MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fbe8234329cfc678ca2b51f78b3c6f7886d658b74274bc97c06bffa20cd6b2c7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Mirai

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	fbe8234329cfc678ca2b51f78b3c6f7886d658b74274bc97c06bffa20cd6b2c7
SHA3-384 hash:	50ac7fb412e3f3d6c03c21988ab26530c38565839bd2ffdc148c8bc4cddcde28dcd64d11b0414b750d23100683798cbd
SHA1 hash:	2a17d030d876ca855d734d7029a641808c4d31ed
MD5 hash:	0564f83ada149b63a8928ff7591389f3
humanhash:	comet-uniform-ohio-happy
File name:	test.sh
Download:	download sample
Signature	Mirai Create hunting rule
File size:	4'572 bytes
First seen:	2024-11-01 07:16:30 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	96:1xBAULSQc89O514QzKEgspIplvJVQhTFv:/jO514QzKfspITvJVQhTFv
TLSH	T1A69147BD3A610BB20D91EF1AF361C5A5A053E0D94498CF1875EDB0BCB5BFD46923098B
Magika	shell
Reporter	abuse_ch
Tags:	Hailbot HailCock HailCockBotnet mirai sh

Intelligence

File Origin

# of uploads :

1

# of downloads :

70

Origin country :

DE

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL

Verdict:

Malicious

Score:

94.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6724807349e92a05dde234aelinux22vpnfull_triage

Tags:

phishing trojan agent overt

Result

Verdict:

MALICIOUS

Score:

57%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/fbe8234329cfc678ca2b51f78b3c6f7886d658b74274bc97c06bffa20cd6b2c7

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fbe8234329cfc678ca2b51f78b3c6f7886d658b74274bc97c06bffa20cd6b2c7/

Threat name:

Linux.Downloader.Medusa

Status:

Malicious

First seen:

2024-11-01 07:17:04 UTC

File Type:

Text (Shell)

AV detection:

18 of 38 (47.37%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7pucgqzjz7dhrsrlkh3ywpdppcdnmwfxij2lzf6anp72edgwwldq._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/241101-h4cw9swqfv/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/fbe8234329cfc678ca2b51f78b3c6f7886d658b74274bc97c06bffa20cd6b2c7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh fbe8234329cfc678ca2b51f78b3c6f7886d658b74274bc97c06bffa20cd6b2c7

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3268690/

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/3268643/

URLhaus

https://urlhaus.abuse.ch/url/3192477/

URLhaus

https://urlhaus.abuse.ch/url/3192481/

URLhaus

https://urlhaus.abuse.ch/url/3268647/

URLhaus

https://urlhaus.abuse.ch/url/3192459/

URLhaus

https://urlhaus.abuse.ch/url/3192483/

URLhaus

https://urlhaus.abuse.ch/url/3268689/

URLhaus

https://urlhaus.abuse.ch/url/3192484/

URLhaus

https://urlhaus.abuse.ch/url/3268653/

URLhaus

https://urlhaus.abuse.ch/url/3268650/

URLhaus

https://urlhaus.abuse.ch/url/3192467/

URLhaus

https://urlhaus.abuse.ch/url/3268636/

URLhaus

https://urlhaus.abuse.ch/url/3192456/

URLhaus

https://urlhaus.abuse.ch/url/3192478/

URLhaus

https://urlhaus.abuse.ch/url/3268654/

URLhaus

https://urlhaus.abuse.ch/url/3267999/

URLhaus

https://urlhaus.abuse.ch/url/3268646/

URLhaus

https://urlhaus.abuse.ch/url/3268655/

URLhaus

https://urlhaus.abuse.ch/url/3192463/

URLhaus

https://urlhaus.abuse.ch/url/3192479/

URLhaus

https://urlhaus.abuse.ch/url/3268637/

URLhaus

https://urlhaus.abuse.ch/url/3268677/

URLhaus

https://urlhaus.abuse.ch/url/3192464/

URLhaus

https://urlhaus.abuse.ch/url/3192474/

URLhaus

https://urlhaus.abuse.ch/url/3192468/

URLhaus

https://urlhaus.abuse.ch/url/3268687/

URLhaus

https://urlhaus.abuse.ch/url/3268640/

URLhaus

https://urlhaus.abuse.ch/url/3268638/

URLhaus

https://urlhaus.abuse.ch/url/3192470/

URLhaus

https://urlhaus.abuse.ch/url/3192471/

URLhaus

https://urlhaus.abuse.ch/url/3192465/

URLhaus

https://urlhaus.abuse.ch/url/3268635/

URLhaus

https://urlhaus.abuse.ch/url/3267948/

URLhaus

https://urlhaus.abuse.ch/url/3268652/

URLhaus

https://urlhaus.abuse.ch/url/3268678/

URLhaus

https://urlhaus.abuse.ch/url/3268679/

URLhaus

https://urlhaus.abuse.ch/url/3192482/

URLhaus

https://urlhaus.abuse.ch/url/3268674/

URLhaus

https://urlhaus.abuse.ch/url/3192476/

URLhaus

https://urlhaus.abuse.ch/url/3192466/

URLhaus

https://urlhaus.abuse.ch/url/3192455/

URLhaus

https://urlhaus.abuse.ch/url/3268648/

URLhaus

https://urlhaus.abuse.ch/url/3268645/

URLhaus

https://urlhaus.abuse.ch/url/3192458/

URLhaus

https://urlhaus.abuse.ch/url/3192460/

URLhaus

https://urlhaus.abuse.ch/url/3268633/

URLhaus

https://urlhaus.abuse.ch/url/3192457/

URLhaus

https://urlhaus.abuse.ch/url/3268644/

URLhaus

https://urlhaus.abuse.ch/url/3192473/

URLhaus

https://urlhaus.abuse.ch/url/3192534/

URLhaus

https://urlhaus.abuse.ch/url/3192472/

URLhaus

https://urlhaus.abuse.ch/url/3268668/

URLhaus

https://urlhaus.abuse.ch/url/3268641/

URLhaus

https://urlhaus.abuse.ch/url/3268642/

URLhaus

https://urlhaus.abuse.ch/url/3192475/

URLhaus

https://urlhaus.abuse.ch/url/3192461/

URLhaus

https://urlhaus.abuse.ch/url/3268649/

URLhaus

https://urlhaus.abuse.ch/url/3192436/

URLhaus

https://urlhaus.abuse.ch/url/3192469/

URLhaus

https://urlhaus.abuse.ch/url/3192462/

URLhaus

https://urlhaus.abuse.ch/url/3268675/

URLhaus

https://urlhaus.abuse.ch/url/3268651/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample