MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4880ba6c4d19629349f8d7621e6211f858cbfc57d0832807e11a4e68b3216dd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	c4880ba6c4d19629349f8d7621e6211f858cbfc57d0832807e11a4e68b3216dd
SHA3-384 hash:	4f00584f82f12df1bbf48cf6b39e830f483787df2bc21718cf901dd2692fa7a4a0c010d14ced6144c98142e8c72cf3eb
SHA1 hash:	a53fca2a3f64f7d0065220ae1b2a30a251510174
MD5 hash:	51eb958850d26d794b11b51e17eb8224
humanhash:	football-oven-purple-hotel
File name:	router.zyxel.sh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	1'337 bytes
First seen:	2025-08-19 19:13:15 UTC
Last seen:	2025-08-20 12:30:44 UTC
File type:	sh
MIME type:	text/plain
ssdeep	12:Ktv60EtaLld6zEt16CEtXWzUf6KMtXTmz6KYEtqaOEd61tR6ZtX6nt5Vd6ttCt/N:30gzPCxRzjHbQ2CKt/e3J/zgIiJea
TLSH	T1E721F59EA85C7105F1F9CB91B813D7809F4DC5A79DD02F01A78C7836C78ED04F925A89
Magika	shell
Reporter	abuse_ch
Tags:	sh

Intelligence

---

File Origin

# of uploads :

3

# of downloads :

26

Origin country :

DE

Vendor Threat Intelligence

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/6e1191c4-c344-4a61-a0f3-145e6882263b

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/c4880ba6c4d19629349f8d7621e6211f858cbfc57d0832807e11a4e68b3216dd

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c4880ba6c4d19629349f8d7621e6211f858cbfc57d0832807e11a4e68b3216dd/

Neiki Trojan-Downloader.Shell.Agent

Verdict:

Malicious

Threat:

Trojan-Downloader.Shell.Agent

Link:

https://tip.neiki.dev/file/c4880ba6c4d19629349f8d7621e6211f858cbfc57d0832807e11a4e68b3216dd

ReversingLabs TitaniumCloud Linux.Trojan.Vigorf

Threat name:

Linux.Trojan.Vigorf

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-08-17 23:38:21 UTC

File Type:

Text (Shell)

AV detection:

18 of 38 (47.37%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=yseaxjwe2glcsne7rv3cdzrbd6cyzp6fpuedfad6cgsonczsc3oq._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/250819-xxa7esfq81/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/c4880ba6c4d19629349f8d7621e6211f858cbfc57d0832807e11a4e68b3216dd