MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d284ad148e3c900ed81429168061aecc6b489b6c9f2040bcdfa5c9e51f0e487. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1d284ad148e3c900ed81429168061aecc6b489b6c9f2040bcdfa5c9e51f0e487
SHA3-384 hash: b5f765e976d62c9422d13f08fbcde8cd51d9c2e1e40499e02cc746045ae14d1e503ceb180be00e763a208233043de96c
SHA1 hash: dac13338e170b374f739daa9b5d3d8e9dde57b7d
MD5 hash: 4bda9bb94e645fd06797b66167b25903
humanhash: social-coffee-lima-earth
File name:and
Download: download sample
File size:3'504 bytes
First seen:2025-04-20 04:37:55 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:i8g1A1SpNv6lafD3KUh1ng447Wmch49/ymVnD:i8g1A1UNv6lafD6g1ng447/ch4VymVnD
TLSH T1DB71E8DB2363AA2D098F849079968B0A35217EC7B0853758D42813F26347ADDB5D5FEC
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.77.241.250/an/an/aelf ua-wget
http://103.77.241.250/most-armca2d87db6526d58c00a5b4d5d6cfd569f5d2f7c1cc1a2c76d5990577b9a7b9fb Miraielf mirai ua-wget
http://103.77.241.250/most-arm5457ac3463c32393c1ca5b86684c1aaa30f883746ca5e42cd5b41d5b0d85fb94e Miraielf mirai ua-wget
http://103.77.241.250/most-arm60c499a0a944b9d28b259e55f4c5c3e5d6eaaeb6105f9b2c7f94b6c44fb93b319 Miraielf mirai ua-wget
http://103.77.241.250/most-arm73698882933571d7fd599291ad8778f5ecfd8015c0cecccbbb2484af69ed5e5f4 Miraielf mirai ua-wget
http://103.77.241.250/most-m68k38027e621a2b5608d47465a785658004d1274354e82a25e735e6bf34d0cabd09 Miraielf mirai ua-wget
http://103.77.241.250/most-mips448d05b73582cdf2e1cd8ca002a9f117b8aa8dee7a839a7643abe77a802f85ad Miraielf mirai ua-wget
http://103.77.241.250/most-mpsle046eae1f9862254c2126c741696f6f3a7ccb1682382e6a4ec43a0b07cd594f3 Miraielf mirai ua-wget
http://103.77.241.250/most-ppcn/an/aelf ua-wget
http://103.77.241.250/most-sh445c3040bb3b4d691f36366bce288bc953d13d2174d7ad33e5521d0c6e6695e76 Miraielf mirai ua-wget
http://103.77.241.250/most-spcn/an/aelf ua-wget
http://103.77.241.250/most-x8629206f3b73af721c3c74bcbe47763b2177643697a375f6dc5f672eca1054d57a Miraielf mirai ua-wget
http://103.77.241.250/most-x86_6437655e6676ef77fe577eb4ad5ff1562290bec739bef988fc6aeb36f9802a6700 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
70.0%
Link:
https://cyber-fortress.com/docs/result/index.php?id=680496172203b3e10cd1cae1linux22vpnfull_triage
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/68047a2e89fec6b88b9f874f/reports/961c2120-9c67-4ddb-a748-3019fcaefa99/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/1d284ad148e3c900ed81429168061aecc6b489b6c9f2040bcdfa5c9e51f0e487
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/1d284ad148e3c900ed81429168061aecc6b489b6c9f2040bcdfa5c9e51f0e487
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1d284ad148e3c900ed81429168061aecc6b489b6c9f2040bcdfa5c9e51f0e487/
Threat name:
Script-Shell.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-04-20 06:37:11 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=duuevuki4peqb3mbikiwqbq25tdljcnwzhzaic6n7joj4upq4sdq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250420-hdjl5ayns6/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/1d284ad148e3c900ed81429168061aecc6b489b6c9f2040bcdfa5c9e51f0e487

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 1d284ad148e3c900ed81429168061aecc6b489b6c9f2040bcdfa5c9e51f0e487

(this sample)

sh 1c70caa886786f4f7fc6563707dbe9dc5609f49f0f096fbe91c3b3d7ce4c6b67

  
URLhaus
https://urlhaus.abuse.ch/url/3505749/
  
Delivery method
Distributed via web download
  
Dropping
MD5 cab1a1a95a968061e3a78224e04ee041
  
Dropping
SHA256 1c70caa886786f4f7fc6563707dbe9dc5609f49f0f096fbe91c3b3d7ce4c6b67

Comments