MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dc0b6b8da9faf4537530ee3fe77ccc916d1e3eb8710ae81f3d7ded795ebcc8ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dc0b6b8da9faf4537530ee3fe77ccc916d1e3eb8710ae81f3d7ded795ebcc8ee
SHA3-384 hash: adb5423d2b9bcff416147eb20bbf0a87ead86b69ede86b016ac701cfc874fb8ac56249babd41e5a8195b9db6f9b7d278
SHA1 hash: f8d12bf900d28a9730096914ad77d77eafe72187
MD5 hash: cb0c4c41fb2f71e4af30def88b3b422c
humanhash: sierra-gee-lima-bacon
File name:d.sh
Download: download sample
File size:5'113 bytes
First seen:2026-01-24 15:32:34 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 96:CaNFbsjjmb3xyrdc+ZNzp3oOUZ5dq8f/R4RZ0SrPWUXVuqPwat:CPcnIukWUr
TLSH T153B1E38A12921C703DD299673265878C7187B0F756ED6F50F8CCF9A64BACE14E421367
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
41
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.2247.1714.23499.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/6974e641f3c1b7b1fbdbefde/reports/fab7a771-0165-43d4-b1c7-cc58d61d012e/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-01-19T12:51:00Z UTC
Last seen:
2026-01-25T12:54:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/dc0b6b8da9faf4537530ee3fe77ccc916d1e3eb8710ae81f3d7ded795ebcc8ee/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/69eb3e87-0fe1-42f0-8bce-f08986363e1e
Behavior Graph:
Download SVG
%3 guuid=c249189e-1600-0000-5c50-33c5420d0000 pid=3394 /usr/bin/sudo guuid=87460ea0-1600-0000-5c50-33c54a0d0000 pid=3402 /tmp/sample.bin guuid=c249189e-1600-0000-5c50-33c5420d0000 pid=3394->guuid=87460ea0-1600-0000-5c50-33c54a0d0000 pid=3402 execve guuid=6e7f51a0-1600-0000-5c50-33c54b0d0000 pid=3403 /usr/bin/uname guuid=87460ea0-1600-0000-5c50-33c54a0d0000 pid=3402->guuid=6e7f51a0-1600-0000-5c50-33c54b0d0000 pid=3403 execve guuid=25bdd9a0-1600-0000-5c50-33c54d0d0000 pid=3405 /usr/bin/uname guuid=87460ea0-1600-0000-5c50-33c54a0d0000 pid=3402->guuid=25bdd9a0-1600-0000-5c50-33c54d0d0000 pid=3405 execve guuid=d73525a1-1600-0000-5c50-33c54f0d0000 pid=3407 /usr/bin/rm guuid=87460ea0-1600-0000-5c50-33c54a0d0000 pid=3402->guuid=d73525a1-1600-0000-5c50-33c54f0d0000 pid=3407 execve guuid=e6e360a1-1600-0000-5c50-33c5510d0000 pid=3409 /usr/bin/wget net send-data write-file guuid=87460ea0-1600-0000-5c50-33c54a0d0000 pid=3402->guuid=e6e360a1-1600-0000-5c50-33c5510d0000 pid=3409 execve guuid=c4576fa7-1600-0000-5c50-33c5660d0000 pid=3430 /usr/bin/chmod guuid=87460ea0-1600-0000-5c50-33c54a0d0000 pid=3402->guuid=c4576fa7-1600-0000-5c50-33c5660d0000 pid=3430 execve guuid=3464c5a7-1600-0000-5c50-33c5680d0000 pid=3432 /tmp/sys64.x86_64 guuid=87460ea0-1600-0000-5c50-33c54a0d0000 pid=3402->guuid=3464c5a7-1600-0000-5c50-33c5680d0000 pid=3432 execve guuid=a536d5a7-1600-0000-5c50-33c56a0d0000 pid=3434 /usr/bin/rm delete-file guuid=87460ea0-1600-0000-5c50-33c54a0d0000 pid=3402->guuid=a536d5a7-1600-0000-5c50-33c56a0d0000 pid=3434 execve guuid=0a6983a8-1600-0000-5c50-33c56d0d0000 pid=3437 /usr/bin/rm delete-file guuid=87460ea0-1600-0000-5c50-33c54a0d0000 pid=3402->guuid=0a6983a8-1600-0000-5c50-33c56d0d0000 pid=3437 execve 3805beb5-f973-54cb-813b-12af6cd87ce6 151.243.213.58:80 guuid=e6e360a1-1600-0000-5c50-33c5510d0000 pid=3409->3805beb5-f973-54cb-813b-12af6cd87ce6 send: 143B guuid=3d6ecea7-1600-0000-5c50-33c5690d0000 pid=3433 /tmp/sys64.x86_64 dns net send-data zombie guuid=3464c5a7-1600-0000-5c50-33c5680d0000 pid=3432->guuid=3d6ecea7-1600-0000-5c50-33c5690d0000 pid=3433 clone 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=3d6ecea7-1600-0000-5c50-33c5690d0000 pid=3433->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 28B 8fcd8c40-cc31-59d6-868c-f881ce9f8ada y.hxhk.xyz:8033 guuid=3d6ecea7-1600-0000-5c50-33c5690d0000 pid=3433->8fcd8c40-cc31-59d6-868c-f881ce9f8ada send: 14B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/dc0b6b8da9faf4537530ee3fe77ccc916d1e3eb8710ae81f3d7ded795ebcc8ee
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dc0b6b8da9faf4537530ee3fe77ccc916d1e3eb8710ae81f3d7ded795ebcc8ee/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/dc0b6b8da9faf4537530ee3fe77ccc916d1e3eb8710ae81f3d7ded795ebcc8ee
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-01-24 13:58:52 UTC
File Type:
Text (Shell)
AV detection:
12 of 36 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3qfwxdnj7l2fg5jq5y76o7gmsfwr4pvyoefoqhz5pxwxsxv4zdxa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery linux
Link:
https://tria.ge/reports/260124-ta325sd12g/
Behaviour
System Network Configuration Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh dc0b6b8da9faf4537530ee3fe77ccc916d1e3eb8710ae81f3d7ded795ebcc8ee

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3763099/
  
Delivery method
Distributed via web download

Comments