MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 068adfbbe938f346f821e1422a9f533a7bb542bcda433f4807a1a1cd44e39b9d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash: 068adfbbe938f346f821e1422a9f533a7bb542bcda433f4807a1a1cd44e39b9d
SHA3-384 hash: cbd14f7e63eb6ff48d338c6a4efe34b798281902489b6923da37f71563e251d502584580fb2571c2b7942bfb52fde50e
SHA1 hash: 5a6bd5492247a529a566bd9eaa5a38569cd374a5
MD5 hash: 6fae649b93d1438e4e4dc94ec67daaac
humanhash: mirror-oranges-thirteen-johnny
File name:p
Download: download sample
File size:834 bytes
First seen:2026-06-02 07:22:36 UTC
Last seen:2026-06-03 07:10:04 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 12:dOXOsYxcysE+vhCFN0zvy/RQvZowHkaSISjpIZ0sqIMbFIVpPIzUNauD:kXCKysE2hi0ziQvZohaShl/hFKz7
TLSH T15101C2CBC006DB608186F45D22DBA2C47820C3CB26824BE4BF9D443DDFA964CB065F94
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://188.132.232.81/lyjRn/an/aelf ua-wget
http://188.132.232.81/y0Hcn/an/aelf ua-wget
http://188.132.232.81/WbJn/an/aelf ua-wget
http://188.132.232.81/4pjn/an/aelf ua-wget
http://188.132.232.81/OW7an/an/aelf ua-wget

Intelligence


File Origin
# of uploads :
4
# of downloads :
59
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-06-02T04:43:00Z UTC
Last seen:
2026-06-03T19:31:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Status:
terminated
Behavior Graph:
%3 guuid=696a2bdb-1900-0000-20e5-a89a0e0e0000 pid=3598 /usr/bin/sudo guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604 /tmp/sample.bin write-file guuid=696a2bdb-1900-0000-20e5-a89a0e0e0000 pid=3598->guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604 execve guuid=33b40fde-1900-0000-20e5-a89a150e0000 pid=3605 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=33b40fde-1900-0000-20e5-a89a150e0000 pid=3605 execve guuid=b6e399de-1900-0000-20e5-a89a170e0000 pid=3607 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=b6e399de-1900-0000-20e5-a89a170e0000 pid=3607 execve guuid=98d815df-1900-0000-20e5-a89a190e0000 pid=3609 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=98d815df-1900-0000-20e5-a89a190e0000 pid=3609 execve guuid=33838bdf-1900-0000-20e5-a89a1c0e0000 pid=3612 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=33838bdf-1900-0000-20e5-a89a1c0e0000 pid=3612 execve guuid=a9adeddf-1900-0000-20e5-a89a1e0e0000 pid=3614 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=a9adeddf-1900-0000-20e5-a89a1e0e0000 pid=3614 execve guuid=b75e92e0-1900-0000-20e5-a89a200e0000 pid=3616 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=b75e92e0-1900-0000-20e5-a89a200e0000 pid=3616 execve guuid=0f8007e1-1900-0000-20e5-a89a220e0000 pid=3618 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=0f8007e1-1900-0000-20e5-a89a220e0000 pid=3618 execve guuid=b91d83e1-1900-0000-20e5-a89a240e0000 pid=3620 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=b91d83e1-1900-0000-20e5-a89a240e0000 pid=3620 execve guuid=d74f04e2-1900-0000-20e5-a89a260e0000 pid=3622 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=d74f04e2-1900-0000-20e5-a89a260e0000 pid=3622 execve guuid=da4a9ae2-1900-0000-20e5-a89a290e0000 pid=3625 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=da4a9ae2-1900-0000-20e5-a89a290e0000 pid=3625 execve guuid=4fc742e3-1900-0000-20e5-a89a2b0e0000 pid=3627 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=4fc742e3-1900-0000-20e5-a89a2b0e0000 pid=3627 execve guuid=bd48ece3-1900-0000-20e5-a89a2c0e0000 pid=3628 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=bd48ece3-1900-0000-20e5-a89a2c0e0000 pid=3628 execve guuid=386d95e4-1900-0000-20e5-a89a2e0e0000 pid=3630 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=386d95e4-1900-0000-20e5-a89a2e0e0000 pid=3630 execve guuid=7b2c2de5-1900-0000-20e5-a89a300e0000 pid=3632 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=7b2c2de5-1900-0000-20e5-a89a300e0000 pid=3632 execve guuid=e1e626e6-1900-0000-20e5-a89a320e0000 pid=3634 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=e1e626e6-1900-0000-20e5-a89a320e0000 pid=3634 execve guuid=3d606de7-1900-0000-20e5-a89a360e0000 pid=3638 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=3d606de7-1900-0000-20e5-a89a360e0000 pid=3638 execve guuid=f2c60fe8-1900-0000-20e5-a89a380e0000 pid=3640 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=f2c60fe8-1900-0000-20e5-a89a380e0000 pid=3640 execve guuid=3cf0f6e8-1900-0000-20e5-a89a3a0e0000 pid=3642 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=3cf0f6e8-1900-0000-20e5-a89a3a0e0000 pid=3642 execve guuid=9adc8ce9-1900-0000-20e5-a89a3c0e0000 pid=3644 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=9adc8ce9-1900-0000-20e5-a89a3c0e0000 pid=3644 execve guuid=c7f7c7ea-1900-0000-20e5-a89a3f0e0000 pid=3647 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=c7f7c7ea-1900-0000-20e5-a89a3f0e0000 pid=3647 execve guuid=3134c8eb-1900-0000-20e5-a89a430e0000 pid=3651 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=3134c8eb-1900-0000-20e5-a89a430e0000 pid=3651 execve guuid=0aae9dec-1900-0000-20e5-a89a440e0000 pid=3652 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=0aae9dec-1900-0000-20e5-a89a440e0000 pid=3652 execve guuid=c64af6ee-1900-0000-20e5-a89a480e0000 pid=3656 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=c64af6ee-1900-0000-20e5-a89a480e0000 pid=3656 execve guuid=5e23f9ef-1900-0000-20e5-a89a4c0e0000 pid=3660 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=5e23f9ef-1900-0000-20e5-a89a4c0e0000 pid=3660 execve guuid=258785f0-1900-0000-20e5-a89a4d0e0000 pid=3661 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=258785f0-1900-0000-20e5-a89a4d0e0000 pid=3661 execve guuid=650747f1-1900-0000-20e5-a89a4e0e0000 pid=3662 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=650747f1-1900-0000-20e5-a89a4e0e0000 pid=3662 execve guuid=9c9401f2-1900-0000-20e5-a89a520e0000 pid=3666 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=9c9401f2-1900-0000-20e5-a89a520e0000 pid=3666 execve guuid=3be2adf2-1900-0000-20e5-a89a560e0000 pid=3670 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=3be2adf2-1900-0000-20e5-a89a560e0000 pid=3670 execve guuid=f7a971f3-1900-0000-20e5-a89a580e0000 pid=3672 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=f7a971f3-1900-0000-20e5-a89a580e0000 pid=3672 execve guuid=58d521f4-1900-0000-20e5-a89a5a0e0000 pid=3674 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=58d521f4-1900-0000-20e5-a89a5a0e0000 pid=3674 execve guuid=3752d5f4-1900-0000-20e5-a89a5d0e0000 pid=3677 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=3752d5f4-1900-0000-20e5-a89a5d0e0000 pid=3677 execve guuid=0e588ef5-1900-0000-20e5-a89a5f0e0000 pid=3679 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=0e588ef5-1900-0000-20e5-a89a5f0e0000 pid=3679 execve guuid=01de46f6-1900-0000-20e5-a89a620e0000 pid=3682 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=01de46f6-1900-0000-20e5-a89a620e0000 pid=3682 execve guuid=56c9ddf6-1900-0000-20e5-a89a640e0000 pid=3684 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=56c9ddf6-1900-0000-20e5-a89a640e0000 pid=3684 execve guuid=8522a7f7-1900-0000-20e5-a89a650e0000 pid=3685 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=8522a7f7-1900-0000-20e5-a89a650e0000 pid=3685 execve guuid=525d90f8-1900-0000-20e5-a89a660e0000 pid=3686 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=525d90f8-1900-0000-20e5-a89a660e0000 pid=3686 execve guuid=eb804bf9-1900-0000-20e5-a89a6a0e0000 pid=3690 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=eb804bf9-1900-0000-20e5-a89a6a0e0000 pid=3690 execve guuid=bdf815fa-1900-0000-20e5-a89a6e0e0000 pid=3694 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=bdf815fa-1900-0000-20e5-a89a6e0e0000 pid=3694 execve guuid=ace8affa-1900-0000-20e5-a89a700e0000 pid=3696 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=ace8affa-1900-0000-20e5-a89a700e0000 pid=3696 execve guuid=b2c75bfb-1900-0000-20e5-a89a730e0000 pid=3699 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=b2c75bfb-1900-0000-20e5-a89a730e0000 pid=3699 execve guuid=2ca707fc-1900-0000-20e5-a89a760e0000 pid=3702 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=2ca707fc-1900-0000-20e5-a89a760e0000 pid=3702 execve guuid=50b89efc-1900-0000-20e5-a89a780e0000 pid=3704 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=50b89efc-1900-0000-20e5-a89a780e0000 pid=3704 execve guuid=073b53fd-1900-0000-20e5-a89a7a0e0000 pid=3706 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=073b53fd-1900-0000-20e5-a89a7a0e0000 pid=3706 execve guuid=f391f8fd-1900-0000-20e5-a89a7c0e0000 pid=3708 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=f391f8fd-1900-0000-20e5-a89a7c0e0000 pid=3708 execve guuid=9ecfb4fe-1900-0000-20e5-a89a800e0000 pid=3712 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=9ecfb4fe-1900-0000-20e5-a89a800e0000 pid=3712 execve guuid=0bad7cff-1900-0000-20e5-a89a840e0000 pid=3716 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=0bad7cff-1900-0000-20e5-a89a840e0000 pid=3716 execve guuid=1ad62f00-1a00-0000-20e5-a89a870e0000 pid=3719 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=1ad62f00-1a00-0000-20e5-a89a870e0000 pid=3719 execve guuid=bc1bd600-1a00-0000-20e5-a89a8a0e0000 pid=3722 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=bc1bd600-1a00-0000-20e5-a89a8a0e0000 pid=3722 execve guuid=33286501-1a00-0000-20e5-a89a8c0e0000 pid=3724 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=33286501-1a00-0000-20e5-a89a8c0e0000 pid=3724 execve guuid=029ade01-1a00-0000-20e5-a89a8e0e0000 pid=3726 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=029ade01-1a00-0000-20e5-a89a8e0e0000 pid=3726 execve guuid=dcc54b02-1a00-0000-20e5-a89a8f0e0000 pid=3727 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=dcc54b02-1a00-0000-20e5-a89a8f0e0000 pid=3727 execve guuid=f111d102-1a00-0000-20e5-a89a900e0000 pid=3728 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=f111d102-1a00-0000-20e5-a89a900e0000 pid=3728 execve guuid=a47e6403-1a00-0000-20e5-a89a910e0000 pid=3729 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=a47e6403-1a00-0000-20e5-a89a910e0000 pid=3729 execve guuid=ffe9e903-1a00-0000-20e5-a89a920e0000 pid=3730 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=ffe9e903-1a00-0000-20e5-a89a920e0000 pid=3730 execve guuid=51947504-1a00-0000-20e5-a89a930e0000 pid=3731 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=51947504-1a00-0000-20e5-a89a930e0000 pid=3731 execve guuid=de2c2b05-1a00-0000-20e5-a89a940e0000 pid=3732 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=de2c2b05-1a00-0000-20e5-a89a940e0000 pid=3732 execve guuid=7d25ee05-1a00-0000-20e5-a89a950e0000 pid=3733 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=7d25ee05-1a00-0000-20e5-a89a950e0000 pid=3733 execve guuid=b299d206-1a00-0000-20e5-a89a960e0000 pid=3734 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=b299d206-1a00-0000-20e5-a89a960e0000 pid=3734 execve guuid=10947807-1a00-0000-20e5-a89a970e0000 pid=3735 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=10947807-1a00-0000-20e5-a89a970e0000 pid=3735 execve guuid=27b10708-1a00-0000-20e5-a89a980e0000 pid=3736 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=27b10708-1a00-0000-20e5-a89a980e0000 pid=3736 execve guuid=68f8d608-1a00-0000-20e5-a89a990e0000 pid=3737 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=68f8d608-1a00-0000-20e5-a89a990e0000 pid=3737 execve guuid=bd16bb09-1a00-0000-20e5-a89a9a0e0000 pid=3738 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=bd16bb09-1a00-0000-20e5-a89a9a0e0000 pid=3738 execve guuid=b4b5410a-1a00-0000-20e5-a89a9b0e0000 pid=3739 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=b4b5410a-1a00-0000-20e5-a89a9b0e0000 pid=3739 execve guuid=a5e2d10a-1a00-0000-20e5-a89a9c0e0000 pid=3740 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=a5e2d10a-1a00-0000-20e5-a89a9c0e0000 pid=3740 execve guuid=3772540b-1a00-0000-20e5-a89a9d0e0000 pid=3741 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=3772540b-1a00-0000-20e5-a89a9d0e0000 pid=3741 execve guuid=69c3d70b-1a00-0000-20e5-a89a9e0e0000 pid=3742 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=69c3d70b-1a00-0000-20e5-a89a9e0e0000 pid=3742 execve guuid=16ba5a0c-1a00-0000-20e5-a89a9f0e0000 pid=3743 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=16ba5a0c-1a00-0000-20e5-a89a9f0e0000 pid=3743 execve guuid=26d6dc0c-1a00-0000-20e5-a89aa00e0000 pid=3744 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=26d6dc0c-1a00-0000-20e5-a89aa00e0000 pid=3744 execve guuid=8bc0550d-1a00-0000-20e5-a89aa10e0000 pid=3745 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=8bc0550d-1a00-0000-20e5-a89aa10e0000 pid=3745 execve guuid=305c800e-1a00-0000-20e5-a89aa20e0000 pid=3746 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=305c800e-1a00-0000-20e5-a89aa20e0000 pid=3746 execve guuid=6ddc210f-1a00-0000-20e5-a89aa30e0000 pid=3747 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=6ddc210f-1a00-0000-20e5-a89aa30e0000 pid=3747 execve guuid=a88a0810-1a00-0000-20e5-a89aa40e0000 pid=3748 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=a88a0810-1a00-0000-20e5-a89aa40e0000 pid=3748 execve guuid=94d8ab10-1a00-0000-20e5-a89aa50e0000 pid=3749 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=94d8ab10-1a00-0000-20e5-a89aa50e0000 pid=3749 execve guuid=360b9111-1a00-0000-20e5-a89aa60e0000 pid=3750 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=360b9111-1a00-0000-20e5-a89aa60e0000 pid=3750 execve guuid=435f7812-1a00-0000-20e5-a89aa70e0000 pid=3751 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=435f7812-1a00-0000-20e5-a89aa70e0000 pid=3751 execve guuid=703f4f13-1a00-0000-20e5-a89aa80e0000 pid=3752 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=703f4f13-1a00-0000-20e5-a89aa80e0000 pid=3752 execve guuid=2ad6fb13-1a00-0000-20e5-a89aac0e0000 pid=3756 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=2ad6fb13-1a00-0000-20e5-a89aac0e0000 pid=3756 execve guuid=3f7e9d14-1a00-0000-20e5-a89aaf0e0000 pid=3759 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=3f7e9d14-1a00-0000-20e5-a89aaf0e0000 pid=3759 execve guuid=695e4715-1a00-0000-20e5-a89ab20e0000 pid=3762 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=695e4715-1a00-0000-20e5-a89ab20e0000 pid=3762 execve guuid=530ff715-1a00-0000-20e5-a89ab40e0000 pid=3764 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=530ff715-1a00-0000-20e5-a89ab40e0000 pid=3764 execve guuid=53b7c216-1a00-0000-20e5-a89ab70e0000 pid=3767 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=53b7c216-1a00-0000-20e5-a89ab70e0000 pid=3767 execve guuid=d93f6f17-1a00-0000-20e5-a89aba0e0000 pid=3770 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=d93f6f17-1a00-0000-20e5-a89aba0e0000 pid=3770 execve guuid=9ebc1818-1a00-0000-20e5-a89abb0e0000 pid=3771 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=9ebc1818-1a00-0000-20e5-a89abb0e0000 pid=3771 execve guuid=ff9fd218-1a00-0000-20e5-a89abc0e0000 pid=3772 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=ff9fd218-1a00-0000-20e5-a89abc0e0000 pid=3772 execve guuid=d7649419-1a00-0000-20e5-a89abd0e0000 pid=3773 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=d7649419-1a00-0000-20e5-a89abd0e0000 pid=3773 execve guuid=deb1891a-1a00-0000-20e5-a89abe0e0000 pid=3774 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=deb1891a-1a00-0000-20e5-a89abe0e0000 pid=3774 execve guuid=7504601b-1a00-0000-20e5-a89abf0e0000 pid=3775 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=7504601b-1a00-0000-20e5-a89abf0e0000 pid=3775 execve guuid=632d361c-1a00-0000-20e5-a89ac00e0000 pid=3776 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=632d361c-1a00-0000-20e5-a89ac00e0000 pid=3776 execve guuid=83ca131d-1a00-0000-20e5-a89ac20e0000 pid=3778 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=83ca131d-1a00-0000-20e5-a89ac20e0000 pid=3778 execve guuid=a3937d1d-1a00-0000-20e5-a89ac50e0000 pid=3781 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=a3937d1d-1a00-0000-20e5-a89ac50e0000 pid=3781 execve guuid=cd7d701e-1a00-0000-20e5-a89ac80e0000 pid=3784 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=cd7d701e-1a00-0000-20e5-a89ac80e0000 pid=3784 execve guuid=f629e31e-1a00-0000-20e5-a89aca0e0000 pid=3786 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=f629e31e-1a00-0000-20e5-a89aca0e0000 pid=3786 execve guuid=649a861f-1a00-0000-20e5-a89acc0e0000 pid=3788 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=649a861f-1a00-0000-20e5-a89acc0e0000 pid=3788 execve guuid=68cd1d20-1a00-0000-20e5-a89acf0e0000 pid=3791 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=68cd1d20-1a00-0000-20e5-a89acf0e0000 pid=3791 execve guuid=f06dbf20-1a00-0000-20e5-a89ad10e0000 pid=3793 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=f06dbf20-1a00-0000-20e5-a89ad10e0000 pid=3793 execve guuid=5a796621-1a00-0000-20e5-a89ad40e0000 pid=3796 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=5a796621-1a00-0000-20e5-a89ad40e0000 pid=3796 execve guuid=c5041722-1a00-0000-20e5-a89ad60e0000 pid=3798 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=c5041722-1a00-0000-20e5-a89ad60e0000 pid=3798 execve guuid=024ac222-1a00-0000-20e5-a89ad80e0000 pid=3800 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=024ac222-1a00-0000-20e5-a89ad80e0000 pid=3800 execve guuid=cb7b9023-1a00-0000-20e5-a89ada0e0000 pid=3802 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=cb7b9023-1a00-0000-20e5-a89ada0e0000 pid=3802 execve guuid=8a623924-1a00-0000-20e5-a89add0e0000 pid=3805 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=8a623924-1a00-0000-20e5-a89add0e0000 pid=3805 execve guuid=f4d4b424-1a00-0000-20e5-a89ae00e0000 pid=3808 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=f4d4b424-1a00-0000-20e5-a89ae00e0000 pid=3808 execve guuid=7fb04825-1a00-0000-20e5-a89ae50e0000 pid=3813 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=7fb04825-1a00-0000-20e5-a89ae50e0000 pid=3813 execve guuid=06e5fb25-1a00-0000-20e5-a89ae60e0000 pid=3814 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=06e5fb25-1a00-0000-20e5-a89ae60e0000 pid=3814 execve guuid=b9d6cf26-1a00-0000-20e5-a89aea0e0000 pid=3818 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=b9d6cf26-1a00-0000-20e5-a89aea0e0000 pid=3818 execve guuid=10c38927-1a00-0000-20e5-a89aee0e0000 pid=3822 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=10c38927-1a00-0000-20e5-a89aee0e0000 pid=3822 execve guuid=9de82328-1a00-0000-20e5-a89af20e0000 pid=3826 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=9de82328-1a00-0000-20e5-a89af20e0000 pid=3826 execve guuid=b0609928-1a00-0000-20e5-a89af60e0000 pid=3830 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=b0609928-1a00-0000-20e5-a89af60e0000 pid=3830 execve guuid=0f0f3d29-1a00-0000-20e5-a89af90e0000 pid=3833 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=0f0f3d29-1a00-0000-20e5-a89af90e0000 pid=3833 execve guuid=c2a8da29-1a00-0000-20e5-a89a000f0000 pid=3840 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=c2a8da29-1a00-0000-20e5-a89a000f0000 pid=3840 execve guuid=b0913b2a-1a00-0000-20e5-a89a010f0000 pid=3841 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=b0913b2a-1a00-0000-20e5-a89a010f0000 pid=3841 execve guuid=141fa12a-1a00-0000-20e5-a89a030f0000 pid=3843 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=141fa12a-1a00-0000-20e5-a89a030f0000 pid=3843 execve guuid=c757082b-1a00-0000-20e5-a89a050f0000 pid=3845 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=c757082b-1a00-0000-20e5-a89a050f0000 pid=3845 execve guuid=194b6e2b-1a00-0000-20e5-a89a090f0000 pid=3849 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=194b6e2b-1a00-0000-20e5-a89a090f0000 pid=3849 execve guuid=1bd4d62b-1a00-0000-20e5-a89a0a0f0000 pid=3850 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=1bd4d62b-1a00-0000-20e5-a89a0a0f0000 pid=3850 execve guuid=b4b9372c-1a00-0000-20e5-a89a0e0f0000 pid=3854 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=b4b9372c-1a00-0000-20e5-a89a0e0f0000 pid=3854 execve guuid=3cbdcf2c-1a00-0000-20e5-a89a100f0000 pid=3856 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=3cbdcf2c-1a00-0000-20e5-a89a100f0000 pid=3856 execve guuid=b5463b2d-1a00-0000-20e5-a89a120f0000 pid=3858 /usr/bin/ls guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=b5463b2d-1a00-0000-20e5-a89a120f0000 pid=3858 execve guuid=7322ec2d-1a00-0000-20e5-a89a160f0000 pid=3862 /usr/bin/rm guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=7322ec2d-1a00-0000-20e5-a89a160f0000 pid=3862 execve guuid=bd9a372e-1a00-0000-20e5-a89a1a0f0000 pid=3866 /usr/bin/wget net send-data write-file guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=bd9a372e-1a00-0000-20e5-a89a1a0f0000 pid=3866 execve guuid=94dcf037-1a00-0000-20e5-a89a310f0000 pid=3889 /usr/bin/chmod guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=94dcf037-1a00-0000-20e5-a89a310f0000 pid=3889 execve guuid=fe2e6138-1a00-0000-20e5-a89a320f0000 pid=3890 /tmp/lyjR guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=fe2e6138-1a00-0000-20e5-a89a320f0000 pid=3890 execve guuid=0e050c3a-1a00-0000-20e5-a89a370f0000 pid=3895 /usr/bin/rm guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=0e050c3a-1a00-0000-20e5-a89a370f0000 pid=3895 execve guuid=2e32753a-1a00-0000-20e5-a89a390f0000 pid=3897 /usr/bin/wget net send-data write-file guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=2e32753a-1a00-0000-20e5-a89a390f0000 pid=3897 execve guuid=c848f27d-1a00-0000-20e5-a89a14100000 pid=4116 /usr/bin/chmod guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=c848f27d-1a00-0000-20e5-a89a14100000 pid=4116 execve guuid=cb2e407e-1a00-0000-20e5-a89a16100000 pid=4118 /tmp/y0Hc guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=cb2e407e-1a00-0000-20e5-a89a16100000 pid=4118 execve guuid=37dc7480-1a00-0000-20e5-a89a1d100000 pid=4125 /usr/bin/rm guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=37dc7480-1a00-0000-20e5-a89a1d100000 pid=4125 execve guuid=d62cc980-1a00-0000-20e5-a89a21100000 pid=4129 /usr/bin/wget net send-data write-file guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=d62cc980-1a00-0000-20e5-a89a21100000 pid=4129 execve guuid=80ad4188-1a00-0000-20e5-a89a3b100000 pid=4155 /usr/bin/chmod guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=80ad4188-1a00-0000-20e5-a89a3b100000 pid=4155 execve guuid=373c8488-1a00-0000-20e5-a89a3c100000 pid=4156 /tmp/WbJ guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=373c8488-1a00-0000-20e5-a89a3c100000 pid=4156 execve guuid=1b187789-1a00-0000-20e5-a89a41100000 pid=4161 /usr/bin/rm guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=1b187789-1a00-0000-20e5-a89a41100000 pid=4161 execve guuid=f8ddba89-1a00-0000-20e5-a89a42100000 pid=4162 /usr/bin/wget net send-data write-file guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=f8ddba89-1a00-0000-20e5-a89a42100000 pid=4162 execve guuid=763cb8cd-1a00-0000-20e5-a89af9100000 pid=4345 /usr/bin/chmod guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=763cb8cd-1a00-0000-20e5-a89af9100000 pid=4345 execve guuid=b9fefccd-1a00-0000-20e5-a89afa100000 pid=4346 /tmp/4pj guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=b9fefccd-1a00-0000-20e5-a89afa100000 pid=4346 execve guuid=f90dbace-1a00-0000-20e5-a89a00110000 pid=4352 /usr/bin/rm guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=f90dbace-1a00-0000-20e5-a89a00110000 pid=4352 execve guuid=49d011cf-1a00-0000-20e5-a89a02110000 pid=4354 /usr/bin/wget net send-data write-file guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=49d011cf-1a00-0000-20e5-a89a02110000 pid=4354 execve guuid=ecc6ded6-1a00-0000-20e5-a89a21110000 pid=4385 /usr/bin/chmod guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=ecc6ded6-1a00-0000-20e5-a89a21110000 pid=4385 execve guuid=4a803ed7-1a00-0000-20e5-a89a25110000 pid=4389 /tmp/OW7a guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=4a803ed7-1a00-0000-20e5-a89a25110000 pid=4389 execve guuid=c2e9f8d7-1a00-0000-20e5-a89a2a110000 pid=4394 /usr/bin/rm delete-file guuid=fd41a7dd-1900-0000-20e5-a89a140e0000 pid=3604->guuid=c2e9f8d7-1a00-0000-20e5-a89a2a110000 pid=4394 execve 9554d36e-3083-568e-90da-bb8e3c487b07 188.132.232.81:80 guuid=bd9a372e-1a00-0000-20e5-a89a1a0f0000 pid=3866->9554d36e-3083-568e-90da-bb8e3c487b07 send: 133B guuid=2e32753a-1a00-0000-20e5-a89a390f0000 pid=3897->9554d36e-3083-568e-90da-bb8e3c487b07 send: 133B guuid=d62cc980-1a00-0000-20e5-a89a21100000 pid=4129->9554d36e-3083-568e-90da-bb8e3c487b07 send: 132B guuid=f8ddba89-1a00-0000-20e5-a89a42100000 pid=4162->9554d36e-3083-568e-90da-bb8e3c487b07 send: 132B guuid=49d011cf-1a00-0000-20e5-a89a02110000 pid=4354->9554d36e-3083-568e-90da-bb8e3c487b07 send: 133B
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Threat name:
Document-HTML.Trojan.Multiverze
Status:
Malicious
First seen:
2026-06-02 07:23:22 UTC
File Type:
Text (Shell)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
defense_evasion discovery linux
Behaviour
Reads runtime system information
Writes file to tmp directory
Enumerates running processes
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 068adfbbe938f346f821e1422a9f533a7bb542bcda433f4807a1a1cd44e39b9d

(this sample)

  
Delivery method
Distributed via web download

Comments