MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a2f8d572747b402a749797532bd9406cf0134d4708012b1db3dfd8957c99e9a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a2f8d572747b402a749797532bd9406cf0134d4708012b1db3dfd8957c99e9a0
SHA3-384 hash: fc1581bf0af710374810abbbf42210439a23d1b4fe3930830c5561d1f8f1c664cdee3390f69c3d1cb29e006ecc812127
SHA1 hash: 155b3cfe04466d781cf93dbf5dc666973c0ea5ae
MD5 hash: 988a8c823aa1d9d2624d8237ac1f73ef
humanhash: neptune-wolfram-summer-mississippi
File name:tftp.sh
Download: download sample
File size:1'487 bytes
First seen:2026-05-28 12:05:19 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:imNEBvi1+maBFBvK9htmTNTtqBvTm7TQmiJ1BvWPZ7B/m8LQEByTvDp8QW3tqBVC:imNoviQmaB7v8htmJcvIsmgLvAZF/J5f
TLSH T198316EC015D53A7ECCD4941B6A43607D207E78C91F2B2EC4DDEA78C8E798692F660D0D
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter BlinkzSec

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.2496.5994.4923.UNOFFICIAL
Create hunting rule

Verdict:
Clean
File Type:
unix shell
Link:
https://opentip.kaspersky.com/a2f8d572747b402a749797532bd9406cf0134d4708012b1db3dfd8957c99e9a0/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/68c5a517-caad-44e7-b4d6-102d07c943f4
Behavior Graph:
Download SVG
%3 guuid=d249a5e9-1a00-0000-5bfe-7ce635050000 pid=1333 /usr/bin/sudo guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337 /tmp/sample.bin guuid=d249a5e9-1a00-0000-5bfe-7ce635050000 pid=1333->guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337 execve guuid=a719ffec-1a00-0000-5bfe-7ce63a050000 pid=1338 /usr/bin/busybox send-data guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=a719ffec-1a00-0000-5bfe-7ce63a050000 pid=1338 execve guuid=66d180f0-1d00-0000-5bfe-7ce6e1090000 pid=2529 /usr/bin/busybox guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=66d180f0-1d00-0000-5bfe-7ce6e1090000 pid=2529 execve guuid=1f61abf0-1d00-0000-5bfe-7ce6e2090000 pid=2530 /usr/bin/dash guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=1f61abf0-1d00-0000-5bfe-7ce6e2090000 pid=2530 clone guuid=d4f6b9f0-1d00-0000-5bfe-7ce6e3090000 pid=2531 /usr/bin/busybox guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=d4f6b9f0-1d00-0000-5bfe-7ce6e3090000 pid=2531 execve guuid=37a3e5f0-1d00-0000-5bfe-7ce6e5090000 pid=2533 /usr/bin/busybox send-data guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=37a3e5f0-1d00-0000-5bfe-7ce6e5090000 pid=2533 execve guuid=1ebac7f3-2000-0000-5bfe-7ce68d0f0000 pid=3981 /usr/bin/busybox guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=1ebac7f3-2000-0000-5bfe-7ce68d0f0000 pid=3981 execve guuid=19ea02f4-2000-0000-5bfe-7ce68e0f0000 pid=3982 /usr/bin/dash guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=19ea02f4-2000-0000-5bfe-7ce68e0f0000 pid=3982 clone guuid=913811f4-2000-0000-5bfe-7ce68f0f0000 pid=3983 /usr/bin/busybox guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=913811f4-2000-0000-5bfe-7ce68f0f0000 pid=3983 execve guuid=529947f4-2000-0000-5bfe-7ce6910f0000 pid=3985 /usr/bin/busybox send-data guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=529947f4-2000-0000-5bfe-7ce6910f0000 pid=3985 execve guuid=e08392f7-2300-0000-5bfe-7ce695140000 pid=5269 /usr/bin/busybox guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=e08392f7-2300-0000-5bfe-7ce695140000 pid=5269 execve guuid=2a02ddf7-2300-0000-5bfe-7ce696140000 pid=5270 /usr/bin/dash guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=2a02ddf7-2300-0000-5bfe-7ce696140000 pid=5270 clone guuid=d26cecf7-2300-0000-5bfe-7ce697140000 pid=5271 /usr/bin/busybox guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=d26cecf7-2300-0000-5bfe-7ce697140000 pid=5271 execve guuid=03421ef8-2300-0000-5bfe-7ce698140000 pid=5272 /usr/bin/busybox send-data guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=03421ef8-2300-0000-5bfe-7ce698140000 pid=5272 execve guuid=94abeafb-2600-0000-5bfe-7ce6c0140000 pid=5312 /usr/bin/busybox guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=94abeafb-2600-0000-5bfe-7ce6c0140000 pid=5312 execve guuid=033623fc-2600-0000-5bfe-7ce6c1140000 pid=5313 /usr/bin/dash guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=033623fc-2600-0000-5bfe-7ce6c1140000 pid=5313 clone guuid=40df3cfc-2600-0000-5bfe-7ce6c2140000 pid=5314 /usr/bin/busybox guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=40df3cfc-2600-0000-5bfe-7ce6c2140000 pid=5314 execve guuid=ad906cfc-2600-0000-5bfe-7ce6c3140000 pid=5315 /usr/bin/busybox send-data guuid=e08899ec-1a00-0000-5bfe-7ce639050000 pid=1337->guuid=ad906cfc-2600-0000-5bfe-7ce6c3140000 pid=5315 execve 643dfb3e-596a-52be-8554-9c840f472911 176.65.139.164:69 guuid=a719ffec-1a00-0000-5bfe-7ce63a050000 pid=1338->643dfb3e-596a-52be-8554-9c840f472911 send: 276B guuid=37a3e5f0-1d00-0000-5bfe-7ce6e5090000 pid=2533->643dfb3e-596a-52be-8554-9c840f472911 send: 288B guuid=529947f4-2000-0000-5bfe-7ce6910f0000 pid=3985->643dfb3e-596a-52be-8554-9c840f472911 send: 288B guuid=03421ef8-2300-0000-5bfe-7ce698140000 pid=5272->643dfb3e-596a-52be-8554-9c840f472911 send: 288B guuid=ad906cfc-2600-0000-5bfe-7ce6c3140000 pid=5315->643dfb3e-596a-52be-8554-9c840f472911 send: 264B
Score:
32%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/a2f8d572747b402a749797532bd9406cf0134d4708012b1db3dfd8957c99e9a0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a2f8d572747b402a749797532bd9406cf0134d4708012b1db3dfd8957c99e9a0/
Verdict:
Clean
Link:
https://tip.neiki.dev/file/a2f8d572747b402a749797532bd9406cf0134d4708012b1db3dfd8957c99e9a0
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-05-28 11:56:12 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ul4nk4tupnacu5exs5jsxwkantybgtkhbaaswhnt37mjk7ez5gqa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/260528-n9dzeafy2x/
Behaviour
System Network Configuration Discovery
Writes file to tmp directory
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments