MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5dabcdef5b91370b31f8e78058b0d67ed055159e10f3a38bce0df13da5e6166c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5dabcdef5b91370b31f8e78058b0d67ed055159e10f3a38bce0df13da5e6166c
SHA3-384 hash: 74e58ef3f2834d1000512661d440d4487de1718994d725cbd8fa28a0c493a311d35cb6658713311b75355c88920a31f0
SHA1 hash: eb7a51fc01b6df699b2e5033fe391e6eac2ef0fe
MD5 hash: 30767275ca828ec1c9d62baccbb0cdf1
humanhash: carpet-video-sierra-early
File name:5dabcdef5b91370b31f8e78058b0d67ed055159e10f3a38bce0df13da5e6166c.sh
Download: download sample
File size:1'889 bytes
First seen:2026-03-31 14:28:31 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:UXav89jz4Uy0e0wBL9r6X5Kzg02LI/zIL/8uxg9+O:oJ9jzkSwBLZ5zg0yIUEuxgl
TLSH T1A64154F5F834E830380615E9BDCF31BAAD97D75E56016850A1334C768702A59734F11A
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter JAMESWT_WT
Tags:scan-aquasecurtiy-org sh
URLMalware sample (SHA256 hash)SignatureTags
https://scan.aquasecurtiy.org/uploadn/an/an/a
https://plug-tab-protective-relay.trycloudflare.com/datan/an/an/a
https://api.github.com/usern/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
IT IT
Vendor Threat Intelligence
Gathering data
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69cbda3be2df9aa488c0041a/reports/d09fad36-2ca4-4f43-be9c-0c8c1af47497/overview
Verdict:
Clean
File Type:
unix shell
Link:
https://opentip.kaspersky.com/5dabcdef5b91370b31f8e78058b0d67ed055159e10f3a38bce0df13da5e6166c/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/d0b85456-1b0f-4b20-a3cb-91c68bec451b
Behavior Graph:
Download SVG
%3 guuid=f6f6d6d0-1600-0000-c21e-1aac5a0f0000 pid=3930 /usr/bin/sudo guuid=07ad10d3-1600-0000-c21e-1aac630f0000 pid=3939 /tmp/sample.bin guuid=f6f6d6d0-1600-0000-c21e-1aac5a0f0000 pid=3930->guuid=07ad10d3-1600-0000-c21e-1aac630f0000 pid=3939 execve guuid=1a2275d3-1600-0000-c21e-1aac650f0000 pid=3941 /usr/bin/bash guuid=07ad10d3-1600-0000-c21e-1aac630f0000 pid=3939->guuid=1a2275d3-1600-0000-c21e-1aac650f0000 pid=3941 clone guuid=07150dd4-1600-0000-c21e-1aac670f0000 pid=3943 /usr/bin/cat guuid=07ad10d3-1600-0000-c21e-1aac630f0000 pid=3939->guuid=07150dd4-1600-0000-c21e-1aac670f0000 pid=3943 execve guuid=954815d4-1600-0000-c21e-1aac680f0000 pid=3944 /usr/bin/bash guuid=07ad10d3-1600-0000-c21e-1aac630f0000 pid=3939->guuid=954815d4-1600-0000-c21e-1aac680f0000 pid=3944 clone guuid=c2bb1cd4-1600-0000-c21e-1aac690f0000 pid=3945 /usr/bin/grep guuid=07ad10d3-1600-0000-c21e-1aac630f0000 pid=3939->guuid=c2bb1cd4-1600-0000-c21e-1aac690f0000 pid=3945 execve guuid=e55b87d3-1600-0000-c21e-1aac660f0000 pid=3942 /usr/bin/ls guuid=1a2275d3-1600-0000-c21e-1aac650f0000 pid=3941->guuid=e55b87d3-1600-0000-c21e-1aac660f0000 pid=3942 execve
Score:
4%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/5dabcdef5b91370b31f8e78058b0d67ed055159e10f3a38bce0df13da5e6166c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5dabcdef5b91370b31f8e78058b0d67ed055159e10f3a38bce0df13da5e6166c/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/5dabcdef5b91370b31f8e78058b0d67ed055159e10f3a38bce0df13da5e6166c
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-03-24 00:45:19 UTC
File Type:
Text (Shell)
AV detection:
4 of 24 (16.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lwv43323se3qwmpy46afrmgwp3ifkfm6cdz2hc6obxyt3jpgczwa._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
credential_access discovery linux
Link:
https://tria.ge/reports/260331-rtnqfset7s/
Behaviour
Reads runtime system information
Writes file to tmp directory
Reads process memory
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5dabcdef5b91370b31f8e78058b0d67ed055159e10f3a38bce0df13da5e6166c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments