MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c68b49507c2830079831f2b5c26e0cf10384397065cceee3311e812f5e3221df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Medusa

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	c68b49507c2830079831f2b5c26e0cf10384397065cceee3311e812f5e3221df
SHA3-384 hash:	c230dc81a9d2a9c650c94b26edc3d153beca4c7182b53e992c453f624e0ceb520a45b1998903a34ff0e0f0ce3736a0ec
SHA1 hash:	f2f09bef5a6552214e38bc2c15e4498880fff91c
MD5 hash:	37133b1a2ac5aff21f7c3a4a14235a44
humanhash:	earth-salami-jig-beer
File name:	shs
Download:	download sample
Signature	Medusa Create hunting rule
File size:	4'570 bytes
First seen:	2024-11-08 07:32:47 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	96:/ZYcLaocE1X25FIAzaUg8xXERdXPjETF3:bTX25FIAzav8xXEzXPjETF3
TLSH	T1FF9103CC39611F324C13EF1CF76189A2E093D4A904A08FD974AD71BCB9BED86DA94947
Magika	shell
Reporter	abuse_ch
Tags:	Medusa sh

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Score:

92.5%

Link:

https://cyber-fortress.com/docs/result/index.php?id=672dc1f9a5bee3c9d42bb445linux22vpnfull_triage

Tags:

exploit agent hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/672dbeb65e56a0da881ef11d/reports/1bc0c5f4-d4b0-4a88-b24d-6facabeda86b/overview

Verdict:

Malicious

Labled as:

Linux.Medusa.C.Generic

Link:

https://www.hybrid-analysis.com/sample/c68b49507c2830079831f2b5c26e0cf10384397065cceee3311e812f5e3221df

Result

Verdict:

MALICIOUS

Score:

64%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/c68b49507c2830079831f2b5c26e0cf10384397065cceee3311e812f5e3221df

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c68b49507c2830079831f2b5c26e0cf10384397065cceee3311e812f5e3221df/

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2024-11-07 12:50:37 UTC

File Type:

Text (Shell)

AV detection:

18 of 38 (47.37%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=y2fusud4fayapgbr6k24e3qm6ebyiolqmxgo5yzrd2as6xrsehpq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/241108-jmjh6axpcv/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/c68b49507c2830079831f2b5c26e0cf10384397065cceee3311e812f5e3221df

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Medusa

sh c68b49507c2830079831f2b5c26e0cf10384397065cceee3311e812f5e3221df

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3281730/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample