MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 b6131abb571de6fc16ce22c3c9deefdbf82b43418f0ec9758e4cafdbf434da4f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 4
| SHA256 hash: | b6131abb571de6fc16ce22c3c9deefdbf82b43418f0ec9758e4cafdbf434da4f |
|---|---|
| SHA3-384 hash: | ea2a73a01111e70d6e2ed8e7a39026a7f98e163e33441ed032ef9f58c6401d33c516a6aa3714389f639f4d02779c24ef |
| SHA1 hash: | b4dec53ccccf7cb8e4af5de1af446791af116f5d |
| MD5 hash: | 2736bc40812cfd5a0ee6858be84b984d |
| humanhash: | glucose-bravo-vermont-twenty |
| File name: | x640 |
| Download: | download sample |
| File size: | 131 bytes |
| First seen: | 2026-06-29 18:23:27 UTC |
| Last seen: | 2026-06-30 20:14:57 UTC |
| File type: | sh |
| MIME type: | text/x-shellscript |
| ssdeep | 3:TKH/Zqz331IcqSdr35QX/tz331IcqyB2XX5H/9:oqzHycqKr+vtzHycqyBi51 |
| TLSH | T11BC04CDA1050194EAA26EA04B6616273403E559535941208A4519C03284EA54F7A89C6 |
| TrID | 70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1) |
| Magika | shell |
| Reporter | |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://69.169.99.158:7100/lKzmNXeqFe/x521 | n/a | n/a | xmrig |
| http://69.169.99.158:7100/WTogA9Ctxs/x522 | n/a | n/a | xmrig |
Intelligence
File Origin
# of uploads :
3
# of downloads :
8
Origin country :
IEVendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-06-29T15:04:00Z UTC
Last seen:
2026-06-30T02:26:00Z UTC
Hits:
~10
Status:
Failed
Score:
51%
Verdict:
Susipicious
File Type:
SCRIPT
Gathering data
Detection(s):
Suspicious file
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh b6131abb571de6fc16ce22c3c9deefdbf82b43418f0ec9758e4cafdbf434da4f
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.