MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d78483906b8b08d6b394182baac87a25ec3a9cc6830c31ead67eb2962e6cdf6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DDoSAgent


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3d78483906b8b08d6b394182baac87a25ec3a9cc6830c31ead67eb2962e6cdf6
SHA3-384 hash: 3b7e706b2b4098718e3b371089a8c884426b9bc14811e379dae79da3317602027adfb0cf278962d49abb53764dd15878
SHA1 hash: 34d4a214ec5b07770fcc9efe906db11edc6aa2ee
MD5 hash: ffa385a64df8cdcb6ad1557d5777503d
humanhash: quiet-ohio-louisiana-quiet
File name:dl18
Download: download sample
Signature DDoSAgent
Create hunting rule
File size:3'654 bytes
First seen:2025-07-20 18:56:00 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:y4fhyhRtviSSXfyutura1TE4xcADYSTMcSY:o+
TLSH T17571B4D902E203106001B60F3BF57B61AEB483E5AE7B0F89FC99C97665B0A54F124F5D
Magika shell
Reporter abuse_ch
Tags:DDOSAgent sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.170.22.205/bins/whisper.armv555d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.armv62b4c87240aaf767982d676933e628f8bf2957c931d906a90c88ccf3a18dc55ce DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.armv7e97da696893a2a090ac962789c524119aacab5583df1f2074c081295a0f582e3 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.aarch6438b7cbe9ff53cec015d67d04da59bcced70fae6c7e1d15baf95abc34035cc862 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.aarch64be5b489dfd7395de9106468d7b92374c56d30af994b4ea06be6c77e98ba540cf6a DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.arcle750d6001350ab65adfd7a9e0fca7560c49fc5d8f6e96939f1bdb630599e5fb902a14 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.arclehs381a3c8f2dbd32b05b5dc1c7ebd3b5cdaaf24fb5296978e6061671edca802a41f4 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.mips3d0ff85391334a8130b92bf85bb1b760f7f060508a5bfaab3ff7eb9a2ca53b0a DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64b8c1191781c9feb322cfcacf40f4f1d207a09af4d786e26a7455e8a36afd4a1c DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64le527a822afceebc65d8926a1dd0c3c97862f3e114db26f104797c58f45a2e609c DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64len32c6a1cd7348531c4c0db50ecf21f64e444b33a3ff194ed55a467adb938ec22408 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.mips64n3290676d5a951bfb339c20472a0d3ff253767268f54be520eb6410522eeba9741e DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.mipslee479f82af03dd6087f688cd398fc792a6443e362c9a36348ab53a3f6ddc591a2 DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.riscv3245ca399bc539910e391f87bb398acac0f5c47410acb0d329ea3bf82406b3c189 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.riscv6484dbcc96a5ede7cb185d06f1116aee3bbe07e85ab020e86b5d4bfa9dcc6e60e1 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.m68kc304b1825bfe337bc1801440ca0bb1cda35aa96672d60952b852a5b2e3255f06 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.sh4n/an/aelf
http://31.170.22.205/bins/whisper.i6862ba541b4a6c62619d785852c86d67829118e70a52105ef37f32010aecb64784b DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.x6411742623bba0e1ca221814a36cd8239be94898c59fcc61c1328a6230a9981219 DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.powerpc440fp197455fb6ac704dea344ee392427a842c243f6919c6886965b9586424b65e00b DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64e55001033d5f5d215d7df4d05737606f8323406eaeb9c215e1308fe48e77aba6f00f4 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64e6500a97c72cdfb63586cf2bbf84c6839b38eaf7af1a474d6f5f27af0b11f7140f067 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64lepower84d5ef555aac80b752223c279e28e49de774e1a68309e426095c52690a105f313 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64power8e3ed9343357d6cb963060d7908aa2637165f89cf21a4eb8f7538bb2ddb79e54f DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpce300c395d23e5693047c429dcf68baf9141ee074a578d08d434f6e1ae520374d0c7928 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpce500mc189b5636d5a9a46a6ed38a7fdcd6b4f063fd7abc292363ff9ef7ac77852eae49 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.sparc25bf2d5845b6d3497bbceeeda40ba99a78e27f8ca88ec2efb690d919b4c5b8f6 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.sparc640e7338e304ae5c960e232d80d98edb0a281d03c974ab13c6de4b0596fd0557c9 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.armv4n/an/aelf

Intelligence

File Origin
# of uploads :
1
# of downloads :
23
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
URLhaus.3462419.UNOFFICIAL
Create hunting rule

URLhaus.3462413.UNOFFICIAL
Create hunting rule

URLhaus.3462403.UNOFFICIAL
Create hunting rule

URLhaus.3462409.UNOFFICIAL
Create hunting rule

URLhaus.3462416.UNOFFICIAL
Create hunting rule

URLhaus.3462399.UNOFFICIAL
Create hunting rule

URLhaus.3462402.UNOFFICIAL
Create hunting rule

URLhaus.3447675.UNOFFICIAL
Create hunting rule

URLhaus.3447676.UNOFFICIAL
Create hunting rule

URLhaus.3447679.UNOFFICIAL
Create hunting rule

URLhaus.3462417.UNOFFICIAL
Create hunting rule

URLhaus.3462395.UNOFFICIAL
Create hunting rule

URLhaus.3447674.UNOFFICIAL
Create hunting rule

URLhaus.3462404.UNOFFICIAL
Create hunting rule

URLhaus.3462410.UNOFFICIAL
Create hunting rule

URLhaus.3462418.UNOFFICIAL
Create hunting rule

URLhaus.3462407.UNOFFICIAL
Create hunting rule

URLhaus.3462397.UNOFFICIAL
Create hunting rule

URLhaus.3447677.UNOFFICIAL
Create hunting rule

URLhaus.3462398.UNOFFICIAL
Create hunting rule

URLhaus.3462400.UNOFFICIAL
Create hunting rule

URLhaus.3462415.UNOFFICIAL
Create hunting rule

URLhaus.3462406.UNOFFICIAL
Create hunting rule

URLhaus.3462405.UNOFFICIAL
Create hunting rule

URLhaus.3462401.UNOFFICIAL
Create hunting rule

URLhaus.3462396.UNOFFICIAL
Create hunting rule

URLhaus.3462412.UNOFFICIAL
Create hunting rule

URLhaus.3462408.UNOFFICIAL
Create hunting rule

URLhaus.3462414.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/687d3be08a7d628a81b8aa1b/reports/a0ddabc4-a512-4c09-95dc-9c75e42f2feb/overview
Verdict:
Malicious
Labled as:
Bash.MiraiA.Generic
Link:
https://www.hybrid-analysis.com/sample/3d78483906b8b08d6b394182baac87a25ec3a9cc6830c31ead67eb2962e6cdf6
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b7896119-baa5-4541-a686-383f09f8e295
Behavior Graph:
Download SVG
%3 guuid=bda66763-1d00-0000-6f64-39c3ea0a0000 pid=2794 /usr/bin/sudo guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798 /tmp/sample.bin guuid=bda66763-1d00-0000-6f64-39c3ea0a0000 pid=2794->guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798 execve guuid=11c9b365-1d00-0000-6f64-39c3f00a0000 pid=2800 /usr/bin/rm guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=11c9b365-1d00-0000-6f64-39c3f00a0000 pid=2800 execve guuid=08ee2d66-1d00-0000-6f64-39c3f20a0000 pid=2802 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=08ee2d66-1d00-0000-6f64-39c3f20a0000 pid=2802 execve guuid=3839ae74-1d00-0000-6f64-39c30f0b0000 pid=2831 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=3839ae74-1d00-0000-6f64-39c30f0b0000 pid=2831 execve guuid=6fb1f774-1d00-0000-6f64-39c3110b0000 pid=2833 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=6fb1f774-1d00-0000-6f64-39c3110b0000 pid=2833 clone guuid=7dc0ae75-1d00-0000-6f64-39c3150b0000 pid=2837 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=7dc0ae75-1d00-0000-6f64-39c3150b0000 pid=2837 execve guuid=3dc1ef75-1d00-0000-6f64-39c3160b0000 pid=2838 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=3dc1ef75-1d00-0000-6f64-39c3160b0000 pid=2838 execve guuid=5f428981-1d00-0000-6f64-39c3320b0000 pid=2866 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=5f428981-1d00-0000-6f64-39c3320b0000 pid=2866 execve guuid=61edeb81-1d00-0000-6f64-39c3340b0000 pid=2868 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=61edeb81-1d00-0000-6f64-39c3340b0000 pid=2868 clone guuid=91a48c82-1d00-0000-6f64-39c3380b0000 pid=2872 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=91a48c82-1d00-0000-6f64-39c3380b0000 pid=2872 execve guuid=858ae782-1d00-0000-6f64-39c33a0b0000 pid=2874 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=858ae782-1d00-0000-6f64-39c33a0b0000 pid=2874 execve guuid=7169e68e-1d00-0000-6f64-39c35a0b0000 pid=2906 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=7169e68e-1d00-0000-6f64-39c35a0b0000 pid=2906 execve guuid=a310248f-1d00-0000-6f64-39c35b0b0000 pid=2907 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=a310248f-1d00-0000-6f64-39c35b0b0000 pid=2907 clone guuid=8f6dbc8f-1d00-0000-6f64-39c35d0b0000 pid=2909 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=8f6dbc8f-1d00-0000-6f64-39c35d0b0000 pid=2909 execve guuid=d0a2fb8f-1d00-0000-6f64-39c35e0b0000 pid=2910 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=d0a2fb8f-1d00-0000-6f64-39c35e0b0000 pid=2910 execve guuid=2dca999e-1d00-0000-6f64-39c36c0b0000 pid=2924 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=2dca999e-1d00-0000-6f64-39c36c0b0000 pid=2924 execve guuid=302be59e-1d00-0000-6f64-39c36d0b0000 pid=2925 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=302be59e-1d00-0000-6f64-39c36d0b0000 pid=2925 clone guuid=5e0217a1-1d00-0000-6f64-39c3730b0000 pid=2931 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=5e0217a1-1d00-0000-6f64-39c3730b0000 pid=2931 execve guuid=42bb79a1-1d00-0000-6f64-39c3750b0000 pid=2933 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=42bb79a1-1d00-0000-6f64-39c3750b0000 pid=2933 execve guuid=26d5e5af-1d00-0000-6f64-39c3850b0000 pid=2949 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=26d5e5af-1d00-0000-6f64-39c3850b0000 pid=2949 execve guuid=905722b0-1d00-0000-6f64-39c3870b0000 pid=2951 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=905722b0-1d00-0000-6f64-39c3870b0000 pid=2951 clone guuid=c764a5b0-1d00-0000-6f64-39c38b0b0000 pid=2955 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=c764a5b0-1d00-0000-6f64-39c38b0b0000 pid=2955 execve guuid=e3240bb1-1d00-0000-6f64-39c38d0b0000 pid=2957 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=e3240bb1-1d00-0000-6f64-39c38d0b0000 pid=2957 execve guuid=0a8205bd-1d00-0000-6f64-39c3a60b0000 pid=2982 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=0a8205bd-1d00-0000-6f64-39c3a60b0000 pid=2982 execve guuid=0ad54ebd-1d00-0000-6f64-39c3a80b0000 pid=2984 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=0ad54ebd-1d00-0000-6f64-39c3a80b0000 pid=2984 clone guuid=5b4918be-1d00-0000-6f64-39c3ab0b0000 pid=2987 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=5b4918be-1d00-0000-6f64-39c3ab0b0000 pid=2987 execve guuid=aee7a1be-1d00-0000-6f64-39c3ac0b0000 pid=2988 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=aee7a1be-1d00-0000-6f64-39c3ac0b0000 pid=2988 execve guuid=6979f3ca-1d00-0000-6f64-39c3c10b0000 pid=3009 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=6979f3ca-1d00-0000-6f64-39c3c10b0000 pid=3009 execve guuid=ff1f33cb-1d00-0000-6f64-39c3c30b0000 pid=3011 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=ff1f33cb-1d00-0000-6f64-39c3c30b0000 pid=3011 clone guuid=e1a8c1cc-1d00-0000-6f64-39c3ca0b0000 pid=3018 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=e1a8c1cc-1d00-0000-6f64-39c3ca0b0000 pid=3018 execve guuid=1a2109cd-1d00-0000-6f64-39c3cc0b0000 pid=3020 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=1a2109cd-1d00-0000-6f64-39c3cc0b0000 pid=3020 execve guuid=908cb0dc-1d00-0000-6f64-39c3f40b0000 pid=3060 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=908cb0dc-1d00-0000-6f64-39c3f40b0000 pid=3060 execve guuid=2db914dd-1d00-0000-6f64-39c3f60b0000 pid=3062 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=2db914dd-1d00-0000-6f64-39c3f60b0000 pid=3062 clone guuid=955cd6dd-1d00-0000-6f64-39c3fa0b0000 pid=3066 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=955cd6dd-1d00-0000-6f64-39c3fa0b0000 pid=3066 execve guuid=0a8810de-1d00-0000-6f64-39c3fc0b0000 pid=3068 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=0a8810de-1d00-0000-6f64-39c3fc0b0000 pid=3068 execve guuid=2f2016f4-1d00-0000-6f64-39c3340c0000 pid=3124 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=2f2016f4-1d00-0000-6f64-39c3340c0000 pid=3124 execve guuid=d9bb4cf4-1d00-0000-6f64-39c3350c0000 pid=3125 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=d9bb4cf4-1d00-0000-6f64-39c3350c0000 pid=3125 clone guuid=c71803f5-1d00-0000-6f64-39c3390c0000 pid=3129 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=c71803f5-1d00-0000-6f64-39c3390c0000 pid=3129 execve guuid=3d5c4af5-1d00-0000-6f64-39c33b0c0000 pid=3131 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=3d5c4af5-1d00-0000-6f64-39c33b0c0000 pid=3131 execve guuid=cf0c350b-1e00-0000-6f64-39c3780c0000 pid=3192 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=cf0c350b-1e00-0000-6f64-39c3780c0000 pid=3192 execve guuid=e03d8b0b-1e00-0000-6f64-39c37a0c0000 pid=3194 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=e03d8b0b-1e00-0000-6f64-39c37a0c0000 pid=3194 clone guuid=fd44440c-1e00-0000-6f64-39c37e0c0000 pid=3198 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=fd44440c-1e00-0000-6f64-39c37e0c0000 pid=3198 execve guuid=f9b2b30c-1e00-0000-6f64-39c3800c0000 pid=3200 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=f9b2b30c-1e00-0000-6f64-39c3800c0000 pid=3200 execve guuid=d6a7d81a-1e00-0000-6f64-39c39b0c0000 pid=3227 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=d6a7d81a-1e00-0000-6f64-39c39b0c0000 pid=3227 execve guuid=83e8261b-1e00-0000-6f64-39c39c0c0000 pid=3228 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=83e8261b-1e00-0000-6f64-39c39c0c0000 pid=3228 clone guuid=359cca1b-1e00-0000-6f64-39c39e0c0000 pid=3230 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=359cca1b-1e00-0000-6f64-39c39e0c0000 pid=3230 execve guuid=c7ff271c-1e00-0000-6f64-39c39f0c0000 pid=3231 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=c7ff271c-1e00-0000-6f64-39c39f0c0000 pid=3231 execve guuid=5fb2ff2a-1e00-0000-6f64-39c3a40c0000 pid=3236 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=5fb2ff2a-1e00-0000-6f64-39c3a40c0000 pid=3236 execve guuid=24214b2b-1e00-0000-6f64-39c3a70c0000 pid=3239 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=24214b2b-1e00-0000-6f64-39c3a70c0000 pid=3239 clone guuid=8359c32b-1e00-0000-6f64-39c3aa0c0000 pid=3242 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=8359c32b-1e00-0000-6f64-39c3aa0c0000 pid=3242 execve guuid=059c132c-1e00-0000-6f64-39c3ac0c0000 pid=3244 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=059c132c-1e00-0000-6f64-39c3ac0c0000 pid=3244 execve guuid=f5e4333a-1e00-0000-6f64-39c3c40c0000 pid=3268 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=f5e4333a-1e00-0000-6f64-39c3c40c0000 pid=3268 execve guuid=5c02bf3a-1e00-0000-6f64-39c3c60c0000 pid=3270 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=5c02bf3a-1e00-0000-6f64-39c3c60c0000 pid=3270 clone guuid=c7e4d73b-1e00-0000-6f64-39c3ca0c0000 pid=3274 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=c7e4d73b-1e00-0000-6f64-39c3ca0c0000 pid=3274 execve guuid=d8b0583c-1e00-0000-6f64-39c3cb0c0000 pid=3275 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=d8b0583c-1e00-0000-6f64-39c3cb0c0000 pid=3275 execve guuid=e96bf84a-1e00-0000-6f64-39c3d50c0000 pid=3285 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=e96bf84a-1e00-0000-6f64-39c3d50c0000 pid=3285 execve guuid=3f4d504b-1e00-0000-6f64-39c3d60c0000 pid=3286 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=3f4d504b-1e00-0000-6f64-39c3d60c0000 pid=3286 clone guuid=1613f64b-1e00-0000-6f64-39c3d90c0000 pid=3289 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=1613f64b-1e00-0000-6f64-39c3d90c0000 pid=3289 execve guuid=0d70454c-1e00-0000-6f64-39c3db0c0000 pid=3291 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=0d70454c-1e00-0000-6f64-39c3db0c0000 pid=3291 execve guuid=660b3f5b-1e00-0000-6f64-39c3f30c0000 pid=3315 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=660b3f5b-1e00-0000-6f64-39c3f30c0000 pid=3315 execve guuid=ab0b7c5b-1e00-0000-6f64-39c3f50c0000 pid=3317 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=ab0b7c5b-1e00-0000-6f64-39c3f50c0000 pid=3317 clone guuid=4c18035c-1e00-0000-6f64-39c3f80c0000 pid=3320 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=4c18035c-1e00-0000-6f64-39c3f80c0000 pid=3320 execve guuid=6da24a5c-1e00-0000-6f64-39c3fa0c0000 pid=3322 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=6da24a5c-1e00-0000-6f64-39c3fa0c0000 pid=3322 execve guuid=59704c6a-1e00-0000-6f64-39c3230d0000 pid=3363 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=59704c6a-1e00-0000-6f64-39c3230d0000 pid=3363 execve guuid=e03f836a-1e00-0000-6f64-39c3250d0000 pid=3365 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=e03f836a-1e00-0000-6f64-39c3250d0000 pid=3365 clone guuid=e1e3186b-1e00-0000-6f64-39c3280d0000 pid=3368 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=e1e3186b-1e00-0000-6f64-39c3280d0000 pid=3368 execve guuid=70e2586b-1e00-0000-6f64-39c32a0d0000 pid=3370 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=70e2586b-1e00-0000-6f64-39c32a0d0000 pid=3370 execve guuid=96c82579-1e00-0000-6f64-39c34e0d0000 pid=3406 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=96c82579-1e00-0000-6f64-39c34e0d0000 pid=3406 execve guuid=c0006a79-1e00-0000-6f64-39c34f0d0000 pid=3407 /usr/bin/dash guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=c0006a79-1e00-0000-6f64-39c34f0d0000 pid=3407 clone guuid=5bddf679-1e00-0000-6f64-39c3510d0000 pid=3409 /usr/bin/rm delete-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=5bddf679-1e00-0000-6f64-39c3510d0000 pid=3409 execve guuid=584c4c7a-1e00-0000-6f64-39c3520d0000 pid=3410 /usr/bin/wget net send-data write-file guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=584c4c7a-1e00-0000-6f64-39c3520d0000 pid=3410 execve guuid=c58aeb88-1e00-0000-6f64-39c3700d0000 pid=3440 /usr/bin/chmod guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=c58aeb88-1e00-0000-6f64-39c3700d0000 pid=3440 execve guuid=c77a2789-1e00-0000-6f64-39c3720d0000 pid=3442 /tmp/whisper.i686 net send-data guuid=3af06f65-1d00-0000-6f64-39c3ee0a0000 pid=2798->guuid=c77a2789-1e00-0000-6f64-39c3720d0000 pid=3442 execve 4466a7ec-d357-5dbd-9f7f-c7e61f48c387 31.170.22.205:80 guuid=08ee2d66-1d00-0000-6f64-39c3f20a0000 pid=2802->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 146B guuid=3dc1ef75-1d00-0000-6f64-39c3160b0000 pid=2838->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 146B guuid=858ae782-1d00-0000-6f64-39c33a0b0000 pid=2874->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 146B guuid=d0a2fb8f-1d00-0000-6f64-39c35e0b0000 pid=2910->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 148B guuid=42bb79a1-1d00-0000-6f64-39c3750b0000 pid=2933->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=e3240bb1-1d00-0000-6f64-39c38d0b0000 pid=2957->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=aee7a1be-1d00-0000-6f64-39c3ac0b0000 pid=2988->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=1a2109cd-1d00-0000-6f64-39c3cc0b0000 pid=3020->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 145B guuid=0a8810de-1d00-0000-6f64-39c3fc0b0000 pid=3068->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 147B guuid=3d5c4af5-1d00-0000-6f64-39c33b0c0000 pid=3131->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 149B guuid=f9b2b30c-1e00-0000-6f64-39c3800c0000 pid=3200->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 152B guuid=c7ff271c-1e00-0000-6f64-39c39f0c0000 pid=3231->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=059c132c-1e00-0000-6f64-39c3ac0c0000 pid=3244->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 147B guuid=d8b0583c-1e00-0000-6f64-39c3cb0c0000 pid=3275->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 148B guuid=0d70454c-1e00-0000-6f64-39c3db0c0000 pid=3291->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 148B guuid=6da24a5c-1e00-0000-6f64-39c3fa0c0000 pid=3322->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 145B guuid=70e2586b-1e00-0000-6f64-39c32a0d0000 pid=3370->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 144B guuid=584c4c7a-1e00-0000-6f64-39c3520d0000 pid=3410->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 145B guuid=c77a2789-1e00-0000-6f64-39c3720d0000 pid=3442->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 139B
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3d78483906b8b08d6b394182baac87a25ec3a9cc6830c31ead67eb2962e6cdf6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3d78483906b8b08d6b394182baac87a25ec3a9cc6830c31ead67eb2962e6cdf6/
Threat name:
Script-Shell.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-07-21 01:24:00 UTC
File Type:
Text (Shell)
AV detection:
10 of 23 (43.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hv4eqoigxcyi22zzigblvlehujpmhkomnaymghvnm7vssyxgzx3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3d78483906b8b08d6b394182baac87a25ec3a9cc6830c31ead67eb2962e6cdf6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DDoSAgent

sh 3d78483906b8b08d6b394182baac87a25ec3a9cc6830c31ead67eb2962e6cdf6

(this sample)

DDoSAgent

elf 55d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527

  
URLhaus
https://urlhaus.abuse.ch/url/3490235/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2f4c13a8e22bcca551ce49a5b20245af
  
Dropping
SHA256 55d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527

Comments