MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed687091ba91fa8931c2ef5666cfee269231bfc1dd0b6f590833b69da4b9ec21. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed687091ba91fa8931c2ef5666cfee269231bfc1dd0b6f590833b69da4b9ec21
SHA3-384 hash: 441848c5f04f8d96f9f9dfaa345c1c228a6eb629a91dda865aa8e842667840e9c4b9e5ff405bb1f9842e540b57051c31
SHA1 hash: 1628af9beba63cde4359064aaa5505a25a950312
MD5 hash: 5ff5ead32d4b9350538708ef367e5aca
humanhash: eighteen-comet-eleven-saturn
File name:cat.sh
Download: download sample
File size:1'181 bytes
First seen:2026-05-28 11:51:19 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:bmdTY2WF1Jr02L7TY2Lo1Jr02eOBt2LIOBt2O3NtOt2Lk3NtOt25j:bMT7i1JbL7T7Lo1JbeOBALIOBAwXLGXl
TLSH T15A21D3F1D29422B3A5A9803E7781E564258140F34C87FC7CBC1CAA21AFC269DB6356F1
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter BlinkzSec
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.139.220/bins/n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
19
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-05-28T09:18:00Z UTC
Last seen:
2026-05-30T02:27:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/ed687091ba91fa8931c2ef5666cfee269231bfc1dd0b6f590833b69da4b9ec21/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/08a85a68-4f56-43af-91a8-aad06509aaf1
Behavior Graph:
Download SVG
%3 guuid=acc28b54-2300-0000-d66e-0e926f0b0000 pid=2927 /usr/bin/sudo guuid=2d683d57-2300-0000-d66e-0e92760b0000 pid=2934 /tmp/sample.bin guuid=acc28b54-2300-0000-d66e-0e926f0b0000 pid=2927->guuid=2d683d57-2300-0000-d66e-0e92760b0000 pid=2934 execve
Score:
70%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ed687091ba91fa8931c2ef5666cfee269231bfc1dd0b6f590833b69da4b9ec21
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ed687091ba91fa8931c2ef5666cfee269231bfc1dd0b6f590833b69da4b9ec21/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/ed687091ba91fa8931c2ef5666cfee269231bfc1dd0b6f590833b69da4b9ec21
Threat name:
Win32.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2026-05-28 11:49:26 UTC
File Type:
Text (Shell)
AV detection:
12 of 37 (32.43%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5vuhben2sh5ismoc55lgnt7oe2jddp6b3ufw6wiigo3j3jfz5qqq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/260528-n15e1aes8k/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ed687091ba91fa8931c2ef5666cfee269231bfc1dd0b6f590833b69da4b9ec21

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments