MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 119031d11c894b585fd88084898929a892beb5b9df57e56b779d8aaa3dae9ba6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ngioweb


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 119031d11c894b585fd88084898929a892beb5b9df57e56b779d8aaa3dae9ba6
SHA3-384 hash: 1d69f60510d8c81d6b7a33027f91ec3d116703c2139bfa280d613b3808e5942c96266b12545b96b73ec18967b329285a
SHA1 hash: 226f2a82ac1e86b18108fee90c46840d955d7ed7
MD5 hash: 4a2d05f9e4bb2ac0c77cd1d7c276436f
humanhash: uniform-alanine-chicken-indigo
File name:dvr.jaws.sh
Download: download sample
Signature Ngioweb
Create hunting rule
File size:760 bytes
First seen:2025-11-08 07:19:27 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:78CVCSECDSECaSECISECXBSECwSEC7bnSEC7k/:pVDwbNCVvM4/
TLSH T11A01169DA826D0E4E138E7403855AD0B614D8B51A590BBD854F82C35D0F965CB605E7E
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://87.121.84.80/frost.armv7d0ca62e68e235aca958e3877ae7ed505c5667207c95d34907bc806e5ffa0b21b Ngiowebelf geofenced Ngioweb ua-wget USA
http://87.121.84.80/frost.armv6f08d8c43beedbc8d45ea133b44dd09e13d80d725846eac7615141dee9064907e Ngiowebelf geofenced Ngioweb ua-wget USA
http://87.121.84.80/frost.armv5966770e3938bb350119a960948a15421d9c6e0944c4d49f5aa631d3bd9fee703 Ngiowebelf geofenced Ngioweb ua-wget USA
http://87.121.84.80/frost.mipsn/an/aelf geofenced ua-wget USA
http://87.121.84.80/frost.mipsel8758eddd99d34eae170f69fe5c58231a546fef0f56a7e30eefac59ef10ca906b Miraielf geofenced mirai ua-wget USA
http://87.121.84.80/frost.aarch647997eca9041eb31e0264e9273d28e3b672f6f6cb206919ea1167610cfa601f93 Miraielf geofenced mirai ua-wget USA
http://87.121.84.80/frost.x86296d6af5b711aada05ec72d517af8b677c32d4f894fda2934ad5289b7f671619 Miraielf geofenced mirai ua-wget USA
http://87.121.84.80/frost.x86_64a85c562d0b13602adfad63635f895ba1fcd8f4780121f7f98febc10fbfba1819 Miraielf geofenced mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive masquerade mirai
Link:
https://www.filescan.io/uploads/690eef332b74ec26eb6b7743/reports/8a7e4d93-4167-4467-9a63-421c6d703c30/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-11-08T05:23:00Z UTC
Last seen:
2025-11-08T06:37:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/119031d11c894b585fd88084898929a892beb5b9df57e56b779d8aaa3dae9ba6/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ba92d8ab-ac58-4db5-9950-e172cdb591f1
Behavior Graph:
Download SVG
%3 guuid=6bc16280-1700-0000-33c4-7366700a0000 pid=2672 /usr/bin/sudo guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682 /tmp/sample.bin guuid=6bc16280-1700-0000-33c4-7366700a0000 pid=2672->guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682 execve guuid=b8081183-1700-0000-33c4-73667c0a0000 pid=2684 /usr/bin/wget net send-data write-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=b8081183-1700-0000-33c4-73667c0a0000 pid=2684 execve guuid=f9bb8f92-1700-0000-33c4-7366a20a0000 pid=2722 /usr/bin/chmod guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=f9bb8f92-1700-0000-33c4-7366a20a0000 pid=2722 execve guuid=2acee792-1700-0000-33c4-7366a40a0000 pid=2724 /usr/bin/dash guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=2acee792-1700-0000-33c4-7366a40a0000 pid=2724 clone guuid=6af68893-1700-0000-33c4-7366a80a0000 pid=2728 /usr/bin/rm delete-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=6af68893-1700-0000-33c4-7366a80a0000 pid=2728 execve guuid=5e19d293-1700-0000-33c4-7366a90a0000 pid=2729 /usr/bin/wget net send-data write-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=5e19d293-1700-0000-33c4-7366a90a0000 pid=2729 execve guuid=1f6955a0-1700-0000-33c4-7366c20a0000 pid=2754 /usr/bin/chmod guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=1f6955a0-1700-0000-33c4-7366c20a0000 pid=2754 execve guuid=cdf8b2a0-1700-0000-33c4-7366c30a0000 pid=2755 /usr/bin/dash guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=cdf8b2a0-1700-0000-33c4-7366c30a0000 pid=2755 clone guuid=db335fa1-1700-0000-33c4-7366c50a0000 pid=2757 /usr/bin/rm delete-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=db335fa1-1700-0000-33c4-7366c50a0000 pid=2757 execve guuid=2418b4a1-1700-0000-33c4-7366c60a0000 pid=2758 /usr/bin/wget net send-data write-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=2418b4a1-1700-0000-33c4-7366c60a0000 pid=2758 execve guuid=0c9331ae-1700-0000-33c4-7366da0a0000 pid=2778 /usr/bin/chmod guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=0c9331ae-1700-0000-33c4-7366da0a0000 pid=2778 execve guuid=6a0ca2ae-1700-0000-33c4-7366dc0a0000 pid=2780 /usr/bin/dash guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=6a0ca2ae-1700-0000-33c4-7366dc0a0000 pid=2780 clone guuid=04b279af-1700-0000-33c4-7366df0a0000 pid=2783 /usr/bin/rm delete-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=04b279af-1700-0000-33c4-7366df0a0000 pid=2783 execve guuid=04c10ab0-1700-0000-33c4-7366e10a0000 pid=2785 /usr/bin/wget net send-data write-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=04c10ab0-1700-0000-33c4-7366e10a0000 pid=2785 execve guuid=67ffb9bd-1700-0000-33c4-7366f90a0000 pid=2809 /usr/bin/chmod guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=67ffb9bd-1700-0000-33c4-7366f90a0000 pid=2809 execve guuid=96ce0cbe-1700-0000-33c4-7366fb0a0000 pid=2811 /usr/bin/dash guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=96ce0cbe-1700-0000-33c4-7366fb0a0000 pid=2811 clone guuid=b65200bf-1700-0000-33c4-7366fe0a0000 pid=2814 /usr/bin/rm delete-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=b65200bf-1700-0000-33c4-7366fe0a0000 pid=2814 execve guuid=692447bf-1700-0000-33c4-7366ff0a0000 pid=2815 /usr/bin/wget net send-data write-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=692447bf-1700-0000-33c4-7366ff0a0000 pid=2815 execve guuid=0cf2b1ca-1700-0000-33c4-7366170b0000 pid=2839 /usr/bin/chmod guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=0cf2b1ca-1700-0000-33c4-7366170b0000 pid=2839 execve guuid=444aedca-1700-0000-33c4-7366190b0000 pid=2841 /usr/bin/dash guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=444aedca-1700-0000-33c4-7366190b0000 pid=2841 clone guuid=b56260cb-1700-0000-33c4-73661b0b0000 pid=2843 /usr/bin/rm delete-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=b56260cb-1700-0000-33c4-73661b0b0000 pid=2843 execve guuid=73e1b9cb-1700-0000-33c4-73661e0b0000 pid=2846 /usr/bin/wget net send-data write-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=73e1b9cb-1700-0000-33c4-73661e0b0000 pid=2846 execve guuid=aea145d4-1700-0000-33c4-73662f0b0000 pid=2863 /usr/bin/chmod guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=aea145d4-1700-0000-33c4-73662f0b0000 pid=2863 execve guuid=85848cd4-1700-0000-33c4-7366310b0000 pid=2865 /usr/bin/dash guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=85848cd4-1700-0000-33c4-7366310b0000 pid=2865 clone guuid=2866f9d5-1700-0000-33c4-7366360b0000 pid=2870 /usr/bin/rm delete-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=2866f9d5-1700-0000-33c4-7366360b0000 pid=2870 execve guuid=81bd37d6-1700-0000-33c4-7366370b0000 pid=2871 /usr/bin/wget net send-data write-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=81bd37d6-1700-0000-33c4-7366370b0000 pid=2871 execve guuid=7666bae6-1700-0000-33c4-7366660b0000 pid=2918 /usr/bin/chmod guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=7666bae6-1700-0000-33c4-7366660b0000 pid=2918 execve guuid=324d09e7-1700-0000-33c4-7366680b0000 pid=2920 /tmp/caxb delete-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=324d09e7-1700-0000-33c4-7366680b0000 pid=2920 execve guuid=70a11ce7-1700-0000-33c4-73666a0b0000 pid=2922 /usr/bin/rm guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=70a11ce7-1700-0000-33c4-73666a0b0000 pid=2922 execve guuid=72f85be7-1700-0000-33c4-73666c0b0000 pid=2924 /usr/bin/wget net send-data write-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=72f85be7-1700-0000-33c4-73666c0b0000 pid=2924 execve guuid=2c77b7ef-1700-0000-33c4-7366810b0000 pid=2945 /usr/bin/chmod guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=2c77b7ef-1700-0000-33c4-7366810b0000 pid=2945 execve guuid=c9b104f0-1700-0000-33c4-7366820b0000 pid=2946 /tmp/caxb delete-file guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=c9b104f0-1700-0000-33c4-7366820b0000 pid=2946 execve guuid=ac4225f0-1700-0000-33c4-7366840b0000 pid=2948 /usr/bin/rm guuid=9278b882-1700-0000-33c4-73667a0a0000 pid=2682->guuid=ac4225f0-1700-0000-33c4-7366840b0000 pid=2948 execve 8a0fa304-c855-5f37-833d-84ef77e0b826 87.121.84.80:80 guuid=b8081183-1700-0000-33c4-73667c0a0000 pid=2684->8a0fa304-c855-5f37-833d-84ef77e0b826 send: 138B guuid=5e19d293-1700-0000-33c4-7366a90a0000 pid=2729->8a0fa304-c855-5f37-833d-84ef77e0b826 send: 138B guuid=2418b4a1-1700-0000-33c4-7366c60a0000 pid=2758->8a0fa304-c855-5f37-833d-84ef77e0b826 send: 138B guuid=04c10ab0-1700-0000-33c4-7366e10a0000 pid=2785->8a0fa304-c855-5f37-833d-84ef77e0b826 send: 137B guuid=692447bf-1700-0000-33c4-7366ff0a0000 pid=2815->8a0fa304-c855-5f37-833d-84ef77e0b826 send: 139B guuid=73e1b9cb-1700-0000-33c4-73661e0b0000 pid=2846->8a0fa304-c855-5f37-833d-84ef77e0b826 send: 140B guuid=81bd37d6-1700-0000-33c4-7366370b0000 pid=2871->8a0fa304-c855-5f37-833d-84ef77e0b826 send: 136B guuid=9ea517e7-1700-0000-33c4-7366690b0000 pid=2921 /tmp/caxb net send-data zombie guuid=324d09e7-1700-0000-33c4-7366680b0000 pid=2920->guuid=9ea517e7-1700-0000-33c4-7366690b0000 pid=2921 clone 5964582a-537a-5ab9-bea4-3571985c6152 69.5.189.168:5555 guuid=9ea517e7-1700-0000-33c4-7366690b0000 pid=2921->5964582a-537a-5ab9-bea4-3571985c6152 con b0abba15-9a34-51cb-a2ff-3008f7e59616 208.67.222.222:53 guuid=9ea517e7-1700-0000-33c4-7366690b0000 pid=2921->b0abba15-9a34-51cb-a2ff-3008f7e59616 send: 29B guuid=72f85be7-1700-0000-33c4-73666c0b0000 pid=2924->8a0fa304-c855-5f37-833d-84ef77e0b826 send: 139B guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=2947 /tmp/caxb net send-data zombie guuid=c9b104f0-1700-0000-33c4-7366820b0000 pid=2946->guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=2947 clone guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=2947->5964582a-537a-5ab9-bea4-3571985c6152 send: 59B 6a6ce952-23cd-5c51-b461-6ca6a8c64225 1.0.0.1:53 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=2947->6a6ce952-23cd-5c51-b461-6ca6a8c64225 send: 27B guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104 /tmp/caxb net net-scan send-data zombie guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=2947->guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104 clone 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 09d05a78-604b-5fe0-b999-14e3e41b6b28 34.43.16.21:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->09d05a78-604b-5fe0-b999-14e3e41b6b28 send: 120B 5919f0ac-3895-5c16-ba17-26224ad4f7fb 64.64.205.113:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->5919f0ac-3895-5c16-ba17-26224ad4f7fb send: 124B 286da59b-9e29-512a-bd5a-d53f14cace6f 148.72.71.238:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->286da59b-9e29-512a-bd5a-d53f14cace6f send: 124B da4e2d49-0eea-51c0-b020-d02da261877e 4.188.106.248:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->da4e2d49-0eea-51c0-b020-d02da261877e send: 124B aada7181-8731-50b3-aafd-523f928458dc 4.250.96.143:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->aada7181-8731-50b3-aafd-523f928458dc send: 122B e469a646-2634-51a4-ad57-72ab4b663fb4 156.67.105.108:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->e469a646-2634-51a4-ad57-72ab4b663fb4 send: 126B 0263353f-54f7-53ab-a8c5-c97ba172d65e 34.154.165.120:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->0263353f-54f7-53ab-a8c5-c97ba172d65e send: 126B ba2b67e6-1cc0-58b0-88af-d7d1990625aa 148.251.122.23:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->ba2b67e6-1cc0-58b0-88af-d7d1990625aa send: 126B f804d9ca-6179-50b0-bf44-96f6436a7937 208.106.226.80:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->f804d9ca-6179-50b0-bf44-96f6436a7937 send: 126B e765b627-e905-5bc0-8a4b-5197746c23d6 12.182.4.142:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->e765b627-e905-5bc0-8a4b-5197746c23d6 send: 122B c6bff6d9-a33e-519a-a261-52412acbc2b7 18.66.18.194:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->c6bff6d9-a33e-519a-a261-52412acbc2b7 send: 122B 2ccd5870-1765-5ee7-9baf-28f5d15aacd3 64.235.247.195:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->2ccd5870-1765-5ee7-9baf-28f5d15aacd3 send: 126B 7bc6a82f-f6de-5e57-a467-e97b91cd4b75 34.92.100.125:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->7bc6a82f-f6de-5e57-a467-e97b91cd4b75 send: 124B db1becfe-e266-5498-a065-f8fc53ddea0c 52.222.199.248:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->db1becfe-e266-5498-a065-f8fc53ddea0c send: 126B 4f74b91f-9a74-5ec6-904e-8cbaa5eb538c 210.117.150.133:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->4f74b91f-9a74-5ec6-904e-8cbaa5eb538c send: 128B b0f73e3b-e884-5bfa-ac16-4dc26ef8b55a 136.144.142.227:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->b0f73e3b-e884-5bfa-ac16-4dc26ef8b55a send: 128B 25dc2553-3c0c-59be-be2d-905862dd3fd3 80.99.79.228:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->25dc2553-3c0c-59be-be2d-905862dd3fd3 send: 122B d4be86bc-5990-57ba-899f-c4baec48b953 142.168.241.227:80 guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->d4be86bc-5990-57ba-899f-c4baec48b953 send: 128B guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104|send-data send-data to 4061 IP addresses review logs to see them all guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104->guuid=ca8b1bf0-1700-0000-33c4-7366830b0000 pid=3104|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/119031d11c894b585fd88084898929a892beb5b9df57e56b779d8aaa3dae9ba6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/119031d11c894b585fd88084898929a892beb5b9df57e56b779d8aaa3dae9ba6/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-11-08 07:20:20 UTC
File Type:
Text (Shell)
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=cgiddui4rffvqx6yqccitcjjvcjl5nnz35l6k23xtwfkupnotota._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251108-h58qbsdq9t/
Behaviour
Suspicious use of SetWindowsHookEx
Modifies registry class
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/119031d11c894b585fd88084898929a892beb5b9df57e56b779d8aaa3dae9ba6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Ngioweb

sh 119031d11c894b585fd88084898929a892beb5b9df57e56b779d8aaa3dae9ba6

(this sample)

Ngioweb

elf d0ca62e68e235aca958e3877ae7ed505c5667207c95d34907bc806e5ffa0b21b

  
URLhaus
https://urlhaus.abuse.ch/url/3699276/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e11a30fbc51aa29573f1bf62762beb1f
  
Dropping
SHA256 d0ca62e68e235aca958e3877ae7ed505c5667207c95d34907bc806e5ffa0b21b

Comments