MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 c4740e23441ee28ea7661f8cab09e66a4e87bd28da2fa5ca19865505b825677e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	c4740e23441ee28ea7661f8cab09e66a4e87bd28da2fa5ca19865505b825677e
SHA3-384 hash:	d625b01385dd12133bf7e9704c02c76a182067580bd07676a420589d090894225d719523ed9f632506b600edeabedd3a
SHA1 hash:	06de3f99d2a5ddd957969f0b6350ad6c9bad0ce8
MD5 hash:	502c3b6a6965a947d2f77ae9cf5e40f3
humanhash:	papa-london-single-football
File name:	w.sh
Download:	download sample
Signature	Mirai Alert Create hunting rule
File size:	2'029 bytes
First seen:	2025-09-14 12:26:11 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	48:EtpmwCpRhLp4OwpmqXppaU4pDfWkpmw+p1FqppdvvpEq1peYxNp:EtpmwCpRhLp4OwpmqXppaU4pDftpmw+a
TLSH	T13141FFE625DA738DCE8E0C2D50456EB9148AFA8A3B0F4DACC28E207775C6D11A054EDB
Magika	txt
Reporter	abuse_ch
Tags:	sh

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

43

Origin country :

DE

Vendor Threat Intelligence

ClamAV Detected

Detection(s):

SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL

Alert

Create hunting rule

FileScan.IO Unknown

Verdict:

Unknown

Threat level:

  2.5/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/68c6bbd67328794829299d11/reports/b3a9a655-4a48-492d-a1e4-1ea87a9a0ac1/overview

Kaspersky OpenTIP Malicious

Verdict:

Malicious

File Type:

ps1

First seen:

2025-09-14T09:36:00Z UTC

Last seen:

2025-09-14T09:36:00Z UTC

Hits:

~10

Link:

https://opentip.kaspersky.com/c4740e23441ee28ea7661f8cab09e66a4e87bd28da2fa5ca19865505b825677e/results?tab=lookup

Kunai Sandbox

Status:

Failed

Link:

https://sandbox.kunai.rocks/analysis/a9b1aaf0-112e-4fbe-9063-d7ca85b248b0

Nucleon Malprob Malware

Score:

94%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/c4740e23441ee28ea7661f8cab09e66a4e87bd28da2fa5ca19865505b825677e

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/c4740e23441ee28ea7661f8cab09e66a4e87bd28da2fa5ca19865505b825677e/

ReversingLabs TitaniumCloud Linux.Trojan.Egairtigado

Threat name:

Linux.Trojan.Egairtigado

Alert

Create hunting rule

Status:

Malicious

First seen:

2025-09-14 13:04:31 UTC

File Type:

Text

AV detection:

15 of 38 (39.47%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=yr2a4i2ed3ri5j3gd6gkwcpgnjhippji3ix2lsqzqzkqlobfm57a._file

Hatching Triage Unknown

Result

Malware family:

n/a

Score:

  3/10

Tags:

n/a

Link:

https://tria.ge/reports/250914-p5yzfsaj91/

Behaviour

Modifies registry class

Suspicious use of SetWindowsHookEx

Enumerates physical storage devices

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/c4740e23441ee28ea7661f8cab09e66a4e87bd28da2fa5ca19865505b825677e