MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d60bb0e5c7e4b2cc10b480eda59bb666c272ff272454a394f6ab61e9d554b4a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d60bb0e5c7e4b2cc10b480eda59bb666c272ff272454a394f6ab61e9d554b4a0
SHA3-384 hash: 874ac531fffe04c3bd684641895d01c49fdb4e426f7498d883de92046eaac2ccfe3e12312bdfbfcd95acb5c714bc0a80
SHA1 hash: 83e80fafca27f7aa6ddc4eecbbe69df5a4d9c880
MD5 hash: 8cd04ba6b35fcbfef6530e4e6e4f8c78
humanhash: stream-coffee-dakota-equal
File name:bee
Download: download sample
File size:871 bytes
First seen:2025-12-24 09:13:15 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:6d2thCt74tZe6tuNIf+tOKbpt9/zgstpNtIYc:G2PCB4Xe6x+AmpL/zgsPNWYc
TLSH T198110CCF1057A722114CBDC3F0A328C0A24196B31BBF5AE69A9749674BC8F047BE9E15
Magika html
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.12.180.132/87sbhas6as.x86n/an/aelf ua-wget
http://130.12.180.132/87sbhas6as.armn/an/aelf ua-wget
http://130.12.180.132/87sbhas6as.arm4n/an/aelf ua-wget
http://130.12.180.132/87sbhas6as.arm5n/an/aelf ua-wget
http://130.12.180.132/87sbhas6as.arm6n/an/aelf ua-wget
http://130.12.180.132/87sbhas6as.arm7n/an/aelf ua-wget
http://130.12.180.132/87sbhas6as.sh4n/an/aelf ua-wget
http://130.12.180.132/87sbhas6as.mipsn/an/aelf ua-wget
http://130.12.180.132/87sbhas6as.mpsln/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
27
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/d60bb0e5c7e4b2cc10b480eda59bb666c272ff272454a394f6ab61e9d554b4a0
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/472bdbf8-ea7a-4c15-8674-35ecdcacd06a
Behavior Graph:
Download SVG
%3 guuid=3a028cb4-1b00-0000-0759-f9725b0b0000 pid=2907 /usr/bin/sudo guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915 /tmp/sample.bin guuid=3a028cb4-1b00-0000-0759-f9725b0b0000 pid=2907->guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915 execve guuid=b30433b8-1b00-0000-0759-f972640b0000 pid=2916 /usr/bin/wget net send-data guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=b30433b8-1b00-0000-0759-f972640b0000 pid=2916 execve guuid=c196edbd-1b00-0000-0759-f9726f0b0000 pid=2927 /usr/bin/chmod guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=c196edbd-1b00-0000-0759-f9726f0b0000 pid=2927 execve guuid=7af277be-1b00-0000-0759-f972700b0000 pid=2928 /usr/bin/dash guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=7af277be-1b00-0000-0759-f972700b0000 pid=2928 clone guuid=4a2999be-1b00-0000-0759-f972710b0000 pid=2929 /usr/bin/wget net send-data guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=4a2999be-1b00-0000-0759-f972710b0000 pid=2929 execve guuid=a710c9c1-1b00-0000-0759-f972760b0000 pid=2934 /usr/bin/chmod guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=a710c9c1-1b00-0000-0759-f972760b0000 pid=2934 execve guuid=cb6307c2-1b00-0000-0759-f972780b0000 pid=2936 /usr/bin/dash guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=cb6307c2-1b00-0000-0759-f972780b0000 pid=2936 clone guuid=64990dc2-1b00-0000-0759-f972790b0000 pid=2937 /usr/bin/wget net send-data guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=64990dc2-1b00-0000-0759-f972790b0000 pid=2937 execve guuid=819604c5-1b00-0000-0759-f9727d0b0000 pid=2941 /usr/bin/chmod guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=819604c5-1b00-0000-0759-f9727d0b0000 pid=2941 execve guuid=4210d5c5-1b00-0000-0759-f9727e0b0000 pid=2942 /usr/bin/dash guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=4210d5c5-1b00-0000-0759-f9727e0b0000 pid=2942 clone guuid=86ddfbc5-1b00-0000-0759-f9727f0b0000 pid=2943 /usr/bin/wget net send-data guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=86ddfbc5-1b00-0000-0759-f9727f0b0000 pid=2943 execve guuid=904f7bc9-1b00-0000-0759-f972840b0000 pid=2948 /usr/bin/chmod guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=904f7bc9-1b00-0000-0759-f972840b0000 pid=2948 execve guuid=5a740fca-1b00-0000-0759-f972860b0000 pid=2950 /usr/bin/dash guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=5a740fca-1b00-0000-0759-f972860b0000 pid=2950 clone guuid=917a42ca-1b00-0000-0759-f972870b0000 pid=2951 /usr/bin/wget net send-data guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=917a42ca-1b00-0000-0759-f972870b0000 pid=2951 execve guuid=51cf1bce-1b00-0000-0759-f9728c0b0000 pid=2956 /usr/bin/chmod guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=51cf1bce-1b00-0000-0759-f9728c0b0000 pid=2956 execve guuid=a71097ce-1b00-0000-0759-f9728e0b0000 pid=2958 /usr/bin/dash guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=a71097ce-1b00-0000-0759-f9728e0b0000 pid=2958 clone guuid=e11fbfce-1b00-0000-0759-f9728f0b0000 pid=2959 /usr/bin/wget net send-data guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=e11fbfce-1b00-0000-0759-f9728f0b0000 pid=2959 execve guuid=7c73ebd1-1b00-0000-0759-f972970b0000 pid=2967 /usr/bin/chmod guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=7c73ebd1-1b00-0000-0759-f972970b0000 pid=2967 execve guuid=762241d2-1b00-0000-0759-f972990b0000 pid=2969 /usr/bin/dash guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=762241d2-1b00-0000-0759-f972990b0000 pid=2969 clone guuid=bb865dd2-1b00-0000-0759-f9729a0b0000 pid=2970 /usr/bin/wget net send-data guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=bb865dd2-1b00-0000-0759-f9729a0b0000 pid=2970 execve guuid=c60236d5-1b00-0000-0759-f972a10b0000 pid=2977 /usr/bin/chmod guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=c60236d5-1b00-0000-0759-f972a10b0000 pid=2977 execve guuid=c712a5d5-1b00-0000-0759-f972a30b0000 pid=2979 /usr/bin/dash guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=c712a5d5-1b00-0000-0759-f972a30b0000 pid=2979 clone guuid=bad6b2d5-1b00-0000-0759-f972a40b0000 pid=2980 /usr/bin/wget net send-data guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=bad6b2d5-1b00-0000-0759-f972a40b0000 pid=2980 execve guuid=200d79d9-1b00-0000-0759-f972ae0b0000 pid=2990 /usr/bin/chmod guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=200d79d9-1b00-0000-0759-f972ae0b0000 pid=2990 execve guuid=b48f6cda-1b00-0000-0759-f972b00b0000 pid=2992 /usr/bin/dash guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=b48f6cda-1b00-0000-0759-f972b00b0000 pid=2992 clone guuid=6bb1a9da-1b00-0000-0759-f972b20b0000 pid=2994 /usr/bin/wget net send-data guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=6bb1a9da-1b00-0000-0759-f972b20b0000 pid=2994 execve guuid=0d9107de-1b00-0000-0759-f972ba0b0000 pid=3002 /usr/bin/chmod guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=0d9107de-1b00-0000-0759-f972ba0b0000 pid=3002 execve guuid=06b58bde-1b00-0000-0759-f972bc0b0000 pid=3004 /usr/bin/dash guuid=9f15f8b7-1b00-0000-0759-f972630b0000 pid=2915->guuid=06b58bde-1b00-0000-0759-f972bc0b0000 pid=3004 clone b104693e-fe28-56dc-bd48-05d8322e6f3c 130.12.180.132:80 guuid=b30433b8-1b00-0000-0759-f972640b0000 pid=2916->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 143B guuid=4a2999be-1b00-0000-0759-f972710b0000 pid=2929->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 143B guuid=64990dc2-1b00-0000-0759-f972790b0000 pid=2937->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 144B guuid=86ddfbc5-1b00-0000-0759-f9727f0b0000 pid=2943->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 144B guuid=917a42ca-1b00-0000-0759-f972870b0000 pid=2951->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 144B guuid=e11fbfce-1b00-0000-0759-f9728f0b0000 pid=2959->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 144B guuid=bb865dd2-1b00-0000-0759-f9729a0b0000 pid=2970->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 143B guuid=bad6b2d5-1b00-0000-0759-f972a40b0000 pid=2980->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 144B guuid=6bb1a9da-1b00-0000-0759-f972b20b0000 pid=2994->b104693e-fe28-56dc-bd48-05d8322e6f3c send: 144B
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d60bb0e5c7e4b2cc10b480eda59bb666c272ff272454a394f6ab61e9d554b4a0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d60bb0e5c7e4b2cc10b480eda59bb666c272ff272454a394f6ab61e9d554b4a0/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/d60bb0e5c7e4b2cc10b480eda59bb666c272ff272454a394f6ab61e9d554b4a0
Threat name:
Document-HTML.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-12-24 00:01:26 UTC
File Type:
Text (Shell)
AV detection:
11 of 36 (30.56%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=2yf3bzoh4szmyefuqdw2lg5wm3bhf7zherkkhfhwvnq6tvkuwsqa._file
Gathering data
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d60bb0e5c7e4b2cc10b480eda59bb666c272ff272454a394f6ab61e9d554b4a0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh d60bb0e5c7e4b2cc10b480eda59bb666c272ff272454a394f6ab61e9d554b4a0

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3741505/
  
Delivery method
Distributed via web download

Comments