MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9d1ab055be08d3344bb03be42fba162d3704e6d689651926b6f578531fecb154. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	9d1ab055be08d3344bb03be42fba162d3704e6d689651926b6f578531fecb154
SHA3-384 hash:	201262fb4ce833f4da63168c5e6a392a5e4902eed7f7bc55081db7d89511b826f80c634f76a71a84157641ec8945b5ac
SHA1 hash:	81d84a3b25d49a8fe3245831b0baf3f194fe02f7
MD5 hash:	a06a4d62b8dc13631f556986ad0a97a8
humanhash:	diet-mike-spaghetti-low
File name:	wget2.sh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	765 bytes
First seen:	2025-10-24 22:58:33 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	12:ARax2eR4+RhNIjlT3RqiKl2RIKp6SRT9214KFG103rLKb8PnpslaUv:iaxh4shNIpNHKl7q6gy+GpslaUv
TLSH	T1EB017DFF1026162D07158E45A0F948046127DBD39278DF5AA884E9335EE65653037F87
Magika	shell
Reporter	abuse_ch
Tags:	mirai sh

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

47

Origin country :

DE

Vendor Threat Intelligence

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/68fc04d6acdc0d13837eedc7/reports/4eda5c91-5fe5-4d7c-a7bd-2887db689acb/overview

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

ps1

First seen:

2025-10-24T20:52:00Z UTC

Last seen:

2025-10-24T21:47:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/9d1ab055be08d3344bb03be42fba162d3704e6d689651926b6f578531fecb154/results?tab=lookup

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/3892e07e-6924-4eb8-b2c7-7dc014ba3e32

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/9d1ab055be08d3344bb03be42fba162d3704e6d689651926b6f578531fecb154

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9d1ab055be08d3344bb03be42fba162d3704e6d689651926b6f578531fecb154/

ReversingLabs TitaniumCloud Document-HTML.Trojan.Egairtigado

Threat name:

Document-HTML.Trojan.Egairtigado

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-10-24 23:00:50 UTC

File Type:

Text (Shell)

AV detection:

13 of 24 (54.17%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tunlavn6bdjtis5qhpsc7oqwfu3qjzwwrfsrsjvw6v4fgh7mwfka._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/251024-2ymn3adx6c/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/9d1ab055be08d3344bb03be42fba162d3704e6d689651926b6f578531fecb154