MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 cbdcbafdb2650a0b30758cf20213ce31ee97e7181ac8b3cafad20301d8463ffd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Threat unknown
Vendor detections: 7
| SHA256 hash: | cbdcbafdb2650a0b30758cf20213ce31ee97e7181ac8b3cafad20301d8463ffd |
|---|---|
| SHA3-384 hash: | 4fa49116f24feac45410bc85aa60ad020313777787499addc772081be0f09db955afd59b637925b4f2bec8a0a87318f8 |
| SHA1 hash: | d0bf3c211064256be2764091c3bc262dbff18a8d |
| MD5 hash: | ac1413dd7c518736aba1c3b9b56126e1 |
| humanhash: | massachusetts-stream-crazy-lamp |
| File name: | huh |
| Download: | download sample |
| File size: | 3'150 bytes |
| First seen: | 2025-01-08 09:26:11 UTC |
| Last seen: | Never |
| File type: | sh |
| MIME type: | text/plain |
| ssdeep | 96:ncX6XecXvXQcXCX+cXiX+hcXBXwcXIXecXvXscXNXOcX2X2cXZXebRUTWIuNi8LQ:cqnfByHSOuxh4nfFd3mfpulfo |
| TLSH | T18851A9EA16810C762BD29D15F1E94944F644D1E229CF2EC8E4EC38F6A29DDC47580FBB |
| Magika | shell |
| Reporter |  abuse_ch |
| Tags: | sh |
Shell script dropper
This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.
| URL | Malware sample (SHA256 hash) | Signature | Tags |
|---|---|---|---|
| http://92.118.56.203/Pandoras_Box/pandora.x86 | n/a | n/a | n/a |
| http://92.118.56.203/Pandoras_Box/pandora.mips | n/a | n/a | n/a |
| http://92.118.56.203/Pandoras_Box/pandora.mpsl | n/a | n/a | n/a |
| http://92.118.56.203/Pandoras_Box/pandora.arm4 | n/a | n/a | n/a |
| http://92.118.56.203/Pandoras_Box/pandora.arm5 | n/a | n/a | n/a |
| http://92.118.56.203/Pandoras_Box/pandora.arm6 | n/a | n/a | n/a |
| http://92.118.56.203/Pandoras_Box/pandora.arm7 | n/a | n/a | n/a |
| http://92.118.56.203/Pandoras_Box/pandora.ppc | n/a | n/a | n/a |
| http://92.118.56.203/Pandoras_Box/pandora.m68k | n/a | n/a | n/a |
| http://92.118.56.203/Pandoras_Box/pandora.sh4 | n/a | n/a | n/a |
| http://surl.li/uxfecg | n/a | n/a | n/a |
| http://surl.li/omriqz | n/a | n/a | n/a |
| http://surl.li/mjnhkk | n/a | n/a | n/a |
| http://surl.li/knkycc | n/a | n/a | n/a |
| http://surl.li/igwcyk | n/a | n/a | n/a |
| http://surl.li/yhlung | n/a | n/a | n/a |
| http://surl.li/lidbdj | n/a | n/a | n/a |
| http://surl.li/wpnqty | n/a | n/a | n/a |
| http://surl.li/nqwnjq | n/a | n/a | n/a |
| http://surl.li/twrqah | n/a | n/a | n/a |
Intelligence
File Origin
# of uploads :
1
# of downloads :
87
Origin country :
DEVendor Threat Intelligence
Verdict:
Malicious
Score:
95.7%
Link:
Tags:
trojandownloader downloader agent
Verdict:
Malicious
Threat level:
10/10
Confidence:
100%
Tags:
anti-debug
Verdict:
Malicious
Labled as:
Linux.Medusa.C.Generic
Score:
76%
Verdict:
Malware
File Type:
SCRIPT
Threat name:
Linux.Downloader.Medusa
Status:
Malicious
First seen:
2025-01-08 10:05:30 UTC
File Type:
Text (Shell)
AV detection:
17 of 24 (70.83%)
Threat level:
3/5
Detection(s):
Suspicious file
Result
Malware family:
n/a
Score:
3/10
Tags:
discovery
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Web download
sh cbdcbafdb2650a0b30758cf20213ce31ee97e7181ac8b3cafad20301d8463ffd
(this sample)
Delivery method
Distributed via web download
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.