MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f0a09b60b46ea22b69eec2a47caf22345b2c01e9e42969c1a0d5f1cf227e7af7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f0a09b60b46ea22b69eec2a47caf22345b2c01e9e42969c1a0d5f1cf227e7af7
SHA3-384 hash: c24e72bffb33256e1ea296204a36ddc5d750ef80ce144f01f68b8e87e9ab85e3424554a21c60bb23130e5ae570670e4d
SHA1 hash: 21dec78b1a02c4b6114ca06601e76c5be7c4f175
MD5 hash: 12c7dc413a213a22f031fb30652e1e16
humanhash: wisconsin-ceiling-wyoming-nevada
File name:cat.sh
Download: download sample
File size:801 bytes
First seen:2026-04-11 23:08:47 UTC
Last seen:2026-05-15 06:53:04 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 24:jcBnKTlyORkOuzIzm8MUfSSlpqI9fne3mr:jiilyORkOWIzm8MUl0ypr
TLSH T14B01411B60F700912784707BCF4D760C30C9387B75518D7434403AB6BDCBC0804525A8
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
4
# of downloads :
46
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.BV.Downloader-AEH.51659297.UNOFFICIAL
Create hunting rule

Gathering data
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-04-11T20:33:00Z UTC
Last seen:
2026-04-12T00:28:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Link:
https://opentip.kaspersky.com/f0a09b60b46ea22b69eec2a47caf22345b2c01e9e42969c1a0d5f1cf227e7af7/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/461593a5-16b1-48fe-be84-846b7176f1ab
Behavior Graph:
Download SVG
%3 guuid=a9216bb7-1800-0000-5bc5-d34b9a0c0000 pid=3226 /usr/bin/sudo guuid=18f64dbb-1800-0000-5bc5-d34ba10c0000 pid=3233 /tmp/sample.bin guuid=a9216bb7-1800-0000-5bc5-d34b9a0c0000 pid=3226->guuid=18f64dbb-1800-0000-5bc5-d34ba10c0000 pid=3233 execve guuid=13a1a5bb-1800-0000-5bc5-d34ba30c0000 pid=3235 /usr/bin/uname guuid=18f64dbb-1800-0000-5bc5-d34ba10c0000 pid=3233->guuid=13a1a5bb-1800-0000-5bc5-d34ba30c0000 pid=3235 execve guuid=b41b93bc-1800-0000-5bc5-d34ba50c0000 pid=3237 /usr/bin/pgrep guuid=18f64dbb-1800-0000-5bc5-d34ba10c0000 pid=3233->guuid=b41b93bc-1800-0000-5bc5-d34ba50c0000 pid=3237 execve guuid=f1d58fc4-1800-0000-5bc5-d34bac0c0000 pid=3244 /usr/bin/pgrep guuid=18f64dbb-1800-0000-5bc5-d34ba10c0000 pid=3233->guuid=f1d58fc4-1800-0000-5bc5-d34bac0c0000 pid=3244 execve guuid=7badfdc7-1800-0000-5bc5-d34bb00c0000 pid=3248 /usr/bin/pgrep guuid=18f64dbb-1800-0000-5bc5-d34ba10c0000 pid=3233->guuid=7badfdc7-1800-0000-5bc5-d34bb00c0000 pid=3248 execve guuid=dc2062ca-1800-0000-5bc5-d34bb80c0000 pid=3256 /usr/bin/pgrep guuid=18f64dbb-1800-0000-5bc5-d34ba10c0000 pid=3233->guuid=dc2062ca-1800-0000-5bc5-d34bb80c0000 pid=3256 execve guuid=ebeebacd-1800-0000-5bc5-d34bbe0c0000 pid=3262 /usr/bin/pgrep guuid=18f64dbb-1800-0000-5bc5-d34ba10c0000 pid=3233->guuid=ebeebacd-1800-0000-5bc5-d34bbe0c0000 pid=3262 execve guuid=f3001ed0-1800-0000-5bc5-d34bc50c0000 pid=3269 /usr/bin/wget net send-data write-file guuid=18f64dbb-1800-0000-5bc5-d34ba10c0000 pid=3233->guuid=f3001ed0-1800-0000-5bc5-d34bc50c0000 pid=3269 execve guuid=3a2603d8-1800-0000-5bc5-d34bc70c0000 pid=3271 /usr/bin/chmod guuid=18f64dbb-1800-0000-5bc5-d34ba10c0000 pid=3233->guuid=3a2603d8-1800-0000-5bc5-d34bc70c0000 pid=3271 execve guuid=8c8b53d8-1800-0000-5bc5-d34bc80c0000 pid=3272 /tmp/x86_64 guuid=18f64dbb-1800-0000-5bc5-d34ba10c0000 pid=3233->guuid=8c8b53d8-1800-0000-5bc5-d34bc80c0000 pid=3272 execve guuid=a3e061d8-1800-0000-5bc5-d34bc90c0000 pid=3273 /usr/bin/rm guuid=18f64dbb-1800-0000-5bc5-d34ba10c0000 pid=3233->guuid=a3e061d8-1800-0000-5bc5-d34bc90c0000 pid=3273 execve 1f7f25c3-2411-58b9-b541-01a716880692 2.26.98.67:80 guuid=f3001ed0-1800-0000-5bc5-d34bc50c0000 pid=3269->1f7f25c3-2411-58b9-b541-01a716880692 send: 131B guuid=de8d81d8-1800-0000-5bc5-d34bca0c0000 pid=3274 /tmp/x86_64 net send-data zombie guuid=8c8b53d8-1800-0000-5bc5-d34bc80c0000 pid=3272->guuid=de8d81d8-1800-0000-5bc5-d34bca0c0000 pid=3274 clone 5e3627d3-1e32-5d0d-99a0-75765f7569fe 2.26.98.67:18129 guuid=de8d81d8-1800-0000-5bc5-d34bca0c0000 pid=3274->5e3627d3-1e32-5d0d-99a0-75765f7569fe send: 11B
Score:
94%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f0a09b60b46ea22b69eec2a47caf22345b2c01e9e42969c1a0d5f1cf227e7af7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f0a09b60b46ea22b69eec2a47caf22345b2c01e9e42969c1a0d5f1cf227e7af7/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/f0a09b60b46ea22b69eec2a47caf22345b2c01e9e42969c1a0d5f1cf227e7af7
Threat name:
Win32.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-04-11 23:09:42 UTC
File Type:
Text (Shell)
AV detection:
6 of 23 (26.09%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6cqjwyfun2rcw2poykshzlzcgrnsyapj4quwtqna2xy46it6pl3q._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/260411-25bv5sat9n/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Reads CPU attributes
Enumerates running processes
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/f0a09b60b46ea22b69eec2a47caf22345b2c01e9e42969c1a0d5f1cf227e7af7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh f0a09b60b46ea22b69eec2a47caf22345b2c01e9e42969c1a0d5f1cf227e7af7

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3816335/
  
Delivery method
Distributed via web download

Comments