MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc74c261d81c630a79c9a793958f1d10a989e05d9e02d0748e994d41bcf26ebf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Xorbot

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	bc74c261d81c630a79c9a793958f1d10a989e05d9e02d0748e994d41bcf26ebf
SHA3-384 hash:	fc72a334265aa9adc9b7d4c3a18e5720b5e4b627584172393aee927c93afb3699d0d1ecba09eacb007e27fd4d3dea398
SHA1 hash:	369092a6613ce25732f44d1de0adb91abe3fb574
MD5 hash:	fdc76c40cabd02a720fbfe29ef9d4a2b
humanhash:	single-moon-orange-mars
File name:	.shell
Download:	download sample
Signature	Xorbot Create hunting rule
File size:	208 bytes
First seen:	2025-03-01 03:37:25 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	3:QnQzanFCKl2X4HMiqhKH39hKHPqRehKHsSLM9Kd:lOnFflHMfhI9hKh2M9Kd
TLSH	T173D0C9CA905354F29AC2CEBD35E1B410625361959CD06B648CCDBCD0408DE0D214CA8A
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://37.44.238.92/bins.sh	4e0b27339e784ecfec59332890bec0c7cd664b60416f61c9fef79d936e12d173	Xorbot	sh Xorbot

Intelligence

File Origin

# of uploads :

1

# of downloads :

114

Origin country :

DE

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

Verdict:

Malicious

Score:

95.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67c2ddf14e50050b2e6f4700linux22vpnfull_triage

Tags:

trojan mirai agent shell

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

busybox evasive

Link:

https://www.filescan.io/uploads/67c2812b4a3011c802c48dcc/reports/7e19e5df-6ced-4397-9696-1e2ee777f59b/overview

Verdict:

Malicious

Labled as:

Linux/TrojanDownloader.SH

Link:

https://www.hybrid-analysis.com/sample/bc74c261d81c630a79c9a793958f1d10a989e05d9e02d0748e994d41bcf26ebf

Result

Verdict:

UNKNOWN

Score:

13%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/bc74c261d81c630a79c9a793958f1d10a989e05d9e02d0748e994d41bcf26ebf

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bc74c261d81c630a79c9a793958f1d10a989e05d9e02d0748e994d41bcf26ebf/

Threat name:

Script.Trojan.Boxter

Status:

Malicious

First seen:

2025-03-01 07:23:45 UTC

File Type:

Text (Shell)

AV detection:

6 of 24 (25.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xr2meyoydrrqu6oju6jzldy5ccuytyc5tybna5eotfgudphsn27q._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/bc74c261d81c630a79c9a793958f1d10a989e05d9e02d0748e994d41bcf26ebf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh bc74c261d81c630a79c9a793958f1d10a989e05d9e02d0748e994d41bcf26ebf

(this sample)

elf dd01a1365a9f35501e09e0144ed1d4d8b00dcf20aa66cf6dc186e94d7dbe4b47

sh 4e0b27339e784ecfec59332890bec0c7cd664b60416f61c9fef79d936e12d173

URLhaus

https://urlhaus.abuse.ch/url/3432321/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3400388/

URLhaus

https://urlhaus.abuse.ch/url/3461946/

Dropping

MD5 fcba5a159c1d4a387e0b6d819ab82b13

Dropping

SHA256 4e0b27339e784ecfec59332890bec0c7cd664b60416f61c9fef79d936e12d173

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample