MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5aad2c9f1ff36d3d5a00cb585efbd0727814fe32440257acba6f6872e89a45ff. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	5aad2c9f1ff36d3d5a00cb585efbd0727814fe32440257acba6f6872e89a45ff
SHA3-384 hash:	e9b55943a95c5a362639991a667285b5697f4ec77dffeb18fe3e1d27c98af97f9a8b608cc6058aec7ff2dbbec2c38258
SHA1 hash:	19e08f328c277ceeab655629b5237c83a6ad8e52
MD5 hash:	d39b3e856188b33e71dc9a3ac4cd392f
humanhash:	wisconsin-solar-butter-april
File name:	multi
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	4'700 bytes
First seen:	2025-08-31 08:33:51 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	48:cUl95AX7TirqCCU/VkaWdWAimVgV/VYdAMPooQ/74tU2w:cUhTCU/VkOdMPoosv2w
TLSH	T1C0A1CAEFF56236D64D9CCE4BB1B1646C70A1C6CA264A8B94FF4C2C7D73E8904B014B66
Magika	txt
Reporter	abuse_ch
Tags:	mirai sh

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

30

Origin country :

DE

Vendor Threat Intelligence

Hybrid Analysis TrojanDownloader/Linux.Shell

Verdict:

Malicious

Labled as:

TrojanDownloader/Linux.Shell

Link:

https://www.hybrid-analysis.com/sample/5aad2c9f1ff36d3d5a00cb585efbd0727814fe32440257acba6f6872e89a45ff

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

unix shell

First seen:

2025-08-31T07:00:00Z UTC

Last seen:

2025-08-31T07:00:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/5aad2c9f1ff36d3d5a00cb585efbd0727814fe32440257acba6f6872e89a45ff/results?tab=lookup

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/e64b5a68-c967-4a8d-857f-2ca97e0ac0ef

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/5aad2c9f1ff36d3d5a00cb585efbd0727814fe32440257acba6f6872e89a45ff

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5aad2c9f1ff36d3d5a00cb585efbd0727814fe32440257acba6f6872e89a45ff/

ReversingLabs TitaniumCloud Linux.Trojan.Geninst

Threat name:

Linux.Trojan.Geninst

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-08-31 09:19:18 UTC

File Type:

Text (Shell)

AV detection:

17 of 36 (47.22%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lkwszhy76nwt2wqaznmf566qoj4bj7rsiqbfplf2n5uhf2e2ix7q._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/250831-pqdpzahk3s/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/5aad2c9f1ff36d3d5a00cb585efbd0727814fe32440257acba6f6872e89a45ff