MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b8380e2cd7a2164e8efa0bac32eda97f8b81084e6ba90d44a59d357b9461b6af. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	b8380e2cd7a2164e8efa0bac32eda97f8b81084e6ba90d44a59d357b9461b6af
SHA3-384 hash:	e4851e3b1fb62ccb84a1a3a25e11bf63eec7b0aee2c002d26618ad442d1aee305deb3df6fcc75a10ee56bae37c001c54
SHA1 hash:	16c8fb41d83103a60e135f83abc55d79ffc84dc3
MD5 hash:	6f8a79918c78280aec401778564e3345
humanhash:	mobile-ten-sink-nevada
File name:	create.py
Download:	download sample
File size:	5'203 bytes
First seen:	2024-10-31 10:36:24 UTC
Last seen:	2024-10-31 17:00:57 UTC
File type:
MIME type:	text/plain
ssdeep	96:1u6dhu6U4DUOVpcv9p1YHQC5tgbp+EcrxstP:BkPp1YHQC5qbp+frxstP
TLSH	T176B177BA7A220BB20D64DF0AF361C4A5B053E1DA44589F0A35BD70BCBABFD55913094B
Magika	txt
Reporter	abuse_ch
Tags:	py

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67235dd48d23d90491323639linux22vpnfull_triage

Tags:

malware

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/67235dd26f9ec335191c9119/reports/bc99cd6f-0f54-4e9d-9d7f-b283207ecdb3/overview

Verdict:

Malicious

Labled as:

TrojanDownloader/Linux.Agent

Link:

https://www.hybrid-analysis.com/sample/b8380e2cd7a2164e8efa0bac32eda97f8b81084e6ba90d44a59d357b9461b6af

Result

Verdict:

UNKNOWN

Score:

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/b8380e2cd7a2164e8efa0bac32eda97f8b81084e6ba90d44a59d357b9461b6af

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/b8380e2cd7a2164e8efa0bac32eda97f8b81084e6ba90d44a59d357b9461b6af/

Threat name:

Script-Shell.Downloader.Heuristic

Status:

Malicious

First seen:

2024-10-31 10:37:04 UTC

File Type:

Text (Shell)

AV detection:

9 of 38 (23.68%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xa4a4lgxuile5dx2bowdf3njp6fyccconouq2rfftu2xxfdbw2xq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/241031-mntbjawgpf/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/b8380e2cd7a2164e8efa0bac32eda97f8b81084e6ba90d44a59d357b9461b6af

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

b8380e2cd7a2164e8efa0bac32eda97f8b81084e6ba90d44a59d357b9461b6af

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3192516/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3268688/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample