MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 61f5cee28f7d2e28fc08c14ef45db329d43ce2c236d6b8de8b8ac23ead255041. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 61f5cee28f7d2e28fc08c14ef45db329d43ce2c236d6b8de8b8ac23ead255041
SHA3-384 hash: 9dbb67d61ceb79686919148f294683506dd1d362d41ff7d82865de9e4c5a587da239613a30e06ec1cafd37876c59f85c
SHA1 hash: 4f520685a8728a2c2ebe18e7dff49f0d6416fb1e
MD5 hash: bdc499a381131c4d8d47b5641b4bad60
humanhash: four-fix-foxtrot-indigo
File name:dd.sh
Download: download sample
File size:2'617 bytes
First seen:2026-03-26 16:10:44 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:afhBvN2ufHMzzkn6DXx3wSxxSEHbTENk7wAV969KpI4QMqENkWjE4UwjgekLLkiD:kvN2ufMPJHsNRkN1WB
TLSH T1595119FD7D38A1E22DD0B976A3C65742F10121B7E0A40C01F32EF79A8F987A0F090696
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
56
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.2247.7962.30426.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/69c55aa72346b9da57a8ee46/reports/2317fd13-bde9-4991-aa67-7a418149c75e/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-03-26T13:19:00Z UTC
Last seen:
2026-03-28T06:19:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/61f5cee28f7d2e28fc08c14ef45db329d43ce2c236d6b8de8b8ac23ead255041/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/fbaf2514-bc3c-458b-ac1e-c7b966a04dd1
Behavior Graph:
Download SVG
%3 guuid=9fcc9bed-1600-0000-9453-9909e40e0000 pid=3812 /usr/bin/sudo guuid=584eceef-1600-0000-9453-9909ea0e0000 pid=3818 /tmp/sample.bin guuid=9fcc9bed-1600-0000-9453-9909e40e0000 pid=3812->guuid=584eceef-1600-0000-9453-9909ea0e0000 pid=3818 execve guuid=165f0df0-1600-0000-9453-9909ec0e0000 pid=3820 /usr/bin/dash guuid=584eceef-1600-0000-9453-9909ea0e0000 pid=3818->guuid=165f0df0-1600-0000-9453-9909ec0e0000 pid=3820 clone guuid=c92e81f0-1600-0000-9453-9909ee0e0000 pid=3822 /usr/bin/dash guuid=584eceef-1600-0000-9453-9909ea0e0000 pid=3818->guuid=c92e81f0-1600-0000-9453-9909ee0e0000 pid=3822 clone guuid=a943d4f0-1600-0000-9453-9909f20e0000 pid=3826 /usr/bin/rm guuid=584eceef-1600-0000-9453-9909ea0e0000 pid=3818->guuid=a943d4f0-1600-0000-9453-9909f20e0000 pid=3826 execve guuid=2c0812f1-1600-0000-9453-9909f40e0000 pid=3828 /usr/bin/wget net send-data guuid=584eceef-1600-0000-9453-9909ea0e0000 pid=3818->guuid=2c0812f1-1600-0000-9453-9909f40e0000 pid=3828 execve guuid=519839f4-1600-0000-9453-9909ff0e0000 pid=3839 /usr/bin/curl net send-data write-file guuid=584eceef-1600-0000-9453-9909ea0e0000 pid=3818->guuid=519839f4-1600-0000-9453-9909ff0e0000 pid=3839 execve guuid=40bff6fc-1600-0000-9453-99091b0f0000 pid=3867 /usr/bin/chmod guuid=584eceef-1600-0000-9453-9909ea0e0000 pid=3818->guuid=40bff6fc-1600-0000-9453-99091b0f0000 pid=3867 execve guuid=2c4542fd-1600-0000-9453-99091f0f0000 pid=3871 /home/sandbox/db0fa4b8db0333367e9bda3ab68b8042.x64 zombie guuid=584eceef-1600-0000-9453-9909ea0e0000 pid=3818->guuid=2c4542fd-1600-0000-9453-99091f0f0000 pid=3871 execve guuid=6ced47fd-1600-0000-9453-9909200f0000 pid=3872 /usr/bin/dash guuid=584eceef-1600-0000-9453-9909ea0e0000 pid=3818->guuid=6ced47fd-1600-0000-9453-9909200f0000 pid=3872 clone guuid=7a4416f0-1600-0000-9453-9909ed0e0000 pid=3821 /usr/bin/uname guuid=165f0df0-1600-0000-9453-9909ec0e0000 pid=3820->guuid=7a4416f0-1600-0000-9453-9909ed0e0000 pid=3821 execve guuid=49f989f0-1600-0000-9453-9909ef0e0000 pid=3823 /usr/bin/uname guuid=c92e81f0-1600-0000-9453-9909ee0e0000 pid=3822->guuid=49f989f0-1600-0000-9453-9909ef0e0000 pid=3823 execve 36b1b8f9-982a-5d21-ae66-55c270ae0d99 176.65.139.80:80 guuid=2c0812f1-1600-0000-9453-9909f40e0000 pid=3828->36b1b8f9-982a-5d21-ae66-55c270ae0d99 send: 164B guuid=519839f4-1600-0000-9453-9909ff0e0000 pid=3839->36b1b8f9-982a-5d21-ae66-55c270ae0d99 send: 113B guuid=4a594ffd-1600-0000-9453-9909210f0000 pid=3873 /usr/bin/sleep guuid=6ced47fd-1600-0000-9453-9909200f0000 pid=3872->guuid=4a594ffd-1600-0000-9453-9909210f0000 pid=3873 execve
Score:
13%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/61f5cee28f7d2e28fc08c14ef45db329d43ce2c236d6b8de8b8ac23ead255041
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/61f5cee28f7d2e28fc08c14ef45db329d43ce2c236d6b8de8b8ac23ead255041/
Verdict:
Susipicious
Link:
https://tip.neiki.dev/file/61f5cee28f7d2e28fc08c14ef45db329d43ce2c236d6b8de8b8ac23ead255041
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-03-26 16:11:22 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mh245yuppuxcr7aiyfhpixntfhkdzywcg3llrxulrlbd5ljfkbaq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux
Link:
https://tria.ge/reports/260326-tm38nsgz2n/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.75
Link:
https://yomi.yoroi.company/submissions/61f5cee28f7d2e28fc08c14ef45db329d43ce2c236d6b8de8b8ac23ead255041

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 61f5cee28f7d2e28fc08c14ef45db329d43ce2c236d6b8de8b8ac23ead255041

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3805676/
  
Delivery method
Distributed via web download

Comments