MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 1d957b711a2616ca00a93c09fe15eaddcf8484ac2c2e4c758c750eef89fc988e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	1d957b711a2616ca00a93c09fe15eaddcf8484ac2c2e4c758c750eef89fc988e
SHA3-384 hash:	772276dcaa1ff5c903ce2eb3abb56e29836f19d5cea585994b64437572123d8d830ddb90972486758345074025565cd4
SHA1 hash:	6f5e520160f0279fa3eb2b4d71c26fec3d3cde20
MD5 hash:	1f841ed637e7e72ce28cac6050157299
humanhash:	illinois-equal-hamper-lithium
File name:	wget.sh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	1'256 bytes
First seen:	2025-10-04 13:41:16 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:0UvD6x+VUvDucArE+VUvDoNI+3BEA+VUvDxTKRiH+VUvDGNZIq+VUvDpQi+VUvDE:rNI6VKVN+WmcPJoA3Axn
TLSH	T195211BFF03115147841DCFC230AA4711978A82A3A4AC4BB9ABDE4C376E84EC5EC49E1F
Magika	csv
Reporter	abuse_ch
Tags:	sh

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

38

Origin country :

DE

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

SecuriteInfo.com.Shell.Downloader.Gen-1.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/68e124945a3bccf09eb7a65f/reports/f34d3ad8-3776-43c5-bf2e-5b4e293f3d1d/overview

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

text

First seen:

2025-10-04T13:10:00Z UTC

Last seen:

2025-10-04T15:50:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/1d957b711a2616ca00a93c09fe15eaddcf8484ac2c2e4c758c750eef89fc988e/results?tab=lookup

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/2da4fb33-61d2-4885-93a3-ac571140e99e

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/1d957b711a2616ca00a93c09fe15eaddcf8484ac2c2e4c758c750eef89fc988e

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/1d957b711a2616ca00a93c09fe15eaddcf8484ac2c2e4c758c750eef89fc988e/

ReversingLabs TitaniumCloud Document-HTML.Trojan.Egairtigado

Threat name:

Document-HTML.Trojan.Egairtigado

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-10-04 13:23:17 UTC

File Type:

Text (Shell)

AV detection:

18 of 38 (47.37%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dwkxw4i2eylmuafjhqe74fpk3xhyjbfmfqxey5mmouho7cp4tcha._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/251004-q1hx4sxrv3/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.