MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0e5b153a573e7485399441a732086b4da1d72c101a4a9d6b0906f23f09d96bc0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0e5b153a573e7485399441a732086b4da1d72c101a4a9d6b0906f23f09d96bc0
SHA3-384 hash: 0c7f9aa27f2ca081b4ae0620452e43692e0e0cce90d4285049e67457eff364f92fdf2c1eb86932f7a8181844068d0b41
SHA1 hash: 595701ef86735adeacf38d25a973f8e531d93869
MD5 hash: 8f97a78877ba3064a4ac406871b91b2a
humanhash: twelve-grey-vermont-river
File name:be
Download: download sample
File size:482 bytes
First seen:2025-04-25 12:42:57 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:oSFnaqSrgnGST6MScYJSnNN6SsDNN69zSFnaA:ofq6x4WJcogzfA
TLSH T1B5F089DE3202A316C82AAD7CA067F988B837C9D516C21F472C8C1679D5CCE607C34AD5
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.188.82.240/ngmips3eae873cfc0e77ba60b0aedd75999fe5eab630ea57978d173f5939f5d5682940 Gafgytelf gafgyt geofenced mirai ua-wget USA
http://103.188.82.240/ngmpsl90eedf6f8a2582d2e20f22c3b65e285091f43e6d916b4cbdb436ca85c03250d6 Miraielf geofenced mirai ua-wget USA
http://103.188.82.240/arm7n/an/aelf geofenced mirai ua-wget USA
http://103.188.82.240/arm508d7b62f436fb2251390489b8010042899ced06292fe94f99d207ed38a413875 Miraielf geofenced mirai ua-wget USA
http://103.188.82.240/waaow_a_x86_bin_how_cool_is_that_YIPEEEn/an/aelf geofenced ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=680bafe83d067f84839948e0linux22vpnfull_triage
Tags:
phishing mirai
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/680b835d212716475faee643/reports/981958a2-d00c-4aa0-a2d2-2638040d5fa3/overview
Verdict:
Malicious
Labled as:
Linux.Medusa.D.Generic
Link:
https://www.hybrid-analysis.com/sample/0e5b153a573e7485399441a732086b4da1d72c101a4a9d6b0906f23f09d96bc0
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/0e5b153a573e7485399441a732086b4da1d72c101a4a9d6b0906f23f09d96bc0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0e5b153a573e7485399441a732086b4da1d72c101a4a9d6b0906f23f09d96bc0/
Threat name:
Linux.Trojan.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-04-25 15:43:15 UTC
File Type:
Text (Shell)
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bznrkosxhz2ikomuigttecdljwq5olaqdjfj22yja3zd6coznpaa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250425-s52bcsymv3/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/0e5b153a573e7485399441a732086b4da1d72c101a4a9d6b0906f23f09d96bc0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 0e5b153a573e7485399441a732086b4da1d72c101a4a9d6b0906f23f09d96bc0

(this sample)

Mirai

elf 1d19f1c237dd347fdab214d49246b665b45326f9bb238fbc98aaf1cbded16660

  
URLhaus
https://urlhaus.abuse.ch/url/3524645/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5ac75f5a2b4981ef71446dc3aab7ce03
  
Dropping
SHA256 1d19f1c237dd347fdab214d49246b665b45326f9bb238fbc98aaf1cbded16660

Comments