MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 168cdefebfd7fb02d1ad280ebaf6fc8f79462a4eee14c35f3c1a70e3c8aaa0ac. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DDoSAgent


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 168cdefebfd7fb02d1ad280ebaf6fc8f79462a4eee14c35f3c1a70e3c8aaa0ac
SHA3-384 hash: 1aeb32a06261f1d8da9b104fff2c9490807882a437842fbd6174d9f7b468b33487c03be7c9aef4a3cfd4f3318d1c659e
SHA1 hash: c628fd9246960e510214679d855681e6541801e1
MD5 hash: 47a89c046da0aba2874b3cc850da6c9d
humanhash: comet-ink-eleven-tennessee
File name:dl202
Download: download sample
Signature DDoSAgent
Create hunting rule
File size:3'741 bytes
First seen:2025-07-26 06:01:58 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:tKBjI7HVpB00SXf0ktsF8vNmOfmW5ScNMMQq+:Zr4+
TLSH T18C71A29803E101515302364F7FF927A8ADA483F2AD7B0FA5F861C9A864B459DE335F1C
Magika shell
Reporter abuse_ch
Tags:DDOSAgent mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.170.22.205/bins/whisper.armv555d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.armv62b4c87240aaf767982d676933e628f8bf2957c931d906a90c88ccf3a18dc55ce DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.armv7e97da696893a2a090ac962789c524119aacab5583df1f2074c081295a0f582e3 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.aarch6438b7cbe9ff53cec015d67d04da59bcced70fae6c7e1d15baf95abc34035cc862 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.aarch64be5b489dfd7395de9106468d7b92374c56d30af994b4ea06be6c77e98ba540cf6a DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.arcle750d6001350ab65adfd7a9e0fca7560c49fc5d8f6e96939f1bdb630599e5fb902a14 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.arclehs381a3c8f2dbd32b05b5dc1c7ebd3b5cdaaf24fb5296978e6061671edca802a41f4 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.mips3d0ff85391334a8130b92bf85bb1b760f7f060508a5bfaab3ff7eb9a2ca53b0a DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64b8c1191781c9feb322cfcacf40f4f1d207a09af4d786e26a7455e8a36afd4a1c DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64le527a822afceebc65d8926a1dd0c3c97862f3e114db26f104797c58f45a2e609c DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64len32c6a1cd7348531c4c0db50ecf21f64e444b33a3ff194ed55a467adb938ec22408 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.mips64n3290676d5a951bfb339c20472a0d3ff253767268f54be520eb6410522eeba9741e DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.mipslee479f82af03dd6087f688cd398fc792a6443e362c9a36348ab53a3f6ddc591a2 DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.riscv3245ca399bc539910e391f87bb398acac0f5c47410acb0d329ea3bf82406b3c189 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.riscv6484dbcc96a5ede7cb185d06f1116aee3bbe07e85ab020e86b5d4bfa9dcc6e60e1 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.m68kc304b1825bfe337bc1801440ca0bb1cda35aa96672d60952b852a5b2e3255f06 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.sh4n/an/aelf
http://31.170.22.205/bins/whisper.i6862ba541b4a6c62619d785852c86d67829118e70a52105ef37f32010aecb64784b DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.x6411742623bba0e1ca221814a36cd8239be94898c59fcc61c1328a6230a9981219 DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.powerpc440fp197455fb6ac704dea344ee392427a842c243f6919c6886965b9586424b65e00b DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64e55001033d5f5d215d7df4d05737606f8323406eaeb9c215e1308fe48e77aba6f00f4 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64e6500a97c72cdfb63586cf2bbf84c6839b38eaf7af1a474d6f5f27af0b11f7140f067 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64lepower84d5ef555aac80b752223c279e28e49de774e1a68309e426095c52690a105f313 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64power8e3ed9343357d6cb963060d7908aa2637165f89cf21a4eb8f7538bb2ddb79e54f DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpce300c395d23e5693047c429dcf68baf9141ee074a578d08d434f6e1ae520374d0c7928 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpce500mc189b5636d5a9a46a6ed38a7fdcd6b4f063fd7abc292363ff9ef7ac77852eae49 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.sparc25bf2d5845b6d3497bbceeeda40ba99a78e27f8ca88ec2efb690d919b4c5b8f6 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.sparc640e7338e304ae5c960e232d80d98edb0a281d03c974ab13c6de4b0596fd0557c9 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.armv4n/an/aelf

Intelligence

File Origin
# of uploads :
1
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
URLhaus.3462419.UNOFFICIAL
Create hunting rule

URLhaus.3462413.UNOFFICIAL
Create hunting rule

URLhaus.3462403.UNOFFICIAL
Create hunting rule

URLhaus.3462409.UNOFFICIAL
Create hunting rule

URLhaus.3462416.UNOFFICIAL
Create hunting rule

URLhaus.3462399.UNOFFICIAL
Create hunting rule

URLhaus.3462402.UNOFFICIAL
Create hunting rule

URLhaus.3447675.UNOFFICIAL
Create hunting rule

URLhaus.3447676.UNOFFICIAL
Create hunting rule

URLhaus.3447679.UNOFFICIAL
Create hunting rule

URLhaus.3462417.UNOFFICIAL
Create hunting rule

URLhaus.3462395.UNOFFICIAL
Create hunting rule

URLhaus.3447674.UNOFFICIAL
Create hunting rule

URLhaus.3462404.UNOFFICIAL
Create hunting rule

URLhaus.3462410.UNOFFICIAL
Create hunting rule

URLhaus.3462418.UNOFFICIAL
Create hunting rule

URLhaus.3462407.UNOFFICIAL
Create hunting rule

URLhaus.3462397.UNOFFICIAL
Create hunting rule

URLhaus.3447677.UNOFFICIAL
Create hunting rule

URLhaus.3462398.UNOFFICIAL
Create hunting rule

URLhaus.3462400.UNOFFICIAL
Create hunting rule

URLhaus.3462415.UNOFFICIAL
Create hunting rule

URLhaus.3462406.UNOFFICIAL
Create hunting rule

URLhaus.3462405.UNOFFICIAL
Create hunting rule

URLhaus.3462401.UNOFFICIAL
Create hunting rule

URLhaus.3462396.UNOFFICIAL
Create hunting rule

URLhaus.3462412.UNOFFICIAL
Create hunting rule

URLhaus.3462408.UNOFFICIAL
Create hunting rule

URLhaus.3462414.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68846f63c79df08ef095de20/reports/c53f538e-3ed1-42e5-a8e4-039cf13afee9/overview
Verdict:
Malicious
Labled as:
Bash.MiraiA.Generic
Link:
https://www.hybrid-analysis.com/sample/168cdefebfd7fb02d1ad280ebaf6fc8f79462a4eee14c35f3c1a70e3c8aaa0ac
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/52f941aa-55c0-4a81-8db7-6be1351f1890
Behavior Graph:
Download SVG
%3 guuid=62a4bc24-1800-0000-1fcb-60b2b10c0000 pid=3249 /usr/bin/sudo guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251 /tmp/sample.bin guuid=62a4bc24-1800-0000-1fcb-60b2b10c0000 pid=3249->guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251 execve guuid=06f93b27-1800-0000-1fcb-60b2b40c0000 pid=3252 /usr/bin/rm guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=06f93b27-1800-0000-1fcb-60b2b40c0000 pid=3252 execve guuid=2210d127-1800-0000-1fcb-60b2b50c0000 pid=3253 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=2210d127-1800-0000-1fcb-60b2b50c0000 pid=3253 execve guuid=4fb2d137-1800-0000-1fcb-60b2dd0c0000 pid=3293 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=4fb2d137-1800-0000-1fcb-60b2dd0c0000 pid=3293 execve guuid=0aee0638-1800-0000-1fcb-60b2df0c0000 pid=3295 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=0aee0638-1800-0000-1fcb-60b2df0c0000 pid=3295 clone guuid=76039338-1800-0000-1fcb-60b2e30c0000 pid=3299 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=76039338-1800-0000-1fcb-60b2e30c0000 pid=3299 execve guuid=4e9ec838-1800-0000-1fcb-60b2e50c0000 pid=3301 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=4e9ec838-1800-0000-1fcb-60b2e50c0000 pid=3301 execve guuid=40dae846-1800-0000-1fcb-60b2010d0000 pid=3329 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=40dae846-1800-0000-1fcb-60b2010d0000 pid=3329 execve guuid=4ffc3d47-1800-0000-1fcb-60b2020d0000 pid=3330 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=4ffc3d47-1800-0000-1fcb-60b2020d0000 pid=3330 clone guuid=1e9cec47-1800-0000-1fcb-60b2040d0000 pid=3332 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=1e9cec47-1800-0000-1fcb-60b2040d0000 pid=3332 execve guuid=6ce73f48-1800-0000-1fcb-60b2050d0000 pid=3333 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=6ce73f48-1800-0000-1fcb-60b2050d0000 pid=3333 execve guuid=7fb86955-1800-0000-1fcb-60b21f0d0000 pid=3359 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=7fb86955-1800-0000-1fcb-60b21f0d0000 pid=3359 execve guuid=5224ea55-1800-0000-1fcb-60b2200d0000 pid=3360 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=5224ea55-1800-0000-1fcb-60b2200d0000 pid=3360 clone guuid=4d9e7657-1800-0000-1fcb-60b2240d0000 pid=3364 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=4d9e7657-1800-0000-1fcb-60b2240d0000 pid=3364 execve guuid=e4c61058-1800-0000-1fcb-60b2270d0000 pid=3367 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=e4c61058-1800-0000-1fcb-60b2270d0000 pid=3367 execve guuid=05f5f566-1800-0000-1fcb-60b2570d0000 pid=3415 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=05f5f566-1800-0000-1fcb-60b2570d0000 pid=3415 execve guuid=c1493067-1800-0000-1fcb-60b2590d0000 pid=3417 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=c1493067-1800-0000-1fcb-60b2590d0000 pid=3417 clone guuid=0a59c267-1800-0000-1fcb-60b25d0d0000 pid=3421 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=0a59c267-1800-0000-1fcb-60b25d0d0000 pid=3421 execve guuid=430efc67-1800-0000-1fcb-60b25f0d0000 pid=3423 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=430efc67-1800-0000-1fcb-60b25f0d0000 pid=3423 execve guuid=25c92579-1800-0000-1fcb-60b29b0d0000 pid=3483 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=25c92579-1800-0000-1fcb-60b29b0d0000 pid=3483 execve guuid=f86b6279-1800-0000-1fcb-60b29d0d0000 pid=3485 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=f86b6279-1800-0000-1fcb-60b29d0d0000 pid=3485 clone guuid=4d1f137a-1800-0000-1fcb-60b2a10d0000 pid=3489 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=4d1f137a-1800-0000-1fcb-60b2a10d0000 pid=3489 execve guuid=4315507a-1800-0000-1fcb-60b2a20d0000 pid=3490 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=4315507a-1800-0000-1fcb-60b2a20d0000 pid=3490 execve guuid=01117086-1800-0000-1fcb-60b2bd0d0000 pid=3517 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=01117086-1800-0000-1fcb-60b2bd0d0000 pid=3517 execve guuid=a315ad86-1800-0000-1fcb-60b2be0d0000 pid=3518 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=a315ad86-1800-0000-1fcb-60b2be0d0000 pid=3518 clone guuid=52294887-1800-0000-1fcb-60b2c30d0000 pid=3523 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=52294887-1800-0000-1fcb-60b2c30d0000 pid=3523 execve guuid=6e7c7e87-1800-0000-1fcb-60b2c40d0000 pid=3524 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=6e7c7e87-1800-0000-1fcb-60b2c40d0000 pid=3524 execve guuid=9619ff95-1800-0000-1fcb-60b2e20d0000 pid=3554 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=9619ff95-1800-0000-1fcb-60b2e20d0000 pid=3554 execve guuid=e8749396-1800-0000-1fcb-60b2e30d0000 pid=3555 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=e8749396-1800-0000-1fcb-60b2e30d0000 pid=3555 clone guuid=7a148098-1800-0000-1fcb-60b2e50d0000 pid=3557 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=7a148098-1800-0000-1fcb-60b2e50d0000 pid=3557 execve guuid=0f79ce98-1800-0000-1fcb-60b2e60d0000 pid=3558 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=0f79ce98-1800-0000-1fcb-60b2e60d0000 pid=3558 execve guuid=3e9b20aa-1800-0000-1fcb-60b2160e0000 pid=3606 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=3e9b20aa-1800-0000-1fcb-60b2160e0000 pid=3606 execve guuid=1bbc5baa-1800-0000-1fcb-60b2180e0000 pid=3608 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=1bbc5baa-1800-0000-1fcb-60b2180e0000 pid=3608 clone guuid=74e8ddaa-1800-0000-1fcb-60b21b0e0000 pid=3611 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=74e8ddaa-1800-0000-1fcb-60b21b0e0000 pid=3611 execve guuid=27a319ab-1800-0000-1fcb-60b21d0e0000 pid=3613 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=27a319ab-1800-0000-1fcb-60b21d0e0000 pid=3613 execve guuid=ae8acebf-1800-0000-1fcb-60b26d0e0000 pid=3693 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=ae8acebf-1800-0000-1fcb-60b26d0e0000 pid=3693 execve guuid=d9ab16c0-1800-0000-1fcb-60b26f0e0000 pid=3695 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=d9ab16c0-1800-0000-1fcb-60b26f0e0000 pid=3695 clone guuid=e790b0c0-1800-0000-1fcb-60b2730e0000 pid=3699 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=e790b0c0-1800-0000-1fcb-60b2730e0000 pid=3699 execve guuid=eb7af3c0-1800-0000-1fcb-60b2750e0000 pid=3701 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=eb7af3c0-1800-0000-1fcb-60b2750e0000 pid=3701 execve guuid=47f391d9-1800-0000-1fcb-60b2a60e0000 pid=3750 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=47f391d9-1800-0000-1fcb-60b2a60e0000 pid=3750 execve guuid=79fee3d9-1800-0000-1fcb-60b2a70e0000 pid=3751 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=79fee3d9-1800-0000-1fcb-60b2a70e0000 pid=3751 clone guuid=6ce101db-1800-0000-1fcb-60b2ae0e0000 pid=3758 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=6ce101db-1800-0000-1fcb-60b2ae0e0000 pid=3758 execve guuid=6aea81db-1800-0000-1fcb-60b2af0e0000 pid=3759 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=6aea81db-1800-0000-1fcb-60b2af0e0000 pid=3759 execve guuid=443658eb-1800-0000-1fcb-60b2fd0e0000 pid=3837 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=443658eb-1800-0000-1fcb-60b2fd0e0000 pid=3837 execve guuid=9c2094eb-1800-0000-1fcb-60b2000f0000 pid=3840 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=9c2094eb-1800-0000-1fcb-60b2000f0000 pid=3840 clone guuid=157c9dec-1800-0000-1fcb-60b2070f0000 pid=3847 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=157c9dec-1800-0000-1fcb-60b2070f0000 pid=3847 execve guuid=2fe8d8ec-1800-0000-1fcb-60b20a0f0000 pid=3850 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=2fe8d8ec-1800-0000-1fcb-60b20a0f0000 pid=3850 execve guuid=0feaeefc-1800-0000-1fcb-60b2520f0000 pid=3922 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=0feaeefc-1800-0000-1fcb-60b2520f0000 pid=3922 execve guuid=484c61fd-1800-0000-1fcb-60b2540f0000 pid=3924 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=484c61fd-1800-0000-1fcb-60b2540f0000 pid=3924 clone guuid=40ba3efe-1800-0000-1fcb-60b25c0f0000 pid=3932 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=40ba3efe-1800-0000-1fcb-60b25c0f0000 pid=3932 execve guuid=089c86fe-1800-0000-1fcb-60b25d0f0000 pid=3933 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=089c86fe-1800-0000-1fcb-60b25d0f0000 pid=3933 execve guuid=1fc1710f-1900-0000-1fcb-60b2a20f0000 pid=4002 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=1fc1710f-1900-0000-1fcb-60b2a20f0000 pid=4002 execve guuid=625dbc0f-1900-0000-1fcb-60b2a30f0000 pid=4003 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=625dbc0f-1900-0000-1fcb-60b2a30f0000 pid=4003 clone guuid=8a665810-1900-0000-1fcb-60b2a80f0000 pid=4008 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=8a665810-1900-0000-1fcb-60b2a80f0000 pid=4008 execve guuid=da9a8d10-1900-0000-1fcb-60b2a90f0000 pid=4009 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=da9a8d10-1900-0000-1fcb-60b2a90f0000 pid=4009 execve guuid=b97f4b21-1900-0000-1fcb-60b2e80f0000 pid=4072 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=b97f4b21-1900-0000-1fcb-60b2e80f0000 pid=4072 execve guuid=b79f9d21-1900-0000-1fcb-60b2ea0f0000 pid=4074 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=b79f9d21-1900-0000-1fcb-60b2ea0f0000 pid=4074 clone guuid=bafc2f22-1900-0000-1fcb-60b2ee0f0000 pid=4078 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=bafc2f22-1900-0000-1fcb-60b2ee0f0000 pid=4078 execve guuid=c0117822-1900-0000-1fcb-60b2f00f0000 pid=4080 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=c0117822-1900-0000-1fcb-60b2f00f0000 pid=4080 execve guuid=3175ae34-1900-0000-1fcb-60b22d100000 pid=4141 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=3175ae34-1900-0000-1fcb-60b22d100000 pid=4141 execve guuid=9f2f0435-1900-0000-1fcb-60b22f100000 pid=4143 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=9f2f0435-1900-0000-1fcb-60b22f100000 pid=4143 clone guuid=3109c136-1900-0000-1fcb-60b234100000 pid=4148 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=3109c136-1900-0000-1fcb-60b234100000 pid=4148 execve guuid=710d0237-1900-0000-1fcb-60b238100000 pid=4152 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=710d0237-1900-0000-1fcb-60b238100000 pid=4152 execve guuid=af32c047-1900-0000-1fcb-60b27f100000 pid=4223 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=af32c047-1900-0000-1fcb-60b27f100000 pid=4223 execve guuid=f3ffff47-1900-0000-1fcb-60b281100000 pid=4225 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=f3ffff47-1900-0000-1fcb-60b281100000 pid=4225 clone guuid=6e4f8748-1900-0000-1fcb-60b285100000 pid=4229 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=6e4f8748-1900-0000-1fcb-60b285100000 pid=4229 execve guuid=ff4bc248-1900-0000-1fcb-60b287100000 pid=4231 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=ff4bc248-1900-0000-1fcb-60b287100000 pid=4231 execve guuid=0f5c6158-1900-0000-1fcb-60b2bd100000 pid=4285 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=0f5c6158-1900-0000-1fcb-60b2bd100000 pid=4285 execve guuid=8f90bc58-1900-0000-1fcb-60b2bf100000 pid=4287 /usr/bin/dash guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=8f90bc58-1900-0000-1fcb-60b2bf100000 pid=4287 clone guuid=7c98d459-1900-0000-1fcb-60b2c4100000 pid=4292 /usr/bin/rm delete-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=7c98d459-1900-0000-1fcb-60b2c4100000 pid=4292 execve guuid=d60b265a-1900-0000-1fcb-60b2c6100000 pid=4294 /usr/bin/curl net send-data write-file guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=d60b265a-1900-0000-1fcb-60b2c6100000 pid=4294 execve guuid=9492a869-1900-0000-1fcb-60b2f6100000 pid=4342 /usr/bin/chmod guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=9492a869-1900-0000-1fcb-60b2f6100000 pid=4342 execve guuid=199a0a6a-1900-0000-1fcb-60b2f8100000 pid=4344 /tmp/whisper.i686 net send-data guuid=47abf726-1800-0000-1fcb-60b2b30c0000 pid=3251->guuid=199a0a6a-1900-0000-1fcb-60b2f8100000 pid=4344 execve 4466a7ec-d357-5dbd-9f7f-c7e61f48c387 31.170.22.205:80 guuid=2210d127-1800-0000-1fcb-60b2b50c0000 pid=3253->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 95B guuid=4e9ec838-1800-0000-1fcb-60b2e50c0000 pid=3301->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 95B guuid=6ce73f48-1800-0000-1fcb-60b2050d0000 pid=3333->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 95B guuid=e4c61058-1800-0000-1fcb-60b2270d0000 pid=3367->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 97B guuid=430efc67-1800-0000-1fcb-60b25f0d0000 pid=3423->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 99B guuid=4315507a-1800-0000-1fcb-60b2a20d0000 pid=3490->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 99B guuid=6e7c7e87-1800-0000-1fcb-60b2c40d0000 pid=3524->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 99B guuid=0f79ce98-1800-0000-1fcb-60b2e60d0000 pid=3558->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 94B guuid=27a319ab-1800-0000-1fcb-60b21d0e0000 pid=3613->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 96B guuid=eb7af3c0-1800-0000-1fcb-60b2750e0000 pid=3701->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 98B guuid=6aea81db-1800-0000-1fcb-60b2af0e0000 pid=3759->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 101B guuid=2fe8d8ec-1800-0000-1fcb-60b20a0f0000 pid=3850->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 99B guuid=089c86fe-1800-0000-1fcb-60b25d0f0000 pid=3933->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 96B guuid=da9a8d10-1900-0000-1fcb-60b2a90f0000 pid=4009->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 97B guuid=c0117822-1900-0000-1fcb-60b2f00f0000 pid=4080->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 97B guuid=710d0237-1900-0000-1fcb-60b238100000 pid=4152->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 94B guuid=ff4bc248-1900-0000-1fcb-60b287100000 pid=4231->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 93B guuid=d60b265a-1900-0000-1fcb-60b2c6100000 pid=4294->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 94B guuid=199a0a6a-1900-0000-1fcb-60b2f8100000 pid=4344->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 141B
Score:
99%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/168cdefebfd7fb02d1ad280ebaf6fc8f79462a4eee14c35f3c1a70e3c8aaa0ac
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/168cdefebfd7fb02d1ad280ebaf6fc8f79462a4eee14c35f3c1a70e3c8aaa0ac/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/168cdefebfd7fb02d1ad280ebaf6fc8f79462a4eee14c35f3c1a70e3c8aaa0ac
Threat name:
Linux.Worm.Mirai
Create hunting rule
Status:
Malicious
First seen:
2025-07-26 07:08:26 UTC
File Type:
Text (Shell)
AV detection:
8 of 35 (22.86%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=c2gn57v7275qfunnfahlv5x4r54umkso5ykmgxz4djyohsfkucwa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250726-hyd75sxrs7/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/168cdefebfd7fb02d1ad280ebaf6fc8f79462a4eee14c35f3c1a70e3c8aaa0ac

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DDoSAgent

sh 168cdefebfd7fb02d1ad280ebaf6fc8f79462a4eee14c35f3c1a70e3c8aaa0ac

(this sample)

DDoSAgent

elf 55d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527

  
URLhaus
https://urlhaus.abuse.ch/url/3536070/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2f4c13a8e22bcca551ce49a5b20245af
  
Dropping
SHA256 55d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527

Comments