MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 81dd5cc988d10607beab49bef837fb526eb279d3d7d0d95e990bb8db3114bcd9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	81dd5cc988d10607beab49bef837fb526eb279d3d7d0d95e990bb8db3114bcd9
SHA3-384 hash:	6a3e1fb038cada9288d403d124656383dbddb97cf98f04222395f370e253387e237b13df616e2da435d7d0fb0f6ee0c4
SHA1 hash:	bb3ed87bf7a3725c5eb52f87e1fe99e68dbb69b0
MD5 hash:	5c1405db80f06056e8206ef4ecc81af8
humanhash:	monkey-mars-winner-pluto
File name:	w.sh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	930 bytes
First seen:	2025-09-11 05:29:33 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:w3ZeL53ZeCY+E3ZerNIl5s3Ze40LKc3ZeK+OFw3Ze3jM43ZeZT93ZeeSO43ZeXto:HY6NI7fKW+I/j2T3lXt3ROn
TLSH	T10511A2CD77B162AAC848CD28A17584989134A9C0314C0F9E5DCD0CF7E9D9F157E66E7C
Magika	asm
Reporter	abuse_ch
Tags:	mirai sh

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

47

Origin country :

DE

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL

Alert

Create hunting rule

Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/68c25e9bc62f699623888186/reports/c0bc9910-6032-448a-baa6-ab788cfdc625/overview

Kaspersky OpenTIP Unknown

Verdict:

Unknown

File Type:

text

Link:

https://opentip.kaspersky.com/81dd5cc988d10607beab49bef837fb526eb279d3d7d0d95e990bb8db3114bcd9/results?tab=lookup

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/d59047c3-0e65-421c-9761-86177ff4944c

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/81dd5cc988d10607beab49bef837fb526eb279d3d7d0d95e990bb8db3114bcd9

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/81dd5cc988d10607beab49bef837fb526eb279d3d7d0d95e990bb8db3114bcd9/

ReversingLabs TitaniumCloud Linux.Trojan.Alevaul

Threat name:

Linux.Trojan.Alevaul

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-09-10 18:06:28 UTC

File Type:

Text (Shell)

AV detection:

18 of 38 (47.37%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qhovzsmi2edappvljg7pqn73kjxle6ot27insxuzbo4nwmiuxtmq._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/250911-f7nf3ayzcy/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/81dd5cc988d10607beab49bef837fb526eb279d3d7d0d95e990bb8db3114bcd9