MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7e3eb05cd276cfeb39bf38e80f5a74ceda0352ee15d53ea63c11e1d0cac52428. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7e3eb05cd276cfeb39bf38e80f5a74ceda0352ee15d53ea63c11e1d0cac52428
SHA3-384 hash: dbcee36f0b19edc386452c11bee2a2834e7f46a384f81e9c57e78652252ec9fc1699073aa1451e182e0b19277e8270e8
SHA1 hash: 41cccf0e359a7fad58ef52ab1dfe4e21934a2276
MD5 hash: 3e93ae814da32d7843652161186038eb
humanhash: connecticut-river-eleven-carbon
File name:a
Download: download sample
File size:875 bytes
First seen:2025-04-21 08:18:56 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:AGC9gfcy5QhyQhTxfQhRmKkOy52TCGrtx74lw4MzJhFZ3p4cVjDUZ9D0:AGWLy5QhyQh9QhNkO55xGGhzbXUY
TLSH T14511C04129001A6142EEC4AD17CF200D768694AF76047F10A3FF3A692B52C96B3E92DF
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
115
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.2359.20285.29002.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68060159280f5f89a0d2b5d1linux22vpnfull_triage
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/6805ff7b90767142c3dd72f7/reports/054140cb-577f-47b9-8aac-821d5c69cd3f/overview
Score:
2%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/7e3eb05cd276cfeb39bf38e80f5a74ceda0352ee15d53ea63c11e1d0cac52428
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7e3eb05cd276cfeb39bf38e80f5a74ceda0352ee15d53ea63c11e1d0cac52428/
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-04-21 08:19:14 UTC
File Type:
Text (Shell)
AV detection:
9 of 38 (23.68%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=py7laxgso3h6won7hdua6wtuz3naguxocxkt5jr4chq5bswfequa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/250421-j7wn8awvgy/
Behaviour
Reads runtime system information
File and Directory Permissions Modification
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh fe5dbc3a222f6a54926a449a479466e04d85305d92feed9aed147312d5370415

sh 7e3eb05cd276cfeb39bf38e80f5a74ceda0352ee15d53ea63c11e1d0cac52428

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3501310/
  
Delivery method
Distributed via web download
  
Dropped by
SHA256 fe5dbc3a222f6a54926a449a479466e04d85305d92feed9aed147312d5370415
  
Dropped by
MD5 0c263130bb7e7385dd6b98d3efcb7142
  
URLhaus
https://urlhaus.abuse.ch/url/3501304/

Comments


Avatar
commented on 2025-04-21 14:14:46 UTC

IOCs:
http:/ 160[.]191[.]243[.]33/$file_name
($file_name options are most-arm7, most-x86, most-x86_64)
These resulting downloads from the IP are very Mirai-esquse!
Android exploit
Vietnamese language used in script