MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 304d09035c2a6d68710fe95957548d7f1acd9bfe89423656ae63589f27096ede. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	304d09035c2a6d68710fe95957548d7f1acd9bfe89423656ae63589f27096ede
SHA3-384 hash:	383d63c29eea44c339f8afab6807eb47838af587a5ebdac821660bd6c4e40c1b863d21b1aecf5625477e297ae75c3456
SHA1 hash:	2211da0d92fea38dbf3bbd8891a374f3ead52b9d
MD5 hash:	501087e2b02db04a9d534dfcfd47d2c7
humanhash:	alpha-enemy-bluebird-mountain
File name:	irz
Download:	download sample
Signature	Mirai Create hunting rule
File size:	4'670 bytes
First seen:	2024-12-03 20:00:39 UTC
Last seen:	2024-12-04 05:35:35 UTC
File type:	sh
MIME type:	text/plain
ssdeep	96:1xHGaLIqceXXt5jOuzYGg2zX6lxXVtOTFv:Z/Xt5jOuzYN2zX6zXVtOTFv
TLSH	T10AA1B3D8BAD25F324D52DF18F32286D97062E4860460CF19A4EB70BCFDBEE4AE214547
Magika	shell
Reporter	abuse_ch
Tags:	HailCock HailCockBotnet mirai sh

Intelligence

File Origin

# of uploads :

2

# of downloads :

77

Origin country :

DE

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=674febb6bc8c6beb3075889clinux22vpnfull_triage

Tags:

agent hype sage

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug busybox expand lolbin remote

Link:

https://www.filescan.io/uploads/674f63821b2b810869e142ae/reports/4abdc892-02ba-4665-a8d4-4b51f0e0a40d/overview

Verdict:

Malicious

Labled as:

Linux.Medusa.C.Generic

Link:

https://www.hybrid-analysis.com/sample/304d09035c2a6d68710fe95957548d7f1acd9bfe89423656ae63589f27096ede

Score:

50%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/304d09035c2a6d68710fe95957548d7f1acd9bfe89423656ae63589f27096ede

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/304d09035c2a6d68710fe95957548d7f1acd9bfe89423656ae63589f27096ede/

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2024-12-03 20:02:01 UTC

File Type:

Text (Shell)

AV detection:

18 of 38 (47.37%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=gbgqsa24fjwwq4ip5fmvovenp4nm3g76rfbdmvvomnmj6jyjn3pa._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/304d09035c2a6d68710fe95957548d7f1acd9bfe89423656ae63589f27096ede

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 304d09035c2a6d68710fe95957548d7f1acd9bfe89423656ae63589f27096ede

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3192465/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3192436/

URLhaus

https://urlhaus.abuse.ch/url/3192475/

URLhaus

https://urlhaus.abuse.ch/url/3192476/

URLhaus

https://urlhaus.abuse.ch/url/3192459/

URLhaus

https://urlhaus.abuse.ch/url/3192484/

URLhaus

https://urlhaus.abuse.ch/url/3192457/

URLhaus

https://urlhaus.abuse.ch/url/3192478/

URLhaus

https://urlhaus.abuse.ch/url/3192463/

URLhaus

https://urlhaus.abuse.ch/url/3192458/

URLhaus

https://urlhaus.abuse.ch/url/3289070/

URLhaus

https://urlhaus.abuse.ch/url/3289073/

URLhaus

https://urlhaus.abuse.ch/url/3192471/

URLhaus

https://urlhaus.abuse.ch/url/3192456/

URLhaus

https://urlhaus.abuse.ch/url/3192472/

URLhaus

https://urlhaus.abuse.ch/url/3192477/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample