{
	"id": "8b0b1c59-83dd-4359-9665-babfad1b01d0",
	"created_at": "2026-04-06T00:12:55.322466Z",
	"updated_at": "2026-04-10T13:12:44.031723Z",
	"deleted_at": null,
	"sha1_hash": "bac6f79d2e4313b2ac4a308603ec0217894d8076",
	"title": "Free Automated Malware Analysis Service - powered by Falcon Sandbox",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 564521,
	"plain_text": "Free Automated Malware Analysis Service - powered by Falcon\r\nSandbox\r\nArchived: 2026-04-05 23:21:10 UTC\r\nIncident Response\r\nMITRE ATT\u0026CK™ Techniques Detection\r\nThis report has 3 indicators that were mapped to 2 attack techniques and 1 tactics. View all details\r\nAdditional Context\r\nRelated Sandbox Artifacts\r\nAssociated URLs\r\nhxxps://ptpb.pw/~x\r\nIndicators\r\nNot all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view\r\nall details.\r\nExternal Systems\r\nSample was identified as malicious by a trusted Antivirus engine\r\ndetails\r\nNo specific details available\r\nsource\r\nExternal System\r\nrelevance\r\n5/10\r\nSample was identified as malicious by at least one Antivirus engine\r\ndetails\r\n2/58 Antivirus vendors marked sample as malicious (3% detection rate)\r\nsource\r\nExternal System\r\nrelevance\r\n8/10\r\nEnvironment Awareness\r\nQueries system general information (syscall)\r\ndetails\r\nhttps://www.hybrid-analysis.com/sample/28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7?environmentId=300\r\nPage 1 of 4\n\n/bin/bash used: sysinfo\r\n/bin/bash used: uname\r\nsource\r\nAPI Call\r\nrelevance\r\n3/10\r\nATT\u0026CK ID\r\nT1082 (Show technique in the MITRE ATT\u0026CK™ matrix)\r\nGeneral\r\nExecutes a shell command\r\ndetails\r\n/bin/bash executed: bash /tmp/x.sh\r\nsource\r\nAPI Call\r\nrelevance\r\n10/10\r\nNetwork Related\r\nDetected increased number of ARP broadcast requests (network device lookup)\r\ndetails\r\nAttempt to find devices in networks: \"192.168.56.1/32, 192.168.56.25/32, ...\"\r\nsource\r\nNetwork Traffic\r\nrelevance\r\n10/10\r\nATT\u0026CK ID\r\nT1046 (Show technique in the MITRE ATT\u0026CK™ matrix)\r\nEnvironment Awareness\r\nGets user and/or group ID (syscall)\r\ndetails\r\n/bin/bash used: getuid\r\n/bin/bash used: geteuid\r\nsource\r\nAPI Call\r\nATT\u0026CK ID\r\nT1082 (Show technique in the MITRE ATT\u0026CK™ matrix)\r\nNetwork Related\r\nFound potential URL in binary/memory\r\ndetails\r\nPattern match: \"https://ptpb.pw/~u\"\r\nHeuristic match: \"bash /tmp/x.sh\"\r\nsource\r\nFile/Memory\r\nhttps://www.hybrid-analysis.com/sample/28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7?environmentId=300\r\nPage 2 of 4\n\nrelevance\r\n10/10\r\nFile Details\r\nAll Details:\r\nOnOff\r\nx\r\nFilename\r\nx\r\nSize\r\n890B (890 bytes)\r\nType\r\nscript sh\r\nDescription\r\nBourne-Again shell script, ASCII text executable\r\nArchitecture\r\nLINUX\r\nSHA256\r\n28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7\r\nResources\r\nIcon\r\n-\r\nClassification (TrID)\r\n100.0% (.SH) Linux/UNIX shell script\r\nScreenshots\r\nhttps://www.hybrid-analysis.com/sample/28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7?environmentId=300\r\nPage 3 of 4\n\nHybrid Analysis\r\nTip: Click an analysed process below to view more details.\r\nAnalysed 1 process in total.\r\n bash bash /tmp/x.sh (PID: 1825)\r\nNetwork Analysis\r\nDNS Requests\r\nNo relevant DNS requests were made.\r\nHTTP Traffic\r\nNo relevant HTTP requests were made.\r\nExtracted Files\r\nNo significant files were extracted.\r\nWarnings\r\nAdded comment to Virus Total report\r\nSource: https://www.hybrid-analysis.com/sample/28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7?environmentId\r\n=300\r\nhttps://www.hybrid-analysis.com/sample/28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7?environmentId=300\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://www.hybrid-analysis.com/sample/28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7?environmentId=300"
	],
	"report_names": [
		"28553b3a9d2ad4361d33d29ac4bf771d008e0073cec01b5561c6348a608f8dd7?environmentId=300"
	],
	"threat_actors": [],
	"ts_created_at": 1775434375,
	"ts_updated_at": 1775826764,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/bac6f79d2e4313b2ac4a308603ec0217894d8076.pdf",
		"text": "https://archive.orkl.eu/bac6f79d2e4313b2ac4a308603ec0217894d8076.txt",
		"img": "https://archive.orkl.eu/bac6f79d2e4313b2ac4a308603ec0217894d8076.jpg"
	}
}