MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ccb8700d1da90ccbedc2a3826c7b51fa4af9b36e1c426aa7e0a137ae7aad60ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ccb8700d1da90ccbedc2a3826c7b51fa4af9b36e1c426aa7e0a137ae7aad60ce
SHA3-384 hash: 26888b277bb7daea3ed8abaeef020c1963018dc8bcb5831a7094802ef978a868de2acbc749534ae3ef1a7146473183e8
SHA1 hash: 152f698f66e063ebbc694a5759ff832e1a1768f4
MD5 hash: a797d5bfffc97ffd73a2b1d8dc6a0b9b
humanhash: lion-potato-yellow-october
File name:l
Download: download sample
File size:982 bytes
First seen:2025-03-17 08:01:47 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:ghYlX/5UZCjU0d4OvU3s8HU6NI+b5U1IKGlEii:a0yZCjje2efHvtIIZEii
TLSH T1D2114FEA0C441712F35BDE1E7135EB5AA045984E223B4F9CEDBC23795F859C8B201B2C
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://42.112.26.36/meowmips445620c74ab4d7f8dc3bdee1a98076ca80381616e9067d6f64823c01cc8f3080 Miraielf mirai
http://42.112.26.36/meowmpsl9f725587128c1eb840279db0ce8256f9cb8098b742f7f863addf18be610d4979 Miraielf mirai
http://42.112.26.36/meowarmaa80d4d64a986fb84c73b7d910c4d9642a2dc54f091fb8d9427fd5385ae39338 Miraielf mirai
http://42.112.26.36/meowarm55b228f994b7fe9ec41e8d1ff535aa7842bce3fc38b03a9009139a31e2077e7f5 Miraielf mirai
http://42.112.26.36/meowarm670871aedab0f9d4f5da309709738ed89fc6e0461457f2a3812c9a6d91ac73168 Miraielf mirai
http://42.112.26.36/meowarm7102f4f18240fe8ff5c57eb25a353446c3395f22e21a0dafe62a607fcc87f9d2f Miraielf mirai
http://42.112.26.36/meowsh4102f4f18240fe8ff5c57eb25a353446c3395f22e21a0dafe62a607fcc87f9d2f Miraielf
http://42.112.26.36/meowppc102f4f18240fe8ff5c57eb25a353446c3395f22e21a0dafe62a607fcc87f9d2f Miraielf

Intelligence

File Origin
# of uploads :
1
# of downloads :
89
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67d7e98a3962f1a6f47240cblinux22vpnfull_triage
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67d7d7010a7899f3579942f0/reports/37863d7b-7314-4707-b04c-51717444f135/overview
Result
Verdict:
MALICIOUS
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/ccb8700d1da90ccbedc2a3826c7b51fa4af9b36e1c426aa7e0a137ae7aad60ce
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ccb8700d1da90ccbedc2a3826c7b51fa4af9b36e1c426aa7e0a137ae7aad60ce/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-03-17 08:04:12 UTC
File Type:
Text (Shell)
AV detection:
10 of 22 (45.45%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zs4hadi5vegmx3ocuobgy62r7jfptm3odrbgvj7aue3246vnmdha._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250317-jybbxsvsex/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ccb8700d1da90ccbedc2a3826c7b51fa4af9b36e1c426aa7e0a137ae7aad60ce

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh ccb8700d1da90ccbedc2a3826c7b51fa4af9b36e1c426aa7e0a137ae7aad60ce

(this sample)

elf a0c1e96aa95437863bf63842c04e596f2a4971d138967a8f15bf1d2335677c68

  
URLhaus
https://urlhaus.abuse.ch/url/3469426/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3469413/
  
Dropping
MD5 25c22b509eb50f6c1345f5898d9fe937
  
Dropping
SHA256 a0c1e96aa95437863bf63842c04e596f2a4971d138967a8f15bf1d2335677c68

Comments