MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c8844ac426e19246c8a73b9952deda131b6bb452fafe4dbb984a8895914a9046. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c8844ac426e19246c8a73b9952deda131b6bb452fafe4dbb984a8895914a9046
SHA3-384 hash: 818e2d69d689bb6d614128b05e3fd9479411e56d1f14ac71032291c7736ebf9221ac1566b4d9f31866995ab070d6d1f6
SHA1 hash: 0af4e92937c9f1a8376a56e2445d76e5156e8eb7
MD5 hash: e8fd3e778e32b7dbcca44128cd15744c
humanhash: speaker-mexico-indigo-seven
File name:watchsoftware.sh
Download: download sample
File size:4'863 bytes
First seen:2026-06-19 18:10:46 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:IzLiPYa3jvvc9TbHlLYYLOwJmwvwSmt7rzzw:I3iBT3+TbFBywQwYSYnzM
TLSH T178A194727F916B303A99C11C8A9ED252766B38BB36103868705D31907BEC71E51B2F74
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6a3586479de4cf364c0f31b5/reports/85f940f3-cba5-4452-92d8-99a05c6e1b7e/overview
Verdict:
Clean
File Type:
unix shell
Link:
https://opentip.kaspersky.com/c8844ac426e19246c8a73b9952deda131b6bb452fafe4dbb984a8895914a9046/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/6901cf61-4f4e-44c1-878c-17996eb9c3af
Behavior Graph:
Download SVG
%3 guuid=a774327a-1900-0000-a022-68fe33140000 pid=5171 /usr/bin/sudo guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172 /tmp/sample.bin write-file guuid=a774327a-1900-0000-a022-68fe33140000 pid=5171->guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172 execve guuid=f32d177e-1900-0000-a022-68fe35140000 pid=5173 /usr/bin/mkdir guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=f32d177e-1900-0000-a022-68fe35140000 pid=5173 execve guuid=72eacf7e-1900-0000-a022-68fe36140000 pid=5174 /usr/bin/date guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=72eacf7e-1900-0000-a022-68fe36140000 pid=5174 execve guuid=ab2bb77f-1900-0000-a022-68fe37140000 pid=5175 /usr/bin/date guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=ab2bb77f-1900-0000-a022-68fe37140000 pid=5175 execve guuid=c3c01d80-1900-0000-a022-68fe38140000 pid=5176 /usr/bin/date guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=c3c01d80-1900-0000-a022-68fe38140000 pid=5176 execve guuid=615aef80-1900-0000-a022-68fe39140000 pid=5177 /usr/bin/ps guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=615aef80-1900-0000-a022-68fe39140000 pid=5177 execve guuid=a1d4f780-1900-0000-a022-68fe3a140000 pid=5178 /usr/bin/grep guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=a1d4f780-1900-0000-a022-68fe3a140000 pid=5178 execve guuid=fa4c2988-1900-0000-a022-68fe3b140000 pid=5179 /usr/bin/date guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=fa4c2988-1900-0000-a022-68fe3b140000 pid=5179 execve guuid=88959e88-1900-0000-a022-68fe3c140000 pid=5180 /usr/bin/date guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=88959e88-1900-0000-a022-68fe3c140000 pid=5180 execve guuid=270e1289-1900-0000-a022-68fe3d140000 pid=5181 /usr/bin/sleep guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=270e1289-1900-0000-a022-68fe3d140000 pid=5181 execve guuid=e15be607-1d00-0000-a022-68fe5e140000 pid=5214 /usr/bin/ps guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=e15be607-1d00-0000-a022-68fe5e140000 pid=5214 execve guuid=2282f707-1d00-0000-a022-68fe5f140000 pid=5215 /usr/bin/grep guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=2282f707-1d00-0000-a022-68fe5f140000 pid=5215 execve guuid=c9a59f0b-1d00-0000-a022-68fe60140000 pid=5216 /usr/bin/date guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=c9a59f0b-1d00-0000-a022-68fe60140000 pid=5216 execve guuid=1c5f160c-1d00-0000-a022-68fe61140000 pid=5217 /usr/bin/date guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=1c5f160c-1d00-0000-a022-68fe61140000 pid=5217 execve guuid=dd08790c-1d00-0000-a022-68fe62140000 pid=5218 /usr/bin/sleep guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=dd08790c-1d00-0000-a022-68fe62140000 pid=5218 execve guuid=4152f88a-2000-0000-a022-68fe63140000 pid=5219 /usr/bin/ps guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=4152f88a-2000-0000-a022-68fe63140000 pid=5219 execve guuid=40ad048b-2000-0000-a022-68fe64140000 pid=5220 /usr/bin/grep guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=40ad048b-2000-0000-a022-68fe64140000 pid=5220 execve guuid=b3d7ea8c-2000-0000-a022-68fe65140000 pid=5221 /usr/bin/date guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=b3d7ea8c-2000-0000-a022-68fe65140000 pid=5221 execve guuid=4b89518d-2000-0000-a022-68fe66140000 pid=5222 /usr/bin/date guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=4b89518d-2000-0000-a022-68fe66140000 pid=5222 execve guuid=ba25ac8d-2000-0000-a022-68fe67140000 pid=5223 /usr/bin/sleep guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=ba25ac8d-2000-0000-a022-68fe67140000 pid=5223 execve guuid=9620450c-2400-0000-a022-68fe68140000 pid=5224 /usr/bin/ps guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=9620450c-2400-0000-a022-68fe68140000 pid=5224 execve guuid=27ea590c-2400-0000-a022-68fe69140000 pid=5225 /usr/bin/grep guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=27ea590c-2400-0000-a022-68fe69140000 pid=5225 execve guuid=77c8d80f-2400-0000-a022-68fe6a140000 pid=5226 /usr/bin/date guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=77c8d80f-2400-0000-a022-68fe6a140000 pid=5226 execve guuid=76268f10-2400-0000-a022-68fe6b140000 pid=5227 /usr/bin/date guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=76268f10-2400-0000-a022-68fe6b140000 pid=5227 execve guuid=95b42c11-2400-0000-a022-68fe6c140000 pid=5228 /usr/bin/sleep guuid=2003a47c-1900-0000-a022-68fe34140000 pid=5172->guuid=95b42c11-2400-0000-a022-68fe6c140000 pid=5228 execve
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/c8844ac426e19246c8a73b9952deda131b6bb452fafe4dbb984a8895914a9046
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c8844ac426e19246c8a73b9952deda131b6bb452fafe4dbb984a8895914a9046/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/c8844ac426e19246c8a73b9952deda131b6bb452fafe4dbb984a8895914a9046
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zccevrbg4gjensfhhomvfxw2cmnwxncs7l7e3o4yjkejlekksbda._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery linux
Link:
https://tria.ge/reports/260619-wss11abt7t/
Behaviour
Reads runtime system information
Reads CPU attributes
Enumerates running processes
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.31
Link:
https://yomi.yoroi.company/submissions/c8844ac426e19246c8a73b9952deda131b6bb452fafe4dbb984a8895914a9046

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh c8844ac426e19246c8a73b9952deda131b6bb452fafe4dbb984a8895914a9046

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3867722/
  
Delivery method
Distributed via web download

Comments