MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5c0f8b87cbf7bde0cb46ba8db6ca265c87d8a4f829ed4f6e22c3a607251b9dc2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	5c0f8b87cbf7bde0cb46ba8db6ca265c87d8a4f829ed4f6e22c3a607251b9dc2
SHA3-384 hash:	47201df1d052ac651c74e3d87c4d1ad860b8551de9343d969c90f86be736ad180a30da03dffa80ab5ffc92a561f373bf
SHA1 hash:	8ce6618dfb6818865b27cbcddb63ea37488700bc
MD5 hash:	00e4aa5e067178e3fc4eb48177efed68
humanhash:	emma-romeo-undress-carolina
File name:	tbk.sh
Download:	download sample
File size:	482 bytes
First seen:	2025-08-28 07:33:18 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	12:hKBFKaLcLeYSJaf36cLigJ36cHgC6cOqPAF:Ar7LD0f36Fgt6fC6SPM
TLSH	T1FCF0E0CDC199D878FCA5D5D3F9BC9810D98BD64129601F28B5C214F2694D91C3223AD7
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://185.121.13.159/tbarm7	n/a	n/a	elf ua-wget
http://185.121.13.159/tbarm	n/a	n/a	elf ua-wget
http://185.121.13.159/tbarm5	n/a	n/a	elf ua-wget

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.SH.Mirai.C.gen.Camelot.21319.398.UNOFFICIAL

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

evasive

Link:

https://www.filescan.io/uploads/68b006d91c81c34281d654c7/reports/a8c8a8bf-e5a9-4e91-b71f-2ec0d30a28a2/overview

Verdict:

Malicious

File Type:

unix shell

Link:

https://opentip.kaspersky.com/5c0f8b87cbf7bde0cb46ba8db6ca265c87d8a4f829ed4f6e22c3a607251b9dc2/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/a87aa11b-b89d-4ca9-b932-b054d0a8e05a

Behavior Graph:

Download SVG

Score:

95%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/5c0f8b87cbf7bde0cb46ba8db6ca265c87d8a4f829ed4f6e22c3a607251b9dc2

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5c0f8b87cbf7bde0cb46ba8db6ca265c87d8a4f829ed4f6e22c3a607251b9dc2/

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/5c0f8b87cbf7bde0cb46ba8db6ca265c87d8a4f829ed4f6e22c3a607251b9dc2

Threat name:

Document-HTML.Trojan.Vigorf

Status:

Malicious

First seen:

2025-08-28 06:37:07 UTC

File Type:

Text (Shell)

AV detection:

8 of 24 (33.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lqhyxb6l6666bs2gxkg3nsrglsd5rjhyfhwu63rcyotaoji3txba._file

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/250828-je4t5adj3z/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/5c0f8b87cbf7bde0cb46ba8db6ca265c87d8a4f829ed4f6e22c3a607251b9dc2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 5c0f8b87cbf7bde0cb46ba8db6ca265c87d8a4f829ed4f6e22c3a607251b9dc2

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3613042/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample