MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3ace418b3a4d3bf27aaeb4aa5ba4909b1f1590b9cbedf58a3d5f5b3f1776c15. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3ace418b3a4d3bf27aaeb4aa5ba4909b1f1590b9cbedf58a3d5f5b3f1776c15
SHA3-384 hash: 3f2f4e064720e5c0143531df19da542b76fa543608b25e27d98ad6757d2976ef75b4d54ff2c16b5fe6d9fdeb8a5babcf
SHA1 hash: fdfbdb5022500953d96b2d4de1d9ace18075e581
MD5 hash: 509d49bd308af7b48e3ce999baca75b4
humanhash: neptune-kitten-quiet-south
File name:loader.sh
Download: download sample
File size:1'971 bytes
First seen:2026-04-14 05:31:29 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:xVdxxzGG1eCFeZdzVKN5Q1f/neHuDmmlBFInKIYgQAul4N7vGxQ:DdnIu2mQlGaL2nKI3QaTGC
TLSH T1A841ACCA7AA3D97197C7C4381FDAE501E35624430996A998B08EBC303F69520FCB1E56
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter adliwahid

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
NL NL
Vendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-04-13T00:02:00Z UTC
Last seen:
2026-04-14T10:40:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/b3ace418b3a4d3bf27aaeb4aa5ba4909b1f1590b9cbedf58a3d5f5b3f1776c15/results?tab=lookup
Score:
36%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/b3ace418b3a4d3bf27aaeb4aa5ba4909b1f1590b9cbedf58a3d5f5b3f1776c15
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b3ace418b3a4d3bf27aaeb4aa5ba4909b1f1590b9cbedf58a3d5f5b3f1776c15/
Verdict:
Malicious
Threat:
NetTool.Wget.HTTP
Link:
https://tip.neiki.dev/file/b3ace418b3a4d3bf27aaeb4aa5ba4909b1f1590b9cbedf58a3d5f5b3f1776c15
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wowoigftutj36j5k5nfklosjbgy7cwilts7n6wfd2x23h4lxnqkq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery execution linux persistence privilege_escalation
Link:
https://tria.ge/reports/260414-f77vpsf12v/
Behaviour
GoLang User-Agent
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to shm directory
Writes file to tmp directory
Creates/modifies Cron job
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/b3ace418b3a4d3bf27aaeb4aa5ba4909b1f1590b9cbedf58a3d5f5b3f1776c15

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments