MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bb8b9e098beb52ab67f62f2e4b11ebda7753ac22ecfbbdb4d493447565b29d87. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bb8b9e098beb52ab67f62f2e4b11ebda7753ac22ecfbbdb4d493447565b29d87
SHA3-384 hash: f7beb0e19d4ef8bec33ca945600be8b7a7f6ca049d6a1ed0a3329a37044b4af613253ab8c3a3efe13daf362cdb47400c
SHA1 hash: b6621c4d7a4f12d9a3d5ed304b468bc89c93cb5f
MD5 hash: 3471e236d5ccefb91965e76971a94c9c
humanhash: emma-xray-purple-robin
File name:thinkphp
Download: download sample
File size:2'464 bytes
First seen:2025-05-08 10:27:01 UTC
Last seen:2025-05-08 15:54:55 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 48:vp/B/MB9p/Q/F9G9p/EO/Ejl9p/Z/Up9p/G/r69p/b/Gj9p/M/h49p/u/DK9p/VT:vFdMB9FKF9G9FJQl9FVUp9F0r69F7Gj7
TLSH T1F551DAD520D557386CFADB9A31E74848F0A194CB65CB6F02C4EC34E2C48EC946982BDA
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.141.210/main_x86n/an/an/a
http://176.65.141.210/main_mipsn/an/an/a
http://176.65.141.210/main_mpsln/an/an/a
http://176.65.141.210/main_armn/an/an/a
http://176.65.141.210/main_arm5n/an/an/a
http://176.65.141.210/main_arm6n/an/an/a
http://176.65.141.210/main_arm7n/an/an/a
http://176.65.141.210/main_ppcn/an/an/a
http://176.65.141.210/main_m68kn/an/an/a
http://176.65.141.210/main_spcn/an/an/a
http://176.65.141.210/main_i686n/an/an/a
http://176.65.141.210/main_sh4n/an/an/a
http://176.65.141.210/main_arcn/an/an/a

Intelligence

File Origin
# of uploads :
2
# of downloads :
76
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
89.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=681c87bd6c95617a27b5fb29linux22vpnfull_triage
Tags:
n/a
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/681c86fdd95f3e34e963f9f4/reports/2e2e0ad5-a51f-44ce-9eac-1e986c358cb3/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/bb8b9e098beb52ab67f62f2e4b11ebda7753ac22ecfbbdb4d493447565b29d87
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bb8b9e098beb52ab67f62f2e4b11ebda7753ac22ecfbbdb4d493447565b29d87/
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-05-08 10:27:13 UTC
File Type:
Text (Shell)
AV detection:
23 of 37 (62.16%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xofz4cml5njkwz7wf4xewepl3j3vhlbc5t533ngusnchkznstwdq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux
Link:
https://tria.ge/reports/250508-mg6naazzat/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/bb8b9e098beb52ab67f62f2e4b11ebda7753ac22ecfbbdb4d493447565b29d87

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh bb8b9e098beb52ab67f62f2e4b11ebda7753ac22ecfbbdb4d493447565b29d87

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3536423/
  
Delivery method
Distributed via web download

Comments