MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c9dad3a2400cbe35eb3a4202aa1f3228619df988f14eae0a12b1425098cafab1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: c9dad3a2400cbe35eb3a4202aa1f3228619df988f14eae0a12b1425098cafab1
SHA3-384 hash: 52eb60e627df887c1cf3101039c10ef72cb1d7669f3383220c82da6bb0faa498b87d49d358301ad6080a5187cb6bc908
SHA1 hash: 17c40942b11a15053a39bbaf6def5757ebcb4bd3
MD5 hash: 6f12630c1ac001e712ff5bfbdb004122
humanhash: orange-emma-music-oscar
File name:sys
Download: download sample
File size:6'138 bytes
First seen:2026-01-11 17:52:26 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:4MdegS3GnsMuy0Q9KxHFG4g0LBupetOwKNvzFzqA9YWcWnQsEWJpdMk7V+LLjyb9:ddFuO9Y4lHAtOv+Q3QsPJpd5+C5Itkh7
TLSH T114C1FDE2FDA19830325DC1B9F68A5161FA9A293F48267E28344F9C342F2D358436D377
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
36
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
bash fingerprint lolbin
Link:
https://www.filescan.io/uploads/6963e39607ef5fa68e847a60/reports/38490163-51cd-490a-9a6b-83bd1358615b/overview
Verdict:
Clean
File Type:
unix shell
First seen:
2026-01-11T15:01:00Z UTC
Last seen:
2026-01-12T17:15:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/c9dad3a2400cbe35eb3a4202aa1f3228619df988f14eae0a12b1425098cafab1/results?tab=lookup
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/c9dad3a2400cbe35eb3a4202aa1f3228619df988f14eae0a12b1425098cafab1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/c9dad3a2400cbe35eb3a4202aa1f3228619df988f14eae0a12b1425098cafab1/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/c9dad3a2400cbe35eb3a4202aa1f3228619df988f14eae0a12b1425098cafab1
Threat name:
Text.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-01-11 17:53:26 UTC
File Type:
Text (Shell)
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zhnnhisabs7dl2z2iibkuhzsfbqz36mi6fhk4cqswfbfbggk7kyq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm credential_access defense_evasion discovery linux privilege_escalation
Link:
https://tria.ge/reports/260111-wghe5abv3d/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
Reads CPU attributes
Virtualization/Sandbox Evasion: Time Based Evasion
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Modifies sudoers policy
OS Credential Dumping
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.89
Link:
https://yomi.yoroi.company/submissions/c9dad3a2400cbe35eb3a4202aa1f3228619df988f14eae0a12b1425098cafab1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh c9dad3a2400cbe35eb3a4202aa1f3228619df988f14eae0a12b1425098cafab1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3751721/
  
Delivery method
Distributed via web download

Comments