MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 3d43bf7b4fd881617e2356ae9394e5cbff5efeddad68e10cc79803ab786e24cf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 8
| SHA256 hash: | 3d43bf7b4fd881617e2356ae9394e5cbff5efeddad68e10cc79803ab786e24cf |
|---|---|
| SHA3-384 hash: | 5423150557d5ae26ac3ffedda18d04be1775688cfb11f94a54f21b42bb5357eb71166b0e5afb6d26dc9ab4a7634b8af0 |
| SHA1 hash: | 0f27043308cd972e5b451ee9e2e5dd2fd3b8ad80 |
| MD5 hash: | ba17d06bf1332a0f5d20ebf600481b50 |
| humanhash: | sodium-mirror-oxygen-artist |
| File name: | huh.sh |
| Download: | download sample |
| File size: | 3'232 bytes |
| First seen: | 2025-01-05 07:46:50 UTC |
| Last seen: | Never |
| File type: | sh |
| MIME type: | text/plain |
| ssdeep | 96:UgfqwRgY+wRg9kwRgDuwRg+ewRgX0wRgk+wRgo5kwRghcwRg11kwRguqwRgsewR7:Sxik |
| TLSH | T1186190DBB835E6323DA34997B1F543087C568DC993E21E60D6DEED6CC68CC04E488EA1 |
| Magika | shell |
| Reporter |  abuse_ch |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://192.168.1.43/x0ox0ox0oxDefault/z0r0.x86 | n/a | n/a | n/a |
| http://192.168.1.43/x0ox0ox0oxDefault/z0r0.mips | n/a | n/a | n/a |
| http://192.168.1.43/x0ox0ox0oxDefault/z0r0.mpsl | n/a | n/a | n/a |
| http://192.168.1.43/x0ox0ox0oxDefault/z0r0.arm | n/a | n/a | n/a |
| http://192.168.1.43/x0ox0ox0oxDefault/z0r0.arm5 | n/a | n/a | n/a |
| http://192.168.1.43/x0ox0ox0oxDefault/z0r0.arm6 | n/a | n/a | n/a |
| http://192.168.1.43/x0ox0ox0oxDefault/z0r0.arm7 | n/a | n/a | n/a |
| http://192.168.1.43/x0ox0ox0oxDefault/z0r0.ppc | n/a | n/a | n/a |
| http://192.168.1.43/x0ox0ox0oxDefault/z0r0.m68k | n/a | n/a | n/a |
| http://192.168.1.43/x0ox0ox0oxDefault/z0r0.spc | n/a | n/a | n/a |
| http://192.168.1.43/x0ox0ox0oxDefault/z0r0.i686 | n/a | n/a | n/a |
| http://192.168.1.43/x0ox0ox0oxDefault/z0r0.sh4 | n/a | n/a | n/a |
| http://192.168.1.43/x0ox0ox0oxDefault/z0r0.arc | n/a | n/a | n/a |
Intelligence
File Origin
# of uploads :
1
# of downloads :
81
Origin country :
DEVendor Threat Intelligence
Verdict:
Malicious
Score:
92.5%
Link:
Tags:
medusa virus shell
Verdict:
Likely Malicious
Threat level:
7.5/10
Confidence:
100%
Result
Verdict:
MALICIOUS
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Threat name:
Script-Shell.Downloader.Medusa
Status:
Malicious
First seen:
2025-01-05 07:47:04 UTC
File Type:
Text (Shell)
AV detection:
11 of 23 (47.83%)
Threat level:
3/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
3/10
Tags:
discovery
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh 3d43bf7b4fd881617e2356ae9394e5cbff5efeddad68e10cc79803ab786e24cf
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.