MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6c5dec1a36d92859c396afc2487fefe03adc5dccade6eb19c20220c32ac22d46. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	6c5dec1a36d92859c396afc2487fefe03adc5dccade6eb19c20220c32ac22d46
SHA3-384 hash:	f50c560aff14c39543b32ded76995a2e621acfb97cbe041af5801411161347e8c9e4b2ce144d72786f7fb6c53936b571
SHA1 hash:	861831616c13f370745853d5411d46ee0f0bc24a
MD5 hash:	b8b85a67ceed723d85fa53f037e3facd
humanhash:	happy-ack-solar-nuts
File name:	w.sh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	1'018 bytes
First seen:	2025-07-08 08:06:25 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:XQg3R53BNIqc30KxE3k3h3vU3F3L1xl3sv3Pg35HR:AgB5NcESE0xfU1DlcvYpx
TLSH	T17511EBCE2058E0A0062ECDD3311D4C2931099FE4E86C9FBC6CACD9F76799914F561F19
Magika	txt
Reporter	abuse_ch
Tags:	mirai sh

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

24

Origin country :

DE

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL

Alert

Create hunting rule

Sanesecurity.Malware.30762.LX.BOT.UNOFFICIAL

Alert

Create hunting rule

CyberFortress Malicious

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=686cd1c0900df8e7f86872b8linux22vpnfull_triage

Tags:

mirai ddos

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/686cd1c40737c4165a9434db/reports/57f2080f-fafb-49cf-834d-4a51cb83b325/overview

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/a8d86964-ab6c-460b-8ca1-77afa639b2bd

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/6c5dec1a36d92859c396afc2487fefe03adc5dccade6eb19c20220c32ac22d46

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6c5dec1a36d92859c396afc2487fefe03adc5dccade6eb19c20220c32ac22d46/

ReversingLabs TitaniumCloud Linux.Worm.Mirai

Threat name:

Linux.Worm.Mirai

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-07-06 20:34:16 UTC

File Type:

Text (Shell)

AV detection:

19 of 38 (50.00%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=nro6ygrw3euftq4wv7beq77p4a5nyxomvxtowgocaiqmgkwcfvda._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/250708-jz6jfsvwa1/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/6c5dec1a36d92859c396afc2487fefe03adc5dccade6eb19c20220c32ac22d46