MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60ac549d814ada70e9097a69f70f3529a91b90c01c3ee02d2bda770c054c14e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Xorbot


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60ac549d814ada70e9097a69f70f3529a91b90c01c3ee02d2bda770c054c14e7
SHA3-384 hash: 630ab1e5e35e19c44094f5e9b341366f648da8ca30f0ad32ad1429e0135d7ad9b8a391cbdeac6302f70191bfcc819e84
SHA1 hash: 6b1e1c5342019f456f59212da2a1a2cd6917ae4d
MD5 hash: 8732b7413636548a4753e87e9bc2a364
humanhash: indigo-blossom-august-december
File name:.shell
Download: download sample
Signature Xorbot
Create hunting rule
File size:211 bytes
First seen:2025-03-13 02:06:42 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:lOnFflHMDoVLUDVlJoVLUDVHoVLUDVlM9Kd:KMnRlJRTRlM9Q
TLSH T114D0C9CA945159F099C0C9FD35E2B95064514299DCC18B158ADFBCE04848E8C3048E51
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://77.90.153.218/bins.sha6be12c3c8dd2355975f18dbeb450c1130df50f893548282b427c4933e1f15cf Xorbotsh ua-wget Xorbot

Intelligence

File Origin
# of uploads :
1
# of downloads :
138
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67d287e23962f1a6f470b6c1linux22vpnfull_triage
Tags:
trojan agent shell
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox evasive
Link:
https://www.filescan.io/uploads/67d23dd04a3011c802cefbfe/reports/8d3fba2c-e1db-47db-a91e-bc1fbe1143d8/overview
Verdict:
Malicious
Labled as:
Linux/TrojanDownloader.SH
Link:
https://www.hybrid-analysis.com/sample/60ac549d814ada70e9097a69f70f3529a91b90c01c3ee02d2bda770c054c14e7
Result
Verdict:
UNKNOWN
Score:
10%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/60ac549d814ada70e9097a69f70f3529a91b90c01c3ee02d2bda770c054c14e7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60ac549d814ada70e9097a69f70f3529a91b90c01c3ee02d2bda770c054c14e7/
Threat name:
Script.Trojan.Boxter
Create hunting rule
Status:
Malicious
First seen:
2025-03-13 00:39:35 UTC
File Type:
Text (Shell)
AV detection:
5 of 38 (13.16%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mcwfjhmbjlnhb2ijpju7odzvfgurxegadq7oaljl3j3qybkmcttq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250313-hqdxeazmv6/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/60ac549d814ada70e9097a69f70f3529a91b90c01c3ee02d2bda770c054c14e7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Xorbot

sh 60ac549d814ada70e9097a69f70f3529a91b90c01c3ee02d2bda770c054c14e7

(this sample)

Mirai

elf dd01a1365a9f35501e09e0144ed1d4d8b00dcf20aa66cf6dc186e94d7dbe4b47

Xorbot

sh a6be12c3c8dd2355975f18dbeb450c1130df50f893548282b427c4933e1f15cf

  
URLhaus
https://urlhaus.abuse.ch/url/3400388/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2d3354e4454c0aa1442c15ae4db570d7
  
Dropping
SHA256 a6be12c3c8dd2355975f18dbeb450c1130df50f893548282b427c4933e1f15cf

Comments