MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61b7c0fce00635d5f464047012896695dc5e1cb68e944c48322cea54a6037dfd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 61b7c0fce00635d5f464047012896695dc5e1cb68e944c48322cea54a6037dfd
SHA3-384 hash: 3f6c29ab87d54aaf712bb34be99109d5c57725d2360dd277aa1a0cd4d5b1efe84d863b35543e28560dbf678391313503
SHA1 hash: ad66a697b4566c9acac090c3cd824f96a621873b
MD5 hash: 7dd45372f2d1de1361592b4583a4fa8b
humanhash: vermont-mirror-early-maryland
File name:WSW0
Download: download sample
File size:266 bytes
First seen:2026-06-30 06:52:46 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 6:hT9pX6YnogcNt1zS3784wAulNXYq9DG+NjVsNXYrkJ:V9pXMgclG3ZwPiq9DGmKi2
TLSH T130D097A355B3017000B30C44F1C2B992F041837F9E5AD42DB91332305F0520AF0E06A0
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://216.107.139.197/n/an/an/a

Intelligence


File Origin
# of uploads :
1
# of downloads :
58
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
downloader
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-06-30T04:01:00Z UTC
Last seen:
2026-07-02T01:44:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Threat name:
Win32.Trojan.Vigorf
Status:
Malicious
First seen:
2026-06-30 06:53:34 UTC
File Type:
Text (Shell)
AV detection:
10 of 23 (43.48%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm credential_access defense_evasion linux
Behaviour
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
OS Credential Dumping
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 61b7c0fce00635d5f464047012896695dc5e1cb68e944c48322cea54a6037dfd

(this sample)

  
Delivery method
Distributed via web download

Comments