MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d1eccb213d13bed8f4c0ed2adbcbff8e9a1ce8a6f6306a3cbc7dad21d905ef0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	5d1eccb213d13bed8f4c0ed2adbcbff8e9a1ce8a6f6306a3cbc7dad21d905ef0
SHA3-384 hash:	1caf691225eed4cfe9abea7e40c9420c385ba37c00974f871fc9342ce368dd289de9e3d1f760477b794262e47ebbe0ce
SHA1 hash:	1812efde155c5466b67101111d62fc7379258fb0
MD5 hash:	d3f9f282a5a5e5e941875dca19a31b15
humanhash:	cold-floor-orange-coffee
File name:	x.sh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	2'204 bytes
First seen:	2026-04-18 04:24:53 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	48:vp2upZApKaOKaupiSpj+9pOYpNop5HQp8YpIypjcplopMp:vzQPrg9VgMjZyoO
TLSH	T17B41ACD9109553306CF6DD7272E79468718190E399CEBE84D4DC78EDC8DEE44B082B86
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	abuse_ch
Tags:	sh

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

47

Origin country :

DE

Vendor Threat Intelligence

ACCE Unknown

No detections

ClamAV Detected

Detection(s):

Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL

Alert

Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL

Alert

Create hunting rule

FileScan.io

Gathering data

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

unix shell

First seen:

2026-04-17T22:19:00Z UTC

Last seen:

2026-04-18T17:14:00Z UTC

Hits:

~10

Detections:

HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a

Link:

https://opentip.kaspersky.com/5d1eccb213d13bed8f4c0ed2adbcbff8e9a1ce8a6f6306a3cbc7dad21d905ef0/results?tab=lookup

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/174397b7-b9dd-4972-9792-f1371d5a6126

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/5d1eccb213d13bed8f4c0ed2adbcbff8e9a1ce8a6f6306a3cbc7dad21d905ef0

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/5d1eccb213d13bed8f4c0ed2adbcbff8e9a1ce8a6f6306a3cbc7dad21d905ef0/

Neiki Family.MIRAI

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/5d1eccb213d13bed8f4c0ed2adbcbff8e9a1ce8a6f6306a3cbc7dad21d905ef0

ReversingLabs TitaniumCloud Linux.Downloader.Morila

Threat name:

Linux.Downloader.Morila

Alert

Create hunting rule

Status:

Malicious

First seen:

2026-04-18 01:37:10 UTC

File Type:

Text (Shell)

AV detection:

17 of 24 (70.83%)

Threat level:

  3/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=lupmzmqt2e563d2mb3jk3pf77du2dtukn5rqni6ly7nnehmql3ya._file

Hatching Triage Suspicious

Result

Malware family:

n/a

Score:

  7/10

Tags:

antivm defense_evasion discovery linux

Link:

https://tria.ge/reports/260418-e2c8gagv8t/

Behaviour

Reads runtime system information

System Network Configuration Discovery

Writes file to tmp directory

Checks CPU configuration

Reads system network configuration

Reads system routing table

File and Directory Permissions Modification

Executes dropped EXE

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Malicious File

Threat name:

Malicious File

Score:

0.80

Link:

https://yomi.yoroi.company/submissions/5d1eccb213d13bed8f4c0ed2adbcbff8e9a1ce8a6f6306a3cbc7dad21d905ef0