 /tmp/x net guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=249dee41-1c00-0000-2e3b-52b7a7140000 pid=5287 execve guuid=c36f45aa-1e00-0000-2e3b-52b7a9140000 pid=5289 /usr/bin/wget net send-data write-file guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=c36f45aa-1e00-0000-2e3b-52b7a9140000 pid=5289 execve guuid=121824b2-1e00-0000-2e3b-52b7ab140000 pid=5291 /usr/bin/curl net send-data write-file guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=121824b2-1e00-0000-2e3b-52b7ab140000 pid=5291 execve guuid=38a4b5b9-1e00-0000-2e3b-52b7ac140000 pid=5292 /usr/bin/chmod guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=38a4b5b9-1e00-0000-2e3b-52b7ac140000 pid=5292 execve guuid=852afdb9-1e00-0000-2e3b-52b7ad140000 pid=5293 /tmp/x net guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=852afdb9-1e00-0000-2e3b-52b7ad140000 pid=5293 execve guuid=0b7d8b25-2100-0000-2e3b-52b7af140000 pid=5295 /usr/bin/wget net send-data write-file guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=0b7d8b25-2100-0000-2e3b-52b7af140000 pid=5295 execve guuid=d460452d-2100-0000-2e3b-52b7b1140000 pid=5297 /usr/bin/curl net send-data write-file guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=d460452d-2100-0000-2e3b-52b7b1140000 pid=5297 execve guuid=3be4ab35-2100-0000-2e3b-52b7b2140000 pid=5298 /usr/bin/chmod guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=3be4ab35-2100-0000-2e3b-52b7b2140000 pid=5298 execve guuid=b6601336-2100-0000-2e3b-52b7b3140000 pid=5299 /tmp/x net guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=b6601336-2100-0000-2e3b-52b7b3140000 pid=5299 execve guuid=ad4bd0a2-2300-0000-2e3b-52b7b5140000 pid=5301 /usr/bin/wget net send-data write-file guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=ad4bd0a2-2300-0000-2e3b-52b7b5140000 pid=5301 execve guuid=26270eab-2300-0000-2e3b-52b7b7140000 pid=5303 /usr/bin/curl net send-data write-file guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=26270eab-2300-0000-2e3b-52b7b7140000 pid=5303 execve guuid=c31378b5-2300-0000-2e3b-52b7b8140000 pid=5304 /usr/bin/chmod guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=c31378b5-2300-0000-2e3b-52b7b8140000 pid=5304 execve guuid=234fbbb5-2300-0000-2e3b-52b7b9140000 pid=5305 /tmp/x net guuid=3f830037-1700-0000-2e3b-52b7bc0e0000 pid=3772->guuid=234fbbb5-2300-0000-2e3b-52b7b9140000 pid=5305 execve guuid=1e963e37-1700-0000-2e3b-52b7bf0e0000 pid=3775->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 144B guuid=1814b73e-1700-0000-2e3b-52b7e40e0000 pid=3812->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 93B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=d25f124c-1700-0000-2e3b-52b7150f0000 pid=3861->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=22c83b4c-1700-0000-2e3b-52b7160f0000 pid=3862 /tmp/x net zombie guuid=d25f124c-1700-0000-2e3b-52b7150f0000 pid=3861->guuid=22c83b4c-1700-0000-2e3b-52b7160f0000 pid=3862 clone 392a06eb-e686-5378-bd7e-8ba15cc8e775 45.131.108.107:1302 guuid=22c83b4c-1700-0000-2e3b-52b7160f0000 pid=3862->392a06eb-e686-5378-bd7e-8ba15cc8e775 con guuid=e7ae504c-1700-0000-2e3b-52b7180f0000 pid=3864 /tmp/x guuid=22c83b4c-1700-0000-2e3b-52b7160f0000 pid=3862->guuid=e7ae504c-1700-0000-2e3b-52b7180f0000 pid=3864 clone guuid=4109444c-1700-0000-2e3b-52b7170f0000 pid=3863->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 145B guuid=0b37764f-1700-0000-2e3b-52b7220f0000 pid=3874->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 94B guuid=33655255-1700-0000-2e3b-52b73b0f0000 pid=3899->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 836dce14-4611-5ec0-94fd-a9232d5a3558 0.0.0.0:9473 guuid=33655255-1700-0000-2e3b-52b73b0f0000 pid=3899->836dce14-4611-5ec0-94fd-a9232d5a3558 con guuid=ff0f56b8-1900-0000-2e3b-52b77c140000 pid=5244 /tmp/x net zombie guuid=33655255-1700-0000-2e3b-52b73b0f0000 pid=3899->guuid=ff0f56b8-1900-0000-2e3b-52b77c140000 pid=5244 clone guuid=ff0f56b8-1900-0000-2e3b-52b77c140000 pid=5244->392a06eb-e686-5378-bd7e-8ba15cc8e775 con guuid=409373b8-1900-0000-2e3b-52b77e140000 pid=5246 /tmp/x guuid=ff0f56b8-1900-0000-2e3b-52b77c140000 pid=5244->guuid=409373b8-1900-0000-2e3b-52b77e140000 pid=5246 clone guuid=7bfd70b8-1900-0000-2e3b-52b77d140000 pid=5245->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 145B guuid=ad65c7c1-1900-0000-2e3b-52b77f140000 pid=5247->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 94B guuid=00768bcc-1900-0000-2e3b-52b781140000 pid=5249->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=00768bcc-1900-0000-2e3b-52b781140000 pid=5249->836dce14-4611-5ec0-94fd-a9232d5a3558 con guuid=74cf4e31-1c00-0000-2e3b-52b7a2140000 pid=5282 /tmp/x net zombie guuid=00768bcc-1900-0000-2e3b-52b781140000 pid=5249->guuid=74cf4e31-1c00-0000-2e3b-52b7a2140000 pid=5282 clone guuid=74cf4e31-1c00-0000-2e3b-52b7a2140000 pid=5282->392a06eb-e686-5378-bd7e-8ba15cc8e775 con guuid=d3d66731-1c00-0000-2e3b-52b7a4140000 pid=5284 /tmp/x guuid=74cf4e31-1c00-0000-2e3b-52b7a2140000 pid=5282->guuid=d3d66731-1c00-0000-2e3b-52b7a4140000 pid=5284 clone guuid=ebb35931-1c00-0000-2e3b-52b7a3140000 pid=5283->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 144B guuid=a944f538-1c00-0000-2e3b-52b7a5140000 pid=5285->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 93B guuid=249dee41-1c00-0000-2e3b-52b7a7140000 pid=5287->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=249dee41-1c00-0000-2e3b-52b7a7140000 pid=5287->836dce14-4611-5ec0-94fd-a9232d5a3558 con guuid=fb2a3caa-1e00-0000-2e3b-52b7a8140000 pid=5288 /tmp/x net zombie guuid=249dee41-1c00-0000-2e3b-52b7a7140000 pid=5287->guuid=fb2a3caa-1e00-0000-2e3b-52b7a8140000 pid=5288 clone guuid=fb2a3caa-1e00-0000-2e3b-52b7a8140000 pid=5288->392a06eb-e686-5378-bd7e-8ba15cc8e775 con guuid=bb1a4caa-1e00-0000-2e3b-52b7aa140000 pid=5290 /tmp/x guuid=fb2a3caa-1e00-0000-2e3b-52b7a8140000 pid=5288->guuid=bb1a4caa-1e00-0000-2e3b-52b7aa140000 pid=5290 clone guuid=c36f45aa-1e00-0000-2e3b-52b7a9140000 pid=5289->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 145B guuid=121824b2-1e00-0000-2e3b-52b7ab140000 pid=5291->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 94B guuid=852afdb9-1e00-0000-2e3b-52b7ad140000 pid=5293->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=852afdb9-1e00-0000-2e3b-52b7ad140000 pid=5293->836dce14-4611-5ec0-94fd-a9232d5a3558 con guuid=c9687e25-2100-0000-2e3b-52b7ae140000 pid=5294 /tmp/x net zombie guuid=852afdb9-1e00-0000-2e3b-52b7ad140000 pid=5293->guuid=c9687e25-2100-0000-2e3b-52b7ae140000 pid=5294 clone guuid=c9687e25-2100-0000-2e3b-52b7ae140000 pid=5294->392a06eb-e686-5378-bd7e-8ba15cc8e775 con guuid=76159925-2100-0000-2e3b-52b7b0140000 pid=5296 /tmp/x guuid=c9687e25-2100-0000-2e3b-52b7ae140000 pid=5294->guuid=76159925-2100-0000-2e3b-52b7b0140000 pid=5296 clone guuid=0b7d8b25-2100-0000-2e3b-52b7af140000 pid=5295->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 145B guuid=d460452d-2100-0000-2e3b-52b7b1140000 pid=5297->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 94B guuid=b6601336-2100-0000-2e3b-52b7b3140000 pid=5299->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b6601336-2100-0000-2e3b-52b7b3140000 pid=5299->836dce14-4611-5ec0-94fd-a9232d5a3558 con guuid=f905c2a2-2300-0000-2e3b-52b7b4140000 pid=5300 /tmp/x guuid=b6601336-2100-0000-2e3b-52b7b3140000 pid=5299->guuid=f905c2a2-2300-0000-2e3b-52b7b4140000 pid=5300 clone guuid=63ecd3a2-2300-0000-2e3b-52b7b6140000 pid=5302 /tmp/x guuid=f905c2a2-2300-0000-2e3b-52b7b4140000 pid=5300->guuid=63ecd3a2-2300-0000-2e3b-52b7b6140000 pid=5302 clone guuid=ad4bd0a2-2300-0000-2e3b-52b7b5140000 pid=5301->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 145B guuid=26270eab-2300-0000-2e3b-52b7b7140000 pid=5303->a0ec741e-5a82-5030-9c9a-d151fb834577 send: 94B guuid=234fbbb5-2300-0000-2e3b-52b7b9140000 pid=5305->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=234fbbb5-2300-0000-2e3b-52b7b9140000 pid=5305->836dce14-4611-5ec0-94fd-a9232d5a3558 con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/a92fa2829498349661641378a4bb8d85a46fab5bd96af87c26e490f32cae63cd
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a92fa2829498349661641378a4bb8d85a46fab5bd96af87c26e490f32cae63cd/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/a92fa2829498349661641378a4bb8d85a46fab5bd96af87c26e490f32cae63cd
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-04-24 07:34:30 UTC
File Type:
Text (Shell)
AV detection:
9 of 38 (23.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vex2fauuta2jmylecn4kjo4nqwsg7k233fvpq7bg4sipglfompgq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/260424-jezkeabv7y/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a92fa2829498349661641378a4bb8d85a46fab5bd96af87c26e490f32cae63cd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh a92fa2829498349661641378a4bb8d85a46fab5bd96af87c26e490f32cae63cd

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3830161/
  
Delivery method
Distributed via web download

Comments