MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cccadb52201856dff286e39056d842e66059b9480571e0a9bf12682cda437b77. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cccadb52201856dff286e39056d842e66059b9480571e0a9bf12682cda437b77
SHA3-384 hash: 370ff60f7263c6d21d1c524dce3a8c15a387bce3be2edff2498fdad9538da48d7666e21e01c6c55b96df40f185ac3377
SHA1 hash: 058b4939bbe47562205b4f4e3ef8d84f2e8d8ddc
MD5 hash: f0ffe8d2056e158c5199ef8deed82b9d
humanhash: emma-crazy-william-london
File name:WJI3TGgyScvey8JZWILUII8yw0j29zrx.sh
Download: download sample
File size:12'892 bytes
First seen:2026-05-17 20:21:10 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 192:9+Q9CDLt8dlERAIe3hth91LuoWDFk9JOjBV285yu/+rFVQLkQ1lxlV2:9+QAOyA33hPfLziFk9JOjXJKFVj6K
TLSH T16B42B8649DA29DF002E8924EB5C8D462307422170DE87C2E72BE97187F7827C73B625E
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter cocaman
Tags:ClickFix crypto macOS sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
CH CH
Vendor Threat Intelligence
No detections
Verdict:
Unknown
Threat level:
  2.5/10
Confidence:
100%
Tags:
bash lolbin
Link:
https://www.filescan.io/uploads/6a0a234b861ee596e63a218a/reports/71f39790-c087-4a9a-82e0-0999cdba96e5/overview
Verdict:
Clean
File Type:
unix shell
Link:
https://opentip.kaspersky.com/cccadb52201856dff286e39056d842e66059b9480571e0a9bf12682cda437b77/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1653ac07-7689-449f-9e26-85d2dea06421
Behavior Graph:
Download SVG
%3 guuid=c0bbfc88-1600-0000-a415-c2525a0d0000 pid=3418 /usr/bin/sudo guuid=a33ed18a-1600-0000-a415-c252610d0000 pid=3425 /tmp/sample.bin guuid=c0bbfc88-1600-0000-a415-c2525a0d0000 pid=3418->guuid=a33ed18a-1600-0000-a415-c252610d0000 pid=3425 execve guuid=3d43bd8b-1600-0000-a415-c252650d0000 pid=3429 /usr/bin/curl net send-data guuid=a33ed18a-1600-0000-a415-c252610d0000 pid=3425->guuid=3d43bd8b-1600-0000-a415-c252650d0000 pid=3429 execve 0ead8e3b-165c-5e27-98c9-ef454d8ed14b aurora.fizzydragonwinknoodl.es:443 guuid=3d43bd8b-1600-0000-a415-c252650d0000 pid=3429->0ead8e3b-165c-5e27-98c9-ef454d8ed14b send: 988B guuid=3d43bd8b-1600-0000-a415-c252650d0000 pid=3443 /usr/bin/curl dns net send-data guuid=3d43bd8b-1600-0000-a415-c252650d0000 pid=3429->guuid=3d43bd8b-1600-0000-a415-c252650d0000 pid=3443 clone guuid=3d43bd8b-1600-0000-a415-c252650d0000 pid=3443->0ead8e3b-165c-5e27-98c9-ef454d8ed14b con 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=3d43bd8b-1600-0000-a415-c252650d0000 pid=3443->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 96B
Score:
11%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/cccadb52201856dff286e39056d842e66059b9480571e0a9bf12682cda437b77
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cccadb52201856dff286e39056d842e66059b9480571e0a9bf12682cda437b77/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/cccadb52201856dff286e39056d842e66059b9480571e0a9bf12682cda437b77
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-05-17 20:21:43 UTC
File Type:
Text (Shell)
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ztfnwuradbln74ug4oifnwcc4zqftokiavy6bkn7cjuczwsdpn3q._file
Result
Malware family:
n/a
Score:
  4/10
Tags:
antivm discovery linux
Link:
https://tria.ge/reports/260517-y5dsysgv9n/
Behaviour
Reads runtime system information
Checks CPU configuration
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/cccadb52201856dff286e39056d842e66059b9480571e0a9bf12682cda437b77

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments