MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb5c97557230a27460fdab01fafcfabeaa49590bafd5b6ef30501aa9e0a51142. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb5c97557230a27460fdab01fafcfabeaa49590bafd5b6ef30501aa9e0a51142
SHA3-384 hash: 931cc7c5c50180d58b13008c0116f53d324f85d28ce81258a7f782608a6e7bfa9048fc6310fe580e25dbc05837019116
SHA1 hash: 783b4019fc5b942a29846132d28441c8fc31bed8
MD5 hash: b06b126b9e26af03a7ef2f8b8e90d446
humanhash: washington-lake-montana-sierra
File name:cat.py
Download: download sample
File size:8'081 bytes
First seen:2026-05-21 07:41:47 UTC
Last seen:2026-05-21 07:46:14 UTC
File type:
MIME type:text/x-script.python
ssdeep 96:L2V79jNRLZ1e/MJUJga1wXn3J3WSOGb6eYPd3ZUPtW6i:La9LZ4/MJxKM3RW4bzGxZ0tvi
TLSH T125F18455ED466C11C6D2C579689B9093966BF8075E0A6838F8FC93341F4E03C82B9EBF
TrID 70.0% (.) Unix-like shebang (var.1) (gen) (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika python
Reporter 500mk500
Tags:py ShaiHulud


Avatar
500mk500
Refs:

https://www.stepsecurity.io/blog/nx-console-vs-code-extension-compromised
https://www.microsoft.com/en-us/security/blog/2026/05/20/mini-shai-hulud-compromised-antv-npm-packages-enable-ci-cd-credential-theft/

Intelligence

File Origin
# of uploads :
3
# of downloads :
15
Origin country :
UA UA
Vendor Threat Intelligence
No detections
Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6a0ef36b4159ce11f6024d0a
Tags:
n/a
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6a0ef366875badc3b3900ff6/reports/c0250364-9b87-4fe5-bb54-b5cdbecf5848/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/fb5c97557230a27460fdab01fafcfabeaa49590bafd5b6ef30501aa9e0a51142
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-05-20T11:08:00Z UTC
Last seen:
2026-05-20T11:20:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/fb5c97557230a27460fdab01fafcfabeaa49590bafd5b6ef30501aa9e0a51142/results?tab=lookup
Score:
21%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/fb5c97557230a27460fdab01fafcfabeaa49590bafd5b6ef30501aa9e0a51142
Gathering data
Threat name:
Script-Python.Backdoor.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-05-20 14:06:00 UTC
File Type:
Text (Python)
AV detection:
9 of 23 (39.13%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7nojovlsgcrhiyh5vma7v7h2x2veswilv7k3n3zqkanktyffcfba._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery execution linux
Link:
https://tria.ge/reports/260521-n5dsvaes31/
Behaviour
Command and Scripting Interpreter: Python
Command and Scripting Interpreter: Unix Shell
Reads runtime system information
System Network Configuration Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Base64_decoding
Create hunting rule
Author:iam-py-test
Description:Detect scripts which are decoding base64 encoded data (mainly Python, may apply to other languages)

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://x.com/patrickwardle/status/2057295568947277941

Comments