MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cf1320b7b2f57c565d6248a760bbf34b0c69341b65a080938b12df88e061077c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


MooBot


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cf1320b7b2f57c565d6248a760bbf34b0c69341b65a080938b12df88e061077c
SHA3-384 hash: 7324157a7694832e373fc5694d1084de1d03d53595e8c932464cdfe98e36e21b83a94f41b804261435f91d2d2c7ec701
SHA1 hash: 7731449d95734ba81a96bcee286886e716f96c33
MD5 hash: 175cf95f9f58d11e5765bf559b5e8eb6
humanhash: chicken-princess-nineteen-don
File name:w.sh
Download: download sample
Signature MooBot
Create hunting rule
File size:3'714 bytes
First seen:2026-03-20 23:35:56 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:z2AYAdIGKvlLHH3pB0kKGARvjdDtt9i1lwiXl9ptTf0gmwI8chFcczFE4CEEyr12:6jvVn
TLSH T1627163F8F9B49932314EDA2DB3680994998F5DBB38F83978D59B8D11290D848730DB73
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter darknomad
Tags:ADB dropper mirai Moobot multi-arch sh
URLMalware sample (SHA256 hash)SignatureTags
http://121.37.40.52/a1e1cf2f14dd48f5be6019831491ce4ae71e6d55061da02baf30b9263d5e889c7 Miraielf mirai
http://121.37.40.52/s5b70a2722060b5ca6e91c699acfe09404303ef84411a2abba4bab5b017d86ff6 Miraielf mirai
http://121.37.40.52/d5df0de498faf4f98e608e4ef86474e8b706551aaf386ff85e9ab7613d11f36b0 Miraielf gafgyt mirai
http://121.37.40.52/fb9d45e38b403321e3732e180051192c50c0e8eda63de6bd67ae056c0b5ed56e4 Miraielf mirai
http://121.37.40.52/g77d820cc5f0aa6d8b0564991fe42f705bd42ba8bc57c5c1177142534f2239c65 Miraielf mirai
http://121.37.40.52/h6a86cc8a48f3466f55bb73533ad3c44f555575505a7fb9b4142dd6df3a336404 Miraielf mirai
http://121.37.40.52/j9ff2f4873bbe69d63f49571a747c6d928ebd872c317b01486d94a845f9c0d0af Miraielf mirai
http://121.37.40.52/k1d61e4b9490bd6d9ae2dc75c3a029e284bb0dba5578b0b1f607e0c5b70423204 Miraielf mirai
http://121.37.40.52/ln/an/aelf mirai
http://121.37.40.52/qe87f036b421f3d4cad02a6bda6de7786166d7e87ea64096e100eeea658d5aeff Miraielf mirai
http://121.37.40.52/wcda7bf0cf0d7fabe15cc22e32dee56ae3217e6c86176e3436a07c34f829fcd38 Miraielf mirai
http://121.37.40.52/e7c4970bcfa5e69e3056b3e8bb4d199a529e1591afbd45e41db3c809085a8f620 Miraielf mirai
http://121.37.40.52/rc6cf3e38335114df33a9add8d25c13324598ab14dcac4d464f964cf8ec5bd7aa Miraielf mirai
http://121.37.40.52/t27777a449104d410d1d076bfc449945a0b9369206efc2b12bb9e830d7689d470 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
CO CO
Vendor Threat Intelligence
No detections
Gathering data
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/cf1320b7b2f57c565d6248a760bbf34b0c69341b65a080938b12df88e061077c/results?tab=lookup
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/cf1320b7b2f57c565d6248a760bbf34b0c69341b65a080938b12df88e061077c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cf1320b7b2f57c565d6248a760bbf34b0c69341b65a080938b12df88e061077c/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/cf1320b7b2f57c565d6248a760bbf34b0c69341b65a080938b12df88e061077c
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-03-20 16:06:17 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z4jsbn5s6v6fmxlcjctwbo7tjmggsna3mwqibe4lclpyrydba56a._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/260320-3lnw2ady5z/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.09
Link:
https://yomi.yoroi.company/submissions/cf1320b7b2f57c565d6248a760bbf34b0c69341b65a080938b12df88e061077c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

MooBot

sh cf1320b7b2f57c565d6248a760bbf34b0c69341b65a080938b12df88e061077c

(this sample)

Mirai

elf 1e1cf2f14dd48f5be6019831491ce4ae71e6d55061da02baf30b9263d5e889c7

  
Dropping
MD5 fe6fb5cbd1bc99f5bcc36012d9b3badf
  
Dropping
SHA256 1e1cf2f14dd48f5be6019831491ce4ae71e6d55061da02baf30b9263d5e889c7

Comments