MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1f34e1c472a94cbc539c9f1c3c11af0dba3bcae130216b3df31c9fa5f24a33d7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 1f34e1c472a94cbc539c9f1c3c11af0dba3bcae130216b3df31c9fa5f24a33d7
SHA3-384 hash: b558951d0c281fb3cb070ad68f1c7a722769a2658cc11e55bada1991ad77167c3f7d57b5c75469f7a90f82102f35126f
SHA1 hash: 5e9698fae25a4de2e5b2c5bab8a8139f6e0c66dd
MD5 hash: ebe35ddb4f57e72d06bd59ba8b88c712
humanhash: charlie-seventeen-victor-michigan
File name:u.sh
Download: download sample
File size:798 bytes
First seen:2026-04-29 05:52:22 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:tP8yn7rnrg7rK7r+737i2+KZTJcYsUMMiMe:957rnrCrAr+jO2+AJJMMiMe
TLSH T1C601AF6A3869BEF9F7050DB4E5885A346081C2150C81FD11B8ED1A58F12ABC9769D46A
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter BlinkzSec

Intelligence

File Origin
# of uploads :
1
# of downloads :
54
Origin country :
SK SK
Vendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-04-29T03:02:00Z UTC
Last seen:
2026-04-29T03:39:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.bc
Link:
https://opentip.kaspersky.com/1f34e1c472a94cbc539c9f1c3c11af0dba3bcae130216b3df31c9fa5f24a33d7/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/945325f5-6360-49c7-998d-06b55d02a3c8
Behavior Graph:
Download SVG
%3 guuid=27cd6bdf-1f00-0000-9a6a-fefde40a0000 pid=2788 /usr/bin/sudo guuid=953642e3-1f00-0000-9a6a-fefdeb0a0000 pid=2795 /tmp/sample.bin guuid=27cd6bdf-1f00-0000-9a6a-fefde40a0000 pid=2788->guuid=953642e3-1f00-0000-9a6a-fefdeb0a0000 pid=2795 execve guuid=4b37b1e3-1f00-0000-9a6a-fefdec0a0000 pid=2796 /usr/bin/uname guuid=953642e3-1f00-0000-9a6a-fefdeb0a0000 pid=2795->guuid=4b37b1e3-1f00-0000-9a6a-fefdec0a0000 pid=2796 execve guuid=cd0840e4-1f00-0000-9a6a-fefded0a0000 pid=2797 /usr/bin/dash guuid=953642e3-1f00-0000-9a6a-fefdeb0a0000 pid=2795->guuid=cd0840e4-1f00-0000-9a6a-fefded0a0000 pid=2797 clone guuid=48bf53e4-1f00-0000-9a6a-fefdee0a0000 pid=2798 /usr/bin/grep guuid=953642e3-1f00-0000-9a6a-fefdeb0a0000 pid=2795->guuid=48bf53e4-1f00-0000-9a6a-fefdee0a0000 pid=2798 execve guuid=1b32d0e4-1f00-0000-9a6a-fefdef0a0000 pid=2799 /usr/bin/dash guuid=953642e3-1f00-0000-9a6a-fefdeb0a0000 pid=2795->guuid=1b32d0e4-1f00-0000-9a6a-fefdef0a0000 pid=2799 clone guuid=aed4e7e4-1f00-0000-9a6a-fefdf00a0000 pid=2800 /usr/bin/grep guuid=953642e3-1f00-0000-9a6a-fefdeb0a0000 pid=2795->guuid=aed4e7e4-1f00-0000-9a6a-fefdf00a0000 pid=2800 execve guuid=80964fe6-1f00-0000-9a6a-fefdf10a0000 pid=2801 /usr/bin/busybox net send-data write-file guuid=953642e3-1f00-0000-9a6a-fefdeb0a0000 pid=2795->guuid=80964fe6-1f00-0000-9a6a-fefdf10a0000 pid=2801 execve guuid=a217e41c-2000-0000-9a6a-fefd540b0000 pid=2900 /usr/bin/chmod guuid=953642e3-1f00-0000-9a6a-fefdeb0a0000 pid=2795->guuid=a217e41c-2000-0000-9a6a-fefd540b0000 pid=2900 execve guuid=5b9b531d-2000-0000-9a6a-fefd560b0000 pid=2902 /usr/bin/busybox guuid=953642e3-1f00-0000-9a6a-fefdeb0a0000 pid=2795->guuid=5b9b531d-2000-0000-9a6a-fefd560b0000 pid=2902 execve guuid=39ad941d-2000-0000-9a6a-fefd580b0000 pid=2904 /usr/bin/busybox guuid=953642e3-1f00-0000-9a6a-fefdeb0a0000 pid=2795->guuid=39ad941d-2000-0000-9a6a-fefd580b0000 pid=2904 execve fbec3a19-7c01-5d0d-94db-e0338a9d404e 142.248.80.139:80 guuid=80964fe6-1f00-0000-9a6a-fefdf10a0000 pid=2801->fbec3a19-7c01-5d0d-94db-e0338a9d404e send: 88B
Score:
20%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/1f34e1c472a94cbc539c9f1c3c11af0dba3bcae130216b3df31c9fa5f24a33d7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/1f34e1c472a94cbc539c9f1c3c11af0dba3bcae130216b3df31c9fa5f24a33d7/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/1f34e1c472a94cbc539c9f1c3c11af0dba3bcae130216b3df31c9fa5f24a33d7
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-04-29 05:37:17 UTC
File Type:
Text (Shell)
AV detection:
5 of 24 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=d42odrdsvfglyu44t4odyenpbw5dxsxbgaqwwpptdsp2l4skgplq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion linux
Link:
https://tria.ge/reports/260429-gk4efagv9x/
Behaviour
File and Directory Permissions Modification
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.70
Link:
https://yomi.yoroi.company/submissions/1f34e1c472a94cbc539c9f1c3c11af0dba3bcae130216b3df31c9fa5f24a33d7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments