MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 2f02636d03d8016446a1df6bf3976255a99740b48ad838eb53eb1cdc083a0d3f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	2f02636d03d8016446a1df6bf3976255a99740b48ad838eb53eb1cdc083a0d3f
SHA3-384 hash:	fad4bd99cfaad8597b4026fd3a2b3d3278ece22a33bd66a7ddb5fa98029fb4a0ad6b4db018cf66657382eaef9baffd53
SHA1 hash:	18af3539ea65e4839db921eae18853530176d460
MD5 hash:	94a1e3c513bc6eef0fa18060e9d4d4a7
humanhash:	nitrogen-ack-football-leopard
File name:	and
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	3'736 bytes
First seen:	2025-07-10 06:02:56 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:RCwsW0MyRfmWLbETGNI6mvKXgN+lf2Qs4Mdm4QZfDLyhb7zWOYgG15bXIL7VvEED:gwsW7Wf32DN+7xBHA/BG15jI7h+o7L3
TLSH	T1FA7192FF2342682F4666DAE038918509A25469C3B8CC3374DBAC9532DDC1EDEBDC599C
Magika	shell
Reporter	abuse_ch
Tags:	sh

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

24

Origin country :

DE

Vendor Threat Intelligence

CyberFortress Malicious

Verdict:

Malicious

Score:

97.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=686f58a2c9eb9747376801f6linux22vpnfull_triage

Tags:

downloader ransomware trojan mirai

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

busybox

Link:

https://www.filescan.io/uploads/686f57a961f15fb42a37be86/reports/1eb071c6-e1bd-4380-baab-7f13e7fd53f1/overview

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/abd2cca7-69f5-4189-b299-582a08781963

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

97%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/2f02636d03d8016446a1df6bf3976255a99740b48ad838eb53eb1cdc083a0d3f

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/2f02636d03d8016446a1df6bf3976255a99740b48ad838eb53eb1cdc083a0d3f/

ReversingLabs TitaniumCloud Script-Shell.Worm.Mirai

Threat name:

Script-Shell.Worm.Mirai

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-07-10 06:07:19 UTC

File Type:

Text (Shell)

AV detection:

9 of 24 (37.50%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=f4bgg3id3aawirvb35v7hf3ckwuzoqfurlmdr22t5monycb2bu7q._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/250710-gvgy7ahm2t/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/2f02636d03d8016446a1df6bf3976255a99740b48ad838eb53eb1cdc083a0d3f