MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf2a44b6c4e5d851d5dacd0d0d34e98bd3051eed36c02f638df15aa96f74df78. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	bf2a44b6c4e5d851d5dacd0d0d34e98bd3051eed36c02f638df15aa96f74df78
SHA3-384 hash:	798c266b8c9b62e978aaecc957e1c08af38bac0d6b5fbef695a8c6d3e290f5b5dae7a9579d83b2bbeffdcf700e31458b
SHA1 hash:	a1aeb21a13297201c2c07615365f2b6f07ce77df
MD5 hash:	2debdbcc35f082c1d911364218a6065e
humanhash:	south-mountain-november-diet
File name:	w.sh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	918 bytes
First seen:	2025-08-23 06:14:21 UTC
Last seen:	2025-08-23 09:55:25 UTC
File type:	sh
MIME type:	text/plain
ssdeep	12:oL7CY+crNIl5040LKEK+OFo3jMAZTfeSOAXtTYARZ7Vn:7YRNI7eKj+IQjJT2lQtU+Dn
TLSH	T1681112CD1A72773645484F69B2668C489025ADD031D90F5EEE8E0CF6DDD9D107236E7C
Magika	txt
Reporter	abuse_ch
Tags:	mirai sh

Intelligence

---

File Origin

# of uploads :

2

# of downloads :

23

Origin country :

DE

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL

Alert

Create hunting rule

Sanesecurity.Malware.32160.LX.BOT.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Malicious

Verdict:

Malicious

Threat level:

  10/10

Confidence:

100%

Tags:

busybox evasive mirai

Link:

https://www.filescan.io/uploads/68a95c757137d6845838f1d5/reports/af2c6d49-062b-412f-9eec-0cea78c8ace0/overview

Kaspersky OpenTIP Unknown

Verdict:

Unknown

File Type:

text

Link:

https://opentip.kaspersky.com/bf2a44b6c4e5d851d5dacd0d0d34e98bd3051eed36c02f638df15aa96f74df78/results?tab=lookup

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/77fff948-ccf4-4661-9bf8-736a7eceedff

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/bf2a44b6c4e5d851d5dacd0d0d34e98bd3051eed36c02f638df15aa96f74df78

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bf2a44b6c4e5d851d5dacd0d0d34e98bd3051eed36c02f638df15aa96f74df78/

ReversingLabs TitaniumCloud Linux.Trojan.Alevaul

Threat name:

Linux.Trojan.Alevaul

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-08-23 06:15:57 UTC

File Type:

Text (Shell)

AV detection:

18 of 38 (47.37%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=x4vejnwe4xmfdvo2zugq2nhjrpjqkhxng3ac6y4n6fnks33u354a._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/250823-gzthsaaj6v/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/bf2a44b6c4e5d851d5dacd0d0d34e98bd3051eed36c02f638df15aa96f74df78