MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f57c4ce41c7f8947b71f2b41f6743f39216bdfe037645de7fb46e7ecedf6bfa1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f57c4ce41c7f8947b71f2b41f6743f39216bdfe037645de7fb46e7ecedf6bfa1
SHA3-384 hash: 31a5f910ec5fc8694ec6f5081bd5e7fc7ef68f4779f82d826ed838f7db7abb3e169a1472c932a4802b2da88a640ac87a
SHA1 hash: 76b1f330166706bd0d079e96eee648b2e21b191b
MD5 hash: 9ee265f2bcd21266f9a94daab9578c42
humanhash: mirror-fish-nineteen-princess
File name:deploy.sh
Download: download sample
File size:3'346 bytes
First seen:2026-04-28 19:11:36 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:mM6FL3JZpVR8TY53JZpNR8bY5Z7EL8E6OcKI7wJ6OLf4PV2td/s/Na80BV:WFbJZpVR80JJZpNR8c5ZKPBEPEEOV
TLSH T18161E009326255B13E0C48247ABB21213D68025706312CEF75EE66647F8B79973FBE97
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter BlinkzSec

Intelligence

File Origin
# of uploads :
1
# of downloads :
50
Origin country :
SK SK
Vendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-04-28T16:30:00Z UTC
Last seen:
2026-04-30T12:58:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/f57c4ce41c7f8947b71f2b41f6743f39216bdfe037645de7fb46e7ecedf6bfa1/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/6bf325ac-9014-4022-93eb-712f0bde558b
Behavior Graph:
Download SVG
%3 guuid=d15c98e7-1a00-0000-cc54-7b37090b0000 pid=2825 /usr/bin/sudo guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831 /tmp/sample.bin guuid=d15c98e7-1a00-0000-cc54-7b37090b0000 pid=2825->guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831 execve guuid=571f60eb-1a00-0000-cc54-7b37110b0000 pid=2833 /usr/bin/busybox net send-data write-file guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=571f60eb-1a00-0000-cc54-7b37110b0000 pid=2833 execve guuid=d75a6eee-1a00-0000-cc54-7b37130b0000 pid=2835 /usr/bin/chmod guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=d75a6eee-1a00-0000-cc54-7b37130b0000 pid=2835 execve guuid=282e04ef-1a00-0000-cc54-7b37140b0000 pid=2836 /usr/bin/busybox net send-data write-file guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=282e04ef-1a00-0000-cc54-7b37140b0000 pid=2836 execve guuid=9a7d7409-1b00-0000-cc54-7b37340b0000 pid=2868 /usr/bin/chmod guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=9a7d7409-1b00-0000-cc54-7b37340b0000 pid=2868 execve guuid=e1f0ee09-1b00-0000-cc54-7b37360b0000 pid=2870 /usr/bin/bash guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=e1f0ee09-1b00-0000-cc54-7b37360b0000 pid=2870 clone guuid=dacbfe09-1b00-0000-cc54-7b37370b0000 pid=2871 /usr/bin/head guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=dacbfe09-1b00-0000-cc54-7b37370b0000 pid=2871 execve guuid=88a2c40a-1b00-0000-cc54-7b373a0b0000 pid=2874 /usr/bin/bash guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=88a2c40a-1b00-0000-cc54-7b373a0b0000 pid=2874 clone guuid=0fafff0a-1b00-0000-cc54-7b373b0b0000 pid=2875 /usr/bin/bash guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=0fafff0a-1b00-0000-cc54-7b373b0b0000 pid=2875 clone guuid=7be9060b-1b00-0000-cc54-7b373c0b0000 pid=2876 /usr/bin/grep guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=7be9060b-1b00-0000-cc54-7b373c0b0000 pid=2876 execve guuid=edbd7c0b-1b00-0000-cc54-7b373e0b0000 pid=2878 /usr/bin/bash guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=edbd7c0b-1b00-0000-cc54-7b373e0b0000 pid=2878 clone guuid=19918e0b-1b00-0000-cc54-7b373f0b0000 pid=2879 /usr/bin/bash guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=19918e0b-1b00-0000-cc54-7b373f0b0000 pid=2879 clone guuid=94a6960b-1b00-0000-cc54-7b37400b0000 pid=2880 /usr/bin/grep guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=94a6960b-1b00-0000-cc54-7b37400b0000 pid=2880 execve guuid=1d7f010c-1b00-0000-cc54-7b37420b0000 pid=2882 /usr/bin/bash guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=1d7f010c-1b00-0000-cc54-7b37420b0000 pid=2882 clone guuid=a03f1f0c-1b00-0000-cc54-7b37440b0000 pid=2884 /usr/bin/sleep guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=a03f1f0c-1b00-0000-cc54-7b37440b0000 pid=2884 execve guuid=2c2bd236-1c00-0000-cc54-7b375e0d0000 pid=3422 /usr/bin/bash guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=2c2bd236-1c00-0000-cc54-7b375e0d0000 pid=3422 clone guuid=9ac4e136-1c00-0000-cc54-7b375f0d0000 pid=3423 /usr/bin/grep guuid=44ae7dea-1a00-0000-cc54-7b370f0b0000 pid=2831->guuid=9ac4e136-1c00-0000-cc54-7b375f0d0000 pid=3423 execve 34ddd458-c555-5343-9eab-3f0acfb6722a 176.65.139.124:80 guuid=571f60eb-1a00-0000-cc54-7b37110b0000 pid=2833->34ddd458-c555-5343-9eab-3f0acfb6722a send: 89B guuid=282e04ef-1a00-0000-cc54-7b37140b0000 pid=2836->34ddd458-c555-5343-9eab-3f0acfb6722a send: 91B
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/f57c4ce41c7f8947b71f2b41f6743f39216bdfe037645de7fb46e7ecedf6bfa1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f57c4ce41c7f8947b71f2b41f6743f39216bdfe037645de7fb46e7ecedf6bfa1/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/f57c4ce41c7f8947b71f2b41f6743f39216bdfe037645de7fb46e7ecedf6bfa1
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-04-28 19:06:53 UTC
File Type:
Text (Shell)
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6v6ezza4p6eupny7fna7m5b7heqwxx7ag5sf3z73i3t6z3pwx6qq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion linux
Link:
https://tria.ge/reports/260428-xw2yradw8w/
Behaviour
Writes file to tmp directory
Declares broadcast receivers with permission to handle system events
File and Directory Permissions Modification
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/f57c4ce41c7f8947b71f2b41f6743f39216bdfe037645de7fb46e7ecedf6bfa1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh f57c4ce41c7f8947b71f2b41f6743f39216bdfe037645de7fb46e7ecedf6bfa1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3834018/
  
Delivery method
Distributed via web download

Comments