MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e9e817da7250ce513da7a70abfd339803dd8fab7612702cbbf2d37b73ad83604. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e9e817da7250ce513da7a70abfd339803dd8fab7612702cbbf2d37b73ad83604
SHA3-384 hash: 3c60e21781791fd0954c76e712b199c0216b44fe010c3f967360dd39197ec3749a78430c5a8e46a7c390a17403f2de4e
SHA1 hash: 33d0031f86e4d6146e6d016e23468ed35bd72385
MD5 hash: 3490febff3213745c28d857a73dd4214
humanhash: kilo-twelve-coffee-seven
File name:bins.sh
Download: download sample
File size:1'254 bytes
First seen:2026-03-06 13:50:44 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:8R49sDMYrlG8MYBzMYCiMY19MYcwMYTTMYu0MMMY7s/MYn/MYyJMYFIkE+D+17t7:D05rlG85Bz5Ci5195cw5TT5u1M57s/5n
TLSH T147219B5F6452C03276C3107FABEBF1A0B87620471091CD28B89F3A467F69C512D1294B
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
45
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69aadbd297feb4afd66fe713/reports/bf9c5ea5-8508-4784-8d12-cb42e57175fa/overview
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.gen
Link:
https://opentip.kaspersky.com/e9e817da7250ce513da7a70abfd339803dd8fab7612702cbbf2d37b73ad83604/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b2e6737c-0d9f-4c37-9016-210fa92deb9e
Behavior Graph:
Download SVG
%3 guuid=5f620aa6-1600-0000-051a-3822690f0000 pid=3945 /usr/bin/sudo guuid=834759a8-1600-0000-051a-3822750f0000 pid=3957 /tmp/sample.bin guuid=5f620aa6-1600-0000-051a-3822690f0000 pid=3945->guuid=834759a8-1600-0000-051a-3822750f0000 pid=3957 execve guuid=42879aa8-1600-0000-051a-3822760f0000 pid=3958 /usr/bin/uname guuid=834759a8-1600-0000-051a-3822750f0000 pid=3957->guuid=42879aa8-1600-0000-051a-3822760f0000 pid=3958 execve guuid=e55418a9-1600-0000-051a-3822790f0000 pid=3961 /usr/bin/wget net guuid=834759a8-1600-0000-051a-3822750f0000 pid=3957->guuid=e55418a9-1600-0000-051a-3822790f0000 pid=3961 execve guuid=25b353ab-1600-0000-051a-3822820f0000 pid=3970 /usr/bin/curl net guuid=834759a8-1600-0000-051a-3822750f0000 pid=3957->guuid=25b353ab-1600-0000-051a-3822820f0000 pid=3970 execve guuid=50b922b2-1600-0000-051a-3822990f0000 pid=3993 /usr/bin/chmod guuid=834759a8-1600-0000-051a-3822750f0000 pid=3957->guuid=50b922b2-1600-0000-051a-3822990f0000 pid=3993 execve guuid=915e66b2-1600-0000-051a-38229d0f0000 pid=3997 /tmp/sysa guuid=834759a8-1600-0000-051a-3822750f0000 pid=3957->guuid=915e66b2-1600-0000-051a-38229d0f0000 pid=3997 execve guuid=d511eab3-1600-0000-051a-3822a00f0000 pid=4000 /usr/bin/rm delete-file guuid=834759a8-1600-0000-051a-3822750f0000 pid=3957->guuid=d511eab3-1600-0000-051a-3822a00f0000 pid=4000 execve 1227c8c9-f647-5d60-9378-cbbde3e2a9ba 2.56.10.144:80 guuid=e55418a9-1600-0000-051a-3822790f0000 pid=3961->1227c8c9-f647-5d60-9378-cbbde3e2a9ba con guuid=25b353ab-1600-0000-051a-3822820f0000 pid=3970->1227c8c9-f647-5d60-9378-cbbde3e2a9ba con
Score:
7%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/e9e817da7250ce513da7a70abfd339803dd8fab7612702cbbf2d37b73ad83604
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e9e817da7250ce513da7a70abfd339803dd8fab7612702cbbf2d37b73ad83604/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/e9e817da7250ce513da7a70abfd339803dd8fab7612702cbbf2d37b73ad83604
Threat name:
Script-Shell.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2026-03-06 13:51:19 UTC
File Type:
Text (Shell)
AV detection:
5 of 24 (20.83%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5hubpwtskdhfcpnhu4fl7uzzqa65r6vxmetqfs57fu33oowygyca._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux
Link:
https://tria.ge/reports/260306-q5v38sfy5q/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/e9e817da7250ce513da7a70abfd339803dd8fab7612702cbbf2d37b73ad83604

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh e9e817da7250ce513da7a70abfd339803dd8fab7612702cbbf2d37b73ad83604

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3790037/
  
Delivery method
Distributed via web download

Comments