MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 debaf394b5a4dbc06ca03ae271fc59f6800ee261511239100120561cbc1d1200. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: debaf394b5a4dbc06ca03ae271fc59f6800ee261511239100120561cbc1d1200
SHA3-384 hash: 524a9c7d64881231024aa90dcfae9cecec86a469c4da2824db715b8907ca8eb43389d5d17c36cd0a0708d3488a40741b
SHA1 hash: 4ff8491aac50bd998a5ff0b003130b034c879715
MD5 hash: 1c181d293749213c71da70d763fbf381
humanhash: arkansas-early-island-table
File name:debaf394b5a4dbc06ca03ae271fc59f6800ee261511239100120561cbc1d1200
Download: download sample
File size:743 bytes
First seen:2026-04-01 10:28:52 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:Sjly97dG3BCFrCR5V3FHYfDlKpFeixnLQmT/adGXhG1ugykYP9RcADB73O9y:OUxdGxCFm51EDlgNjTidGXhGIBFVR98c
TLSH T14C0110FE783234B25F5385EA9D5355970976D37F4FD02DAC28E9873414AD010A13222D
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter JAMESWT_WT
Tags:pilautfile-com sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
48
Origin country :
IT IT
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.MacOS.Stealer-HG.47578658.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
evasive stealer threat unknown
Link:
https://www.filescan.io/uploads/69ccf37f2346b9da57b67b2e/reports/08550f6f-c983-44d1-b46a-4da404129e91/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-03-27T09:15:00Z UTC
Last seen:
2026-04-01T09:38:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/debaf394b5a4dbc06ca03ae271fc59f6800ee261511239100120561cbc1d1200/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/93731851-05c0-46e7-aa0e-3fe165307231
Behavior Graph:
Download SVG
%3 guuid=be249116-1a00-0000-f4f3-f6efca080000 pid=2250 /usr/bin/sudo guuid=8777cc18-1a00-0000-f4f3-f6efd0080000 pid=2256 /tmp/sample.bin guuid=be249116-1a00-0000-f4f3-f6efca080000 pid=2250->guuid=8777cc18-1a00-0000-f4f3-f6efd0080000 pid=2256 execve guuid=535b4419-1a00-0000-f4f3-f6efd1080000 pid=2257 /usr/bin/bash guuid=8777cc18-1a00-0000-f4f3-f6efd0080000 pid=2256->guuid=535b4419-1a00-0000-f4f3-f6efd1080000 pid=2257 clone guuid=22702f1a-1a00-0000-f4f3-f6efd6080000 pid=2262 /usr/bin/hostname guuid=8777cc18-1a00-0000-f4f3-f6efd0080000 pid=2256->guuid=22702f1a-1a00-0000-f4f3-f6efd6080000 pid=2262 execve guuid=fcd76f1a-1a00-0000-f4f3-f6efd7080000 pid=2263 /usr/bin/bash guuid=8777cc18-1a00-0000-f4f3-f6efd0080000 pid=2256->guuid=fcd76f1a-1a00-0000-f4f3-f6efd7080000 pid=2263 clone guuid=0a60a238-1a00-0000-f4f3-f6ef0b090000 pid=2315 /usr/bin/bash guuid=8777cc18-1a00-0000-f4f3-f6efd0080000 pid=2256->guuid=0a60a238-1a00-0000-f4f3-f6ef0b090000 pid=2315 clone guuid=d729cd38-1a00-0000-f4f3-f6ef0c090000 pid=2316 /usr/bin/curl net send-data guuid=8777cc18-1a00-0000-f4f3-f6efd0080000 pid=2256->guuid=d729cd38-1a00-0000-f4f3-f6ef0c090000 pid=2316 execve guuid=6626d551-1a00-0000-f4f3-f6ef36090000 pid=2358 /usr/bin/bash guuid=8777cc18-1a00-0000-f4f3-f6efd0080000 pid=2256->guuid=6626d551-1a00-0000-f4f3-f6ef36090000 pid=2358 clone guuid=87238f19-1a00-0000-f4f3-f6efd2080000 pid=2258 /usr/bin/bash guuid=535b4419-1a00-0000-f4f3-f6efd1080000 pid=2257->guuid=87238f19-1a00-0000-f4f3-f6efd2080000 pid=2258 clone guuid=cb71a419-1a00-0000-f4f3-f6efd4080000 pid=2260 /usr/bin/mawk guuid=535b4419-1a00-0000-f4f3-f6efd1080000 pid=2257->guuid=cb71a419-1a00-0000-f4f3-f6efd4080000 pid=2260 execve guuid=b392841a-1a00-0000-f4f3-f6efd8080000 pid=2264 /usr/bin/curl net send-data guuid=fcd76f1a-1a00-0000-f4f3-f6efd7080000 pid=2263->guuid=b392841a-1a00-0000-f4f3-f6efd8080000 pid=2264 execve 71d5fbeb-6e3e-587d-bea9-4cc9e23c5081 api.ipify.org:443 guuid=b392841a-1a00-0000-f4f3-f6efd8080000 pid=2264->71d5fbeb-6e3e-587d-bea9-4cc9e23c5081 send: 775B guuid=b392841a-1a00-0000-f4f3-f6efd8080000 pid=2282 /usr/bin/curl dns net send-data guuid=b392841a-1a00-0000-f4f3-f6efd8080000 pid=2264->guuid=b392841a-1a00-0000-f4f3-f6efd8080000 pid=2282 clone guuid=b392841a-1a00-0000-f4f3-f6efd8080000 pid=2282->71d5fbeb-6e3e-587d-bea9-4cc9e23c5081 con 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=b392841a-1a00-0000-f4f3-f6efd8080000 pid=2282->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 62B 54920ffe-aefd-5a31-b18f-d386b2322b17 pilautfile.com:443 guuid=d729cd38-1a00-0000-f4f3-f6ef0c090000 pid=2316->54920ffe-aefd-5a31-b18f-d386b2322b17 send: 988B guuid=d729cd38-1a00-0000-f4f3-f6ef0c090000 pid=2326 /usr/bin/curl dns net send-data guuid=d729cd38-1a00-0000-f4f3-f6ef0c090000 pid=2316->guuid=d729cd38-1a00-0000-f4f3-f6ef0c090000 pid=2326 clone guuid=d729cd38-1a00-0000-f4f3-f6ef0c090000 pid=2326->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 64B guuid=d729cd38-1a00-0000-f4f3-f6ef0c090000 pid=2326->54920ffe-aefd-5a31-b18f-d386b2322b17 con guuid=ba10e851-1a00-0000-f4f3-f6ef38090000 pid=2360 /usr/bin/bash guuid=6626d551-1a00-0000-f4f3-f6ef36090000 pid=2358->guuid=ba10e851-1a00-0000-f4f3-f6ef38090000 pid=2360 clone guuid=c7b4f251-1a00-0000-f4f3-f6ef39090000 pid=2361 /usr/bin/sed guuid=6626d551-1a00-0000-f4f3-f6ef36090000 pid=2358->guuid=c7b4f251-1a00-0000-f4f3-f6ef39090000 pid=2361 execve
Score:
17%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/debaf394b5a4dbc06ca03ae271fc59f6800ee261511239100120561cbc1d1200
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/debaf394b5a4dbc06ca03ae271fc59f6800ee261511239100120561cbc1d1200/
Threat name:
MacOS.Trojan.SuspMalScript
Create hunting rule
Status:
Malicious
First seen:
2026-03-27 14:24:56 UTC
File Type:
Text (Shell)
AV detection:
12 of 36 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=325phffvutn4a3fahlrhd7cz62aa5ytbkejdseabeblbzpa5ciaa._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
antivm discovery linux
Link:
https://tria.ge/reports/260401-mjc4raet2t/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Checks CPU configuration
Looks up external IP address via web service
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.05
Link:
https://yomi.yoroi.company/submissions/debaf394b5a4dbc06ca03ae271fc59f6800ee261511239100120561cbc1d1200

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments