MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b4536fb2b282d634be632691690bb99eede7cd0306b9409c982d1880d418aee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	0b4536fb2b282d634be632691690bb99eede7cd0306b9409c982d1880d418aee
SHA3-384 hash:	5f2ec4cc68f83591563b5bfaec3342e25a8f9e1da67093ecffd84f8acf765fdbbdaefeb33cb99faa24d42f18eb721cab
SHA1 hash:	1ae32f8c2705c1d993f7d4af1ccac76c616a2845
MD5 hash:	45b5c4bff7499603a37d5a665b5b4ca3
humanhash:	solar-gee-harry-edward
File name:	weed
Download:	download sample
Signature	Mirai Create hunting rule
File size:	4'574 bytes
First seen:	2024-10-31 10:26:15 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	48:1tLU2BLU+mLUZRdLUyGLUSYqLUFDLUyOGBqgMKtLzg5g2Ng+UgZRhgy0gSYggFHX:1xBAULSQc89O514QzKEgspIplvRQhTFv
TLSH	T1119135BD3A610BB20D91EF1AF361C5A5A053E0D94498CF1875EDB0BCB5BFD46923098B
Magika	shell
Reporter	abuse_ch
Tags:	Hailbot HailCock HailCockBotnet mirai sh

Intelligence

File Origin

# of uploads :

1

# of downloads :

79

Origin country :

DE

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Score:

95.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=672481a68d23d90491326783linux22vpnfull_triage

Tags:

phishing trojan agent overt

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/67235b7ab9dd804e948d2a25/reports/dfa2a3ee-3d81-4dbb-8f88-67516e4d37a1/overview

Verdict:

Malicious

Labled as:

Linux.Medusa.C.Generic

Link:

https://www.hybrid-analysis.com/sample/0b4536fb2b282d634be632691690bb99eede7cd0306b9409c982d1880d418aee

Result

Verdict:

MALICIOUS

Score:

60%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/0b4536fb2b282d634be632691690bb99eede7cd0306b9409c982d1880d418aee

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0b4536fb2b282d634be632691690bb99eede7cd0306b9409c982d1880d418aee/

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2024-10-31 11:08:44 UTC

File Type:

Text (Shell)

AV detection:

18 of 38 (47.37%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bnctn6zlfawwgs7ggjurnef3thxn47gqgbvzicojqliyqdkbrlxa._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/0b4536fb2b282d634be632691690bb99eede7cd0306b9409c982d1880d418aee

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 0b4536fb2b282d634be632691690bb99eede7cd0306b9409c982d1880d418aee

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3192481/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3192466/

URLhaus

https://urlhaus.abuse.ch/url/3192484/

URLhaus

https://urlhaus.abuse.ch/url/3192471/

URLhaus

https://urlhaus.abuse.ch/url/3192483/

URLhaus

https://urlhaus.abuse.ch/url/3192534/

URLhaus

https://urlhaus.abuse.ch/url/3192460/

URLhaus

https://urlhaus.abuse.ch/url/3192475/

URLhaus

https://urlhaus.abuse.ch/url/3267948/

URLhaus

https://urlhaus.abuse.ch/url/3192456/

URLhaus

https://urlhaus.abuse.ch/url/3192465/

URLhaus

https://urlhaus.abuse.ch/url/3192461/

URLhaus

https://urlhaus.abuse.ch/url/3192458/

URLhaus

https://urlhaus.abuse.ch/url/3192436/

URLhaus

https://urlhaus.abuse.ch/url/3192472/

URLhaus

https://urlhaus.abuse.ch/url/3192476/

URLhaus

https://urlhaus.abuse.ch/url/3192463/

URLhaus

https://urlhaus.abuse.ch/url/3192467/

URLhaus

https://urlhaus.abuse.ch/url/3267999/

URLhaus

https://urlhaus.abuse.ch/url/3192469/

URLhaus

https://urlhaus.abuse.ch/url/3192455/

URLhaus

https://urlhaus.abuse.ch/url/3192479/

URLhaus

https://urlhaus.abuse.ch/url/3192473/

URLhaus

https://urlhaus.abuse.ch/url/3192477/

URLhaus

https://urlhaus.abuse.ch/url/3192482/

URLhaus

https://urlhaus.abuse.ch/url/3192470/

URLhaus

https://urlhaus.abuse.ch/url/3192468/

URLhaus

https://urlhaus.abuse.ch/url/3192464/

URLhaus

https://urlhaus.abuse.ch/url/3192459/

URLhaus

https://urlhaus.abuse.ch/url/3192474/

URLhaus

https://urlhaus.abuse.ch/url/3268633/

URLhaus

https://urlhaus.abuse.ch/url/3268635/

URLhaus

https://urlhaus.abuse.ch/url/3268637/

URLhaus

https://urlhaus.abuse.ch/url/3268636/

URLhaus

https://urlhaus.abuse.ch/url/3268638/

URLhaus

https://urlhaus.abuse.ch/url/3268645/

URLhaus

https://urlhaus.abuse.ch/url/3268641/

URLhaus

https://urlhaus.abuse.ch/url/3268640/

URLhaus

https://urlhaus.abuse.ch/url/3268644/

URLhaus

https://urlhaus.abuse.ch/url/3268646/

URLhaus

https://urlhaus.abuse.ch/url/3268643/

URLhaus

https://urlhaus.abuse.ch/url/3268642/

URLhaus

https://urlhaus.abuse.ch/url/3268647/

URLhaus

https://urlhaus.abuse.ch/url/3268648/

URLhaus

https://urlhaus.abuse.ch/url/3268649/

URLhaus

https://urlhaus.abuse.ch/url/3268650/

URLhaus

https://urlhaus.abuse.ch/url/3268653/

URLhaus

https://urlhaus.abuse.ch/url/3268651/

URLhaus

https://urlhaus.abuse.ch/url/3268652/

URLhaus

https://urlhaus.abuse.ch/url/3268654/

URLhaus

https://urlhaus.abuse.ch/url/3268655/

URLhaus

https://urlhaus.abuse.ch/url/3268668/

URLhaus

https://urlhaus.abuse.ch/url/3268674/

URLhaus

https://urlhaus.abuse.ch/url/3268675/

URLhaus

https://urlhaus.abuse.ch/url/3268677/

URLhaus

https://urlhaus.abuse.ch/url/3268678/

URLhaus

https://urlhaus.abuse.ch/url/3268679/

URLhaus

https://urlhaus.abuse.ch/url/3268687/

URLhaus

https://urlhaus.abuse.ch/url/3268689/

URLhaus

https://urlhaus.abuse.ch/url/3268690/

URLhaus

https://urlhaus.abuse.ch/url/3192478/

URLhaus

https://urlhaus.abuse.ch/url/3192462/

URLhaus

https://urlhaus.abuse.ch/url/3192457/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample