MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2d9945bba8207d419dca32e5c2ecc821f3eedd5c48bc1ebfe754133c56a17828. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 2d9945bba8207d419dca32e5c2ecc821f3eedd5c48bc1ebfe754133c56a17828
SHA3-384 hash: dbcba0b2f8dc4e35044ac8826a7f13a91964f6bad19b16cb48cc4a981168bd39b23815a14ba2cab39d586379ea09eab6
SHA1 hash: 90da06ce83496aa9f1f0ace48e0751f08fc3327d
MD5 hash: 5afc984a6d0ebb82ea875af5b2ae5b12
humanhash: zebra-five-sixteen-eight
File name:WSW0
Download: download sample
File size:266 bytes
First seen:2026-06-30 18:29:09 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 3:TKH4vLYNu/8o/3Y4XseqYMQWtmhHJMPsFZAutDMFsMLONFYqGSrP/c5c/DOOdKXp:hTMToTt+aAulNXYq9DG+NjVsNXYrkJ
TLSH T1BCD097A215B301F0A03E8860F5EAA400B050C37F0D84D219B99734F01E40309F1D1BA0
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://216.107.139.197/n/an/an/a

Intelligence


File Origin
# of uploads :
1
# of downloads :
87
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
downloader
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-06-30T15:33:00Z UTC
Last seen:
2026-06-30T23:55:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Threat name:
Win32.Trojan.Vigorf
Status:
Malicious
First seen:
2026-06-30 18:29:26 UTC
File Type:
Text (Shell)
AV detection:
8 of 23 (34.78%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm credential_access defense_evasion linux
Behaviour
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
OS Credential Dumping
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 2d9945bba8207d419dca32e5c2ecc821f3eedd5c48bc1ebfe754133c56a17828

(this sample)

  
Delivery method
Distributed via web download

Comments