MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1c70caa886786f4f7fc6563707dbe9dc5609f49f0f096fbe91c3b3d7ce4c6b67. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1c70caa886786f4f7fc6563707dbe9dc5609f49f0f096fbe91c3b3d7ce4c6b67
SHA3-384 hash: 821707f6c158733f9458347ac0d491684e4f4af2618d56504ecf8ce4fbe0f2ca530273b7eedca0c135798b3614ea7d2f
SHA1 hash: 0998d6deef60a373bc971cf3d3547e7305515a69
MD5 hash: cab1a1a95a968061e3a78224e04ee041
humanhash: spaghetti-delaware-twenty-red
File name:a
Download: download sample
File size:876 bytes
First seen:2025-04-20 04:42:58 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:AGC9gfcy5QhyQhTxfQhRmKkOy52TEtx74lw4MzJhFZ3p4cVjDUZ9D2:AGWLy5QhyQh9QhNkOmxGGhzbXUi
TLSH T1A911C04129015A6142EEC4AD17CF200E758694AF76047F10A3FF3AAA2B52895B3E82DF
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
73
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.2359.10656.32341.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68047b5c280f5f89a0d2421elinux22vpnfull_triage
Tags:
n/a
Score:
3%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/1c70caa886786f4f7fc6563707dbe9dc5609f49f0f096fbe91c3b3d7ce4c6b67
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1c70caa886786f4f7fc6563707dbe9dc5609f49f0f096fbe91c3b3d7ce4c6b67/
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-04-20 04:43:09 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=drymvkegpbxu676gky3qpw7j3rlat5e7b4ew7puryoz5ptsmnntq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/250420-fcaaystwct/
Behaviour
Reads runtime system information
File and Directory Permissions Modification
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1c70caa886786f4f7fc6563707dbe9dc5609f49f0f096fbe91c3b3d7ce4c6b67

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 1d284ad148e3c900ed81429168061aecc6b489b6c9f2040bcdfa5c9e51f0e487

sh 1c70caa886786f4f7fc6563707dbe9dc5609f49f0f096fbe91c3b3d7ce4c6b67

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3505757/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/2824952/
  
URLhaus
https://urlhaus.abuse.ch/url/3519692/
  
Dropped by
SHA256 1d284ad148e3c900ed81429168061aecc6b489b6c9f2040bcdfa5c9e51f0e487
  
Dropped by
MD5 4bda9bb94e645fd06797b66167b25903
  
URLhaus
https://urlhaus.abuse.ch/url/3505749/

Comments