MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 cd8d8805d96110ebeaf017938eaa8fa9dbd3dcf9eb5bf12c950f4d687ceba7e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 7
| SHA256 hash: | cd8d8805d96110ebeaf017938eaa8fa9dbd3dcf9eb5bf12c950f4d687ceba7e7 |
|---|---|
| SHA3-384 hash: | 3de4af7571ae33d254f4fd5c79fecc6e28ed7008e023b9a6db26c55de4c7bb7d80ad9e0bb2febd9867ca5804d285ab9e |
| SHA1 hash: | 96241f02dc3d8a944af4b5f90ee6192ba5cac535 |
| MD5 hash: | 07c92cbf0082c567930ecd4be12ca8dd |
| humanhash: | missouri-nineteen-equal-item |
| File name: | x |
| Download: | download sample |
| File size: | 26'258 bytes |
| First seen: | 2026-07-04 08:42:46 UTC |
| Last seen: | 2026-07-04 13:15:48 UTC |
| File type: | sh |
| MIME type: | text/x-shellscript |
| ssdeep | 384:NVcud3s1Bu7isjsKG6q/A4UAbMdhQuW57:cQsBlUMdUA4z4 |
| TLSH | T18BC2F1F1F8ECA435369D853ABB9CA805A9CF7C2F4DA77D2014575938421CB1DA019B3E |
| TrID | 70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1) |
| Magika | shell |
| Reporter | |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://160.119.69.4/k.php | n/a | n/a | n/a |
| http://160.119.69.4/ | n/a | n/a | n/a |
Intelligence
File Origin
# of uploads :
2
# of downloads :
45
Origin country :
DEVendor Threat Intelligence
No detections
Detection(s):
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
base64 bash downloader dropper evasive lolbin mirai obfuscated obfuscated
Verdict:
Malicious
File Type:
unix shell
Status:
Failed
Score:
87%
Verdict:
Malware
File Type:
SCRIPT
Verdict:
Malicious
Threat:
NetTool.Wget.HTTP
Threat name:
Script-BAT.Trojan.Heuristic
Status:
Malicious
First seen:
2026-07-04 08:43:42 UTC
File Type:
Text (Shell)
AV detection:
7 of 36 (19.44%)
Threat level:
2/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
8/10
Tags:
credential_access defense_evasion discovery execution linux persistence privilege_escalation
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Deobfuscate/Decode Files or Information
Creates .desktop file
Modifies Bash startup script
Adds a user to the system
Creates/modifies Cron job
Creates/modifies environment variables
Deletes log files
Enumerates running processes
Modifies rc script
Deletes Audit logs
Deletes system logs
OS Credential Dumping
Modifies password files for system users/ groups
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh cd8d8805d96110ebeaf017938eaa8fa9dbd3dcf9eb5bf12c950f4d687ceba7e7
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.