MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d9dc90fd23cd2ad5e5a1b9df65d36f5328e0bfec7c278b2b6010d9812012ec5a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	d9dc90fd23cd2ad5e5a1b9df65d36f5328e0bfec7c278b2b6010d9812012ec5a
SHA3-384 hash:	339fcf7f5ac7c09d7bbbf7f9570fea14bf6db39cf6c66172ea6f08ab04ff67e38b119a4f1c84cbc120f379bbc266cf37
SHA1 hash:	680f6aeaf49f5bd696d21620a513867d4007a128
MD5 hash:	1604f67457cae93d80cea39cca3b2e55
humanhash:	lima-oscar-hydrogen-paris
File name:	b.sh
Download:	download sample
File size:	3'668 bytes
First seen:	2025-12-10 13:47:13 UTC
Last seen:	2025-12-13 06:31:23 UTC
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:0/DZe19PpRAcqxh6yiJKcz1qDK1oH6aOu7AYTip8PB7om/faJ/llwMnD/j70OH:4I19PvqhiJKI1Foai9TioUcoiMPIs
TLSH	T1557111E5BDA2ED267F0D5028BDD94A837C5B2F7A460DBE136082686A707C14C71F8934
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	smica83
Tags:	check-office365-update-com sh

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

45

Origin country :

HU

Vendor Threat Intelligence

ACCE Unknown

No detections

FileScan.IO Suspicious

Verdict:

Suspicious

Threat level:

  5/10

Confidence:

100%

Tags:

evasive

Link:

https://www.filescan.io/uploads/693979e31eac7b9b76a3d985/reports/77e4ed71-835a-410f-bb59-fc78c22d0467/overview

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-12-10T12:34:00Z UTC

Last seen:

2025-12-11T06:23:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/d9dc90fd23cd2ad5e5a1b9df65d36f5328e0bfec7c278b2b6010d9812012ec5a/results?tab=lookup

Kunai Sandbox

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/448dae64-2196-4229-b446-9a822c3a593f

Nucleon Malprob Benign

Score:

16%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/d9dc90fd23cd2ad5e5a1b9df65d36f5328e0bfec7c278b2b6010d9812012ec5a

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/d9dc90fd23cd2ad5e5a1b9df65d36f5328e0bfec7c278b2b6010d9812012ec5a/

ReversingLabs TitaniumCloud Win32.Trojan.Vigorf

Threat name:

Win32.Trojan.Vigorf

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-12-08 08:48:05 UTC

File Type:

Text (Shell)

AV detection:

4 of 24 (16.67%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=3hojb7jdzuvnlznbxhpwlu3pkmuobp7mpqtywk3acdmycias5rna._file

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  6/10

Tags:

discovery linux

Link:

https://tria.ge/reports/251210-q3mn3s1qhv/

Behaviour

Reads runtime system information

Reads CPU attributes

Enumerates running processes

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

0.70

Link:

https://yomi.yoroi.company/submissions/d9dc90fd23cd2ad5e5a1b9df65d36f5328e0bfec7c278b2b6010d9812012ec5a

Comments

---

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

commented on 2025-12-11 15:56:39 UTC

Payload URLs:
http://194.38.11.3:1790/sshd64
http://194.38.11.3:1790/sshd32