MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c308e27636663b280698ddb93f7b1b513159df2058a4a37dc3a371c70f7d9120. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c308e27636663b280698ddb93f7b1b513159df2058a4a37dc3a371c70f7d9120
SHA3-384 hash: 61ef0deac83d7abee503fcd0b94c35d87621cfed1f9796a6de6a0801697be568807ce5890dab871db621397d37363305
SHA1 hash: 016dbb6e84bd4bf4ea65b32dfa329e6d54c99ed3
MD5 hash: 9d7d0f73eb7ef174dc379655a52f8441
humanhash: burger-white-quebec-beryllium
File name:bbc
Download: download sample
File size:508 bytes
First seen:2026-03-12 20:37:26 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 6:hLgjJ5Ja/+YcLN7+Y3JMF/+Ye0IdyJ44LIXLoO4eGLw+v+YdF/vNnQz2JMIykwFG:lSjkOLZpqjW3bo/8pqF82Q/NiT+XLQ
TLSH T1A2F0270FA04BF03AD04019E8AB61FB6AAC30B86B6263CE8C78407A10FFD74347862640
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://5.175.223.124/n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.2531.28121.12259.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/c308e27636663b280698ddb93f7b1b513159df2058a4a37dc3a371c70f7d9120
Verdict:
Malicious
File Type:
unix shell
Link:
https://opentip.kaspersky.com/c308e27636663b280698ddb93f7b1b513159df2058a4a37dc3a371c70f7d9120/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/9019de25-e4f9-40b0-b675-c3ab832da45d
Behavior Graph:
Download SVG
%3 guuid=a473ee01-1700-0000-a71e-81798d0e0000 pid=3725 /usr/bin/sudo guuid=45685604-1700-0000-a71e-8179990e0000 pid=3737 /tmp/sample.bin guuid=a473ee01-1700-0000-a71e-81798d0e0000 pid=3725->guuid=45685604-1700-0000-a71e-8179990e0000 pid=3737 execve guuid=878ea204-1700-0000-a71e-81799b0e0000 pid=3739 /usr/bin/uname guuid=45685604-1700-0000-a71e-8179990e0000 pid=3737->guuid=878ea204-1700-0000-a71e-81799b0e0000 pid=3739 execve guuid=d277f204-1700-0000-a71e-81799c0e0000 pid=3740 /usr/bin/rm guuid=45685604-1700-0000-a71e-8179990e0000 pid=3737->guuid=d277f204-1700-0000-a71e-81799c0e0000 pid=3740 execve guuid=4d625505-1700-0000-a71e-81799d0e0000 pid=3741 /usr/bin/busybox net send-data write-file guuid=45685604-1700-0000-a71e-8179990e0000 pid=3737->guuid=4d625505-1700-0000-a71e-81799d0e0000 pid=3741 execve guuid=7df07715-1700-0000-a71e-8179cc0e0000 pid=3788 /usr/bin/chmod guuid=45685604-1700-0000-a71e-8179990e0000 pid=3737->guuid=7df07715-1700-0000-a71e-8179cc0e0000 pid=3788 execve guuid=09f4ca15-1700-0000-a71e-8179cd0e0000 pid=3789 /tmp/data.x86_64 net guuid=45685604-1700-0000-a71e-8179990e0000 pid=3737->guuid=09f4ca15-1700-0000-a71e-8179cd0e0000 pid=3789 execve guuid=5f3c0216-1700-0000-a71e-8179d10e0000 pid=3793 /usr/bin/rm delete-file guuid=45685604-1700-0000-a71e-8179990e0000 pid=3737->guuid=5f3c0216-1700-0000-a71e-8179d10e0000 pid=3793 execve guuid=6df26a16-1700-0000-a71e-8179d40e0000 pid=3796 /usr/bin/rm delete-file guuid=45685604-1700-0000-a71e-8179990e0000 pid=3737->guuid=6df26a16-1700-0000-a71e-8179d40e0000 pid=3796 execve 5668ce23-1c09-5b92-b500-f59a8ec6b05f 5.175.223.124:80 guuid=4d625505-1700-0000-a71e-81799d0e0000 pid=3741->5668ce23-1c09-5b92-b500-f59a8ec6b05f send: 87B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=09f4ca15-1700-0000-a71e-8179cd0e0000 pid=3789->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4db7f415-1700-0000-a71e-8179cf0e0000 pid=3791 /tmp/data.x86_64 zombie guuid=09f4ca15-1700-0000-a71e-8179cd0e0000 pid=3789->guuid=4db7f415-1700-0000-a71e-8179cf0e0000 pid=3791 clone guuid=f649ff15-1700-0000-a71e-8179d00e0000 pid=3792 /tmp/data.x86_64 write-file zombie guuid=4db7f415-1700-0000-a71e-8179cf0e0000 pid=3791->guuid=f649ff15-1700-0000-a71e-8179d00e0000 pid=3792 clone guuid=5cf0ee16-1700-0000-a71e-8179d70e0000 pid=3799 /tmp/data.x86_64 net send-data zombie guuid=f649ff15-1700-0000-a71e-8179d00e0000 pid=3792->guuid=5cf0ee16-1700-0000-a71e-8179d70e0000 pid=3799 clone guuid=5cf0ee16-1700-0000-a71e-8179d70e0000 pid=3799->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 35B 79330709-4ba7-5769-b683-21ef3c41191a 45.131.65.74:8082 guuid=5cf0ee16-1700-0000-a71e-8179d70e0000 pid=3799->79330709-4ba7-5769-b683-21ef3c41191a send: 14B guuid=5cf0ee16-1700-0000-a71e-8179d70e0000 pid=3800 /tmp/data.x86_64 guuid=5cf0ee16-1700-0000-a71e-8179d70e0000 pid=3799->guuid=5cf0ee16-1700-0000-a71e-8179d70e0000 pid=3800 clone guuid=252dfc16-1700-0000-a71e-8179d90e0000 pid=3801 /tmp/data.x86_64 net write-file guuid=5cf0ee16-1700-0000-a71e-8179d70e0000 pid=3799->guuid=252dfc16-1700-0000-a71e-8179d90e0000 pid=3801 clone guuid=08479f17-1700-0000-a71e-8179dc0e0000 pid=3804 /usr/bin/dash guuid=5cf0ee16-1700-0000-a71e-8179d70e0000 pid=3799->guuid=08479f17-1700-0000-a71e-8179dc0e0000 pid=3804 execve guuid=cb917a23-1700-0000-a71e-8179140f0000 pid=3860 /usr/bin/dash guuid=5cf0ee16-1700-0000-a71e-8179d70e0000 pid=3799->guuid=cb917a23-1700-0000-a71e-8179140f0000 pid=3860 execve a15c7036-706e-5ee9-888f-734cbb9e72e7 127.0.0.1:30565 guuid=252dfc16-1700-0000-a71e-8179d90e0000 pid=3801->a15c7036-706e-5ee9-888f-734cbb9e72e7 con guuid=35884119-1700-0000-a71e-8179e70e0000 pid=3815 /usr/sbin/xtables-nft-multi guuid=08479f17-1700-0000-a71e-8179dc0e0000 pid=3804->guuid=35884119-1700-0000-a71e-8179e70e0000 pid=3815 execve guuid=5c7fa523-1700-0000-a71e-8179160f0000 pid=3862 /usr/sbin/xtables-nft-multi guuid=cb917a23-1700-0000-a71e-8179140f0000 pid=3860->guuid=5c7fa523-1700-0000-a71e-8179160f0000 pid=3862 execve
Score:
30%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/c308e27636663b280698ddb93f7b1b513159df2058a4a37dc3a371c70f7d9120
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c308e27636663b280698ddb93f7b1b513159df2058a4a37dc3a371c70f7d9120/
Threat name:
Script.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2026-03-12 21:14:11 UTC
File Type:
Text (Shell)
AV detection:
11 of 38 (28.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ymeoe5rwmy5sqbuy3w4t66y3keyvtxzalcskg7oduny4od35seqa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.26
Link:
https://yomi.yoroi.company/submissions/c308e27636663b280698ddb93f7b1b513159df2058a4a37dc3a371c70f7d9120

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh c308e27636663b280698ddb93f7b1b513159df2058a4a37dc3a371c70f7d9120

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3794794/
  
Delivery method
Distributed via web download

Comments