MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 552c71822ee4b0c21ddbca8df0905c19b9d6192376766773f99fd3dca6ba27ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 552c71822ee4b0c21ddbca8df0905c19b9d6192376766773f99fd3dca6ba27ac
SHA3-384 hash: 85e553f4b87c70702db857e7d2eaa260a92e1340e83ab9cd1f65b711ae1a43d04b2757957e1cf2ab1e07f361c0bfce0f
SHA1 hash: c9c60eaa895a462d8bda6020da945adb301a0ed3
MD5 hash: 52edaa8fdb15fdd169c57cbfd5268959
humanhash: delta-one-failed-zebra
File name:nova.sh
Download: download sample
File size:2'453 bytes
First seen:2026-06-06 17:24:50 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:q994zVz1FbRL9uXuHVjHVKQlnv8f1nulDtGGDErfyX/HFd/E+MG8hJ:694ZjJ0twlfXN8G8b
TLSH T1D951ECE2B825D435F98DA439EB9D63987482241F0A18BE14758F783C0B8C94C23FE679
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter BlinkzSec

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.2650.24157.23109.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2026-05-30T04:02:00Z UTC
Last seen:
2026-06-06T16:07:00Z UTC
Hits:
~10
Detections:
Trojan-Downloader.Shell.Agent.mk
Link:
https://opentip.kaspersky.com/552c71822ee4b0c21ddbca8df0905c19b9d6192376766773f99fd3dca6ba27ac/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a512ec30-2157-4b25-aaf0-7cd8c97f4b56
Behavior Graph:
Download SVG
%3 guuid=97fea48c-1900-0000-a634-b157750a0000 pid=2677 /usr/bin/sudo guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685 /tmp/sample.bin write-config guuid=97fea48c-1900-0000-a634-b157750a0000 pid=2677->guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685 execve guuid=8da3c98e-1900-0000-a634-b1577f0a0000 pid=2687 /usr/bin/dash guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=8da3c98e-1900-0000-a634-b1577f0a0000 pid=2687 clone guuid=5bc01c8f-1900-0000-a634-b157830a0000 pid=2691 /usr/sbin/killall5 guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=5bc01c8f-1900-0000-a634-b157830a0000 pid=2691 execve guuid=c7029a90-1900-0000-a634-b157890a0000 pid=2697 /usr/bin/rm guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=c7029a90-1900-0000-a634-b157890a0000 pid=2697 execve guuid=8327cd90-1900-0000-a634-b1578b0a0000 pid=2699 /usr/bin/wget net send-data write-file guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=8327cd90-1900-0000-a634-b1578b0a0000 pid=2699 execve guuid=a56d9e9b-1900-0000-a634-b157ac0a0000 pid=2732 /usr/bin/chmod guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=a56d9e9b-1900-0000-a634-b157ac0a0000 pid=2732 execve guuid=294ef19b-1900-0000-a634-b157ad0a0000 pid=2733 /tmp/nova.x86_64 write-file guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=294ef19b-1900-0000-a634-b157ad0a0000 pid=2733 execve guuid=1ddbfb9b-1900-0000-a634-b157ae0a0000 pid=2734 /usr/bin/mkdir guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=1ddbfb9b-1900-0000-a634-b157ae0a0000 pid=2734 execve guuid=baa3649e-1900-0000-a634-b157b20a0000 pid=2738 /usr/bin/cp guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=baa3649e-1900-0000-a634-b157b20a0000 pid=2738 execve guuid=a3180b9f-1900-0000-a634-b157b50a0000 pid=2741 /usr/bin/chmod guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=a3180b9f-1900-0000-a634-b157b50a0000 pid=2741 execve guuid=89336d9f-1900-0000-a634-b157b70a0000 pid=2743 /usr/bin/dash guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=89336d9f-1900-0000-a634-b157b70a0000 pid=2743 clone guuid=352a759f-1900-0000-a634-b157b80a0000 pid=2744 /usr/bin/dash guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=352a759f-1900-0000-a634-b157b80a0000 pid=2744 clone guuid=bea767a0-1900-0000-a634-b157be0a0000 pid=2750 /usr/bin/chmod guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=bea767a0-1900-0000-a634-b157be0a0000 pid=2750 execve guuid=c7e1e7a0-1900-0000-a634-b157c00a0000 pid=2752 /usr/bin/cat write-config guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=c7e1e7a0-1900-0000-a634-b157c00a0000 pid=2752 execve guuid=e4b73da1-1900-0000-a634-b157c20a0000 pid=2754 /usr/bin/systemctl guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=e4b73da1-1900-0000-a634-b157c20a0000 pid=2754 execve guuid=320a04d9-1900-0000-a634-b157420b0000 pid=2882 /usr/bin/systemctl guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=320a04d9-1900-0000-a634-b157420b0000 pid=2882 execve guuid=ce2b1e11-1a00-0000-a634-b157ca0b0000 pid=3018 /usr/bin/systemctl guuid=4af3988e-1900-0000-a634-b1577d0a0000 pid=2685->guuid=ce2b1e11-1a00-0000-a634-b157ca0b0000 pid=3018 execve guuid=31e7d08e-1900-0000-a634-b157800a0000 pid=2688 /usr/bin/uname guuid=8da3c98e-1900-0000-a634-b1577f0a0000 pid=2687->guuid=31e7d08e-1900-0000-a634-b157800a0000 pid=2688 execve 371c2f8e-fdd6-520b-a41e-59de4691bacf 176.65.148.144:80 guuid=8327cd90-1900-0000-a634-b1578b0a0000 pid=2699->371c2f8e-fdd6-520b-a41e-59de4691bacf send: 145B guuid=99e92a9c-1900-0000-a634-b157af0a0000 pid=2735 /tmp/nova.x86_64 delete-file zombie guuid=294ef19b-1900-0000-a634-b157ad0a0000 pid=2733->guuid=99e92a9c-1900-0000-a634-b157af0a0000 pid=2735 clone guuid=c75f899f-1900-0000-a634-b157b90a0000 pid=2745 /usr/bin/dash guuid=89336d9f-1900-0000-a634-b157b70a0000 pid=2743->guuid=c75f899f-1900-0000-a634-b157b90a0000 pid=2745 clone guuid=765e919f-1900-0000-a634-b157ba0a0000 pid=2746 /usr/bin/grep guuid=89336d9f-1900-0000-a634-b157b70a0000 pid=2743->guuid=765e919f-1900-0000-a634-b157ba0a0000 pid=2746 execve
Score:
4%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/552c71822ee4b0c21ddbca8df0905c19b9d6192376766773f99fd3dca6ba27ac
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/552c71822ee4b0c21ddbca8df0905c19b9d6192376766773f99fd3dca6ba27ac/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/552c71822ee4b0c21ddbca8df0905c19b9d6192376766773f99fd3dca6ba27ac
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-05-30 08:24:23 UTC
File Type:
Text (Shell)
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kuwhdaro4symeho3zkg7bec4dg45mgjdoz3go47zt7j5zjv2e6wa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery execution linux persistence privilege_escalation
Link:
https://tria.ge/reports/260606-vzkgrsa12z/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Creates/modifies Cron job
Enumerates running processes
Modifies rc script
Modifies systemd
File and Directory Permissions Modification
Deletes itself
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.39
Link:
https://yomi.yoroi.company/submissions/552c71822ee4b0c21ddbca8df0905c19b9d6192376766773f99fd3dca6ba27ac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments