MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e0478c41f0db6ca3ebfab4395a3cbacf7916dfc17b3ef8bf4a1cd3bac87dfc60. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e0478c41f0db6ca3ebfab4395a3cbacf7916dfc17b3ef8bf4a1cd3bac87dfc60
SHA3-384 hash: a6e4eef4732a380726ece32f1b142d7289ec582cfeff616c0a3fe32e6f7a6659dede902e546464bba89897fb2912719a
SHA1 hash: d9cfe8977934c7cf762eb5683010d2a3284b09f0
MD5 hash: 69762b148c5bd84c6acad2333d6638ad
humanhash: missouri-mobile-kitten-black
File name:c.sh
Download: download sample
File size:1'140 bytes
First seen:2025-09-04 09:05:58 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:3J3UdIdvHdIdidIdxNIOdIdAKcdIdbdIdgdIdLTDkUdIdotdIdTkdId1dId95dIk:WnmDg
TLSH T14A215BFE33BD9582AB290A8870765018A1C6C2D377A89781F33C54216D9D2CD6E25B37
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://41.216.189.108/00101010101001/sora.armn/an/aelf ua-wget
http://41.216.189.108/00101010101001/sora.arm5n/an/aelf ua-wget
http://41.216.189.108/00101010101001/sora.arm6n/an/aelf ua-wget
http://41.216.189.108/00101010101001/sora.arm7n/an/aelf ua-wget
http://41.216.189.108/00101010101001/sora.m68kn/an/aelf ua-wget
http://41.216.189.108/00101010101001/sora.mipsn/an/aelf ua-wget
http://41.216.189.108/00101010101001/sora.mpsln/an/aelf ua-wget
http://41.216.189.108/00101010101001/sora.ppcn/an/aelf ua-wget
http://41.216.189.108/00101010101001/sora.sh4n/an/aelf ua-wget
http://41.216.189.108/00101010101001/sora.spcn/an/aelf ua-wget
http://41.216.189.108/00101010101001/sora.x86n/an/aelf ua-wget
http://41.216.189.108/00101010101001/sora.x86_64n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-33.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68b956a42eee5ca64cad1718/reports/c9ebc803-29a3-44dc-9fd7-d5f83b896aa0/overview
Verdict:
Malicious
File Type:
ps1
First seen:
2025-09-04T06:42:00Z UTC
Last seen:
2025-09-04T06:42:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/e0478c41f0db6ca3ebfab4395a3cbacf7916dfc17b3ef8bf4a1cd3bac87dfc60/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/410cfcb6-c480-4404-9606-d7b87334fb05
Behavior Graph:
Download SVG
%3 guuid=b9814372-1b00-0000-6163-7c8fac0c0000 pid=3244 /usr/bin/sudo guuid=ce763e75-1b00-0000-6163-7c8fb10c0000 pid=3249 /tmp/sample.bin guuid=b9814372-1b00-0000-6163-7c8fac0c0000 pid=3244->guuid=ce763e75-1b00-0000-6163-7c8fb10c0000 pid=3249 execve guuid=28af9a75-1b00-0000-6163-7c8fb30c0000 pid=3251 /usr/bin/curl net guuid=ce763e75-1b00-0000-6163-7c8fb10c0000 pid=3249->guuid=28af9a75-1b00-0000-6163-7c8fb30c0000 pid=3251 execve a4e02df3-c7fa-5be2-b410-afe687812c07 41.216.189.108:80 guuid=28af9a75-1b00-0000-6163-7c8fb30c0000 pid=3251->a4e02df3-c7fa-5be2-b410-afe687812c07 con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e0478c41f0db6ca3ebfab4395a3cbacf7916dfc17b3ef8bf4a1cd3bac87dfc60
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e0478c41f0db6ca3ebfab4395a3cbacf7916dfc17b3ef8bf4a1cd3bac87dfc60/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/e0478c41f0db6ca3ebfab4395a3cbacf7916dfc17b3ef8bf4a1cd3bac87dfc60
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-09-04 08:59:22 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4bdyyqpq3nwkh272wq4vupf2z54rnx6bpm7prp2kdtj3vsd57rqa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250904-k232sacm4w/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e0478c41f0db6ca3ebfab4395a3cbacf7916dfc17b3ef8bf4a1cd3bac87dfc60

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh e0478c41f0db6ca3ebfab4395a3cbacf7916dfc17b3ef8bf4a1cd3bac87dfc60

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3617088/
  
Delivery method
Distributed via web download

Comments