MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 56d6145255aea2570b3ad679c840162d0c2aca2483174f08f69d6515dca97202. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 6
| SHA256 hash: | 56d6145255aea2570b3ad679c840162d0c2aca2483174f08f69d6515dca97202 |
|---|---|
| SHA3-384 hash: | 755cc17e3e13538f82126ee6096e3c77edea764f66a1fbfaa69a324a832e07d01d05d855eaae5732fcae891b140db083 |
| SHA1 hash: | eeacdc24529ec6f1f08b06888989cdfe40a30e89 |
| MD5 hash: | 3632cc19df3bb92da7706d630fbce7f3 |
| humanhash: | six-crazy-bulldog-california |
| File name: | c.sh |
| Download: | download sample |
| File size: | 846 bytes |
| First seen: | 2025-10-02 05:48:34 UTC |
| Last seen: | 2025-10-03 00:09:48 UTC |
| File type: | sh |
| MIME type: | text/plain |
| ssdeep | 24:3J3n/DTe/D4YG/DpNI7V/DZKl/DU+IJ/D5jw/DTT4/Dclh/D9t8/Dih/DfG/Drn:ZD4D4YcDE1DZCDBIZD5KDHmDmD+DiBD8 |
| TLSH | T13C0121CDA27173275F08AF28B0699068902098D17BB6CE96FF748CF4D8DD2403135679 |
| Magika | shell |
| Reporter |  abuse_ch |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://139.162.143.187/systemcl/arm | n/a | n/a | elf ua-wget |
| http://139.162.143.187/systemcl/arm5 | n/a | n/a | elf ua-wget |
| http://139.162.143.187/systemcl/arm6 | n/a | n/a | elf ua-wget |
| http://139.162.143.187/systemcl/arm7 | n/a | n/a | elf ua-wget |
| http://139.162.143.187/systemcl/m68k | n/a | n/a | elf ua-wget |
| http://139.162.143.187/systemcl/mips | n/a | n/a | elf ua-wget |
| http://139.162.143.187/systemcl/mpsl | n/a | n/a | elf ua-wget |
| http://139.162.143.187/systemcl/ppc | n/a | n/a | elf ua-wget |
| http://139.162.143.187/systemcl/sh4 | n/a | n/a | elf ua-wget |
| http://139.162.143.187/systemcl/spc | n/a | n/a | elf ua-wget |
| http://139.162.143.187/systemcl/x86 | n/a | n/a | elf ua-wget |
| http://139.162.143.187/systemcl/x86_64 | n/a | n/a | elf ua-wget |
Intelligence
File Origin
# of uploads :
2
# of downloads :
38
Origin country :
DEVendor Threat Intelligence
Detection(s):
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
evasive
Verdict:
Malicious
File Type:
text
First seen:
2025-10-02T03:57:00Z UTC
Last seen:
2025-10-02T06:50:00Z UTC
Hits:
~10
Status:
terminated
Behavior Graph:
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Threat name:
Linux.Trojan.Vigorf
Status:
Malicious
First seen:
2025-10-02 05:49:28 UTC
File Type:
Text (Shell)
AV detection:
16 of 38 (42.11%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
3/10
Tags:
n/a
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh 56d6145255aea2570b3ad679c840162d0c2aca2483174f08f69d6515dca97202
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.