MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3ea57f49c459e920fe76836749a0872c879f8fd7ff1a369109ef9d551c07fcaf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DDoSAgent


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3ea57f49c459e920fe76836749a0872c879f8fd7ff1a369109ef9d551c07fcaf
SHA3-384 hash: a95537a5489959edcbba058b9a5a2274c3ef4de50f97b55193d64ebcf32daa8545100df85d4eeeab4d4bfd8bbf01217d
SHA1 hash: 36a1168163e91f758d89797c02719a417e7b23dc
MD5 hash: cded3ec189f630e7738fdd4ec1ed9488
humanhash: wolfram-cup-alanine-iowa
File name:dl17
Download: download sample
Signature DDoSAgent
Create hunting rule
File size:3'654 bytes
First seen:2025-07-20 18:23:50 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:yjEaNCawerfSXfBXtbZA3uVg7Vg1zoT9cMHJL:pX+F
TLSH T1B67180D902E203005101B60F3BFD7B61BEA482E5AE7B0F89FC99CDB648B0A55F125F59
Magika shell
Reporter abuse_ch
Tags:DDOSAgent sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.170.22.205/bins/whisper.armv555d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.armv62b4c87240aaf767982d676933e628f8bf2957c931d906a90c88ccf3a18dc55ce DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.armv7e97da696893a2a090ac962789c524119aacab5583df1f2074c081295a0f582e3 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.aarch6438b7cbe9ff53cec015d67d04da59bcced70fae6c7e1d15baf95abc34035cc862 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.aarch64be5b489dfd7395de9106468d7b92374c56d30af994b4ea06be6c77e98ba540cf6a DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.arcle750d6001350ab65adfd7a9e0fca7560c49fc5d8f6e96939f1bdb630599e5fb902a14 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.arclehs381a3c8f2dbd32b05b5dc1c7ebd3b5cdaaf24fb5296978e6061671edca802a41f4 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.mips3d0ff85391334a8130b92bf85bb1b760f7f060508a5bfaab3ff7eb9a2ca53b0a DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64b8c1191781c9feb322cfcacf40f4f1d207a09af4d786e26a7455e8a36afd4a1c DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64le527a822afceebc65d8926a1dd0c3c97862f3e114db26f104797c58f45a2e609c DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64len32c6a1cd7348531c4c0db50ecf21f64e444b33a3ff194ed55a467adb938ec22408 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.mips64n3290676d5a951bfb339c20472a0d3ff253767268f54be520eb6410522eeba9741e DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.mipslee479f82af03dd6087f688cd398fc792a6443e362c9a36348ab53a3f6ddc591a2 DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.riscv3245ca399bc539910e391f87bb398acac0f5c47410acb0d329ea3bf82406b3c189 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.riscv6484dbcc96a5ede7cb185d06f1116aee3bbe07e85ab020e86b5d4bfa9dcc6e60e1 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.m68kc304b1825bfe337bc1801440ca0bb1cda35aa96672d60952b852a5b2e3255f06 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.sh4n/an/aelf
http://31.170.22.205/bins/whisper.i6862ba541b4a6c62619d785852c86d67829118e70a52105ef37f32010aecb64784b DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.x6411742623bba0e1ca221814a36cd8239be94898c59fcc61c1328a6230a9981219 DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.powerpc440fp197455fb6ac704dea344ee392427a842c243f6919c6886965b9586424b65e00b DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64e55001033d5f5d215d7df4d05737606f8323406eaeb9c215e1308fe48e77aba6f00f4 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64e6500a97c72cdfb63586cf2bbf84c6839b38eaf7af1a474d6f5f27af0b11f7140f067 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64lepower84d5ef555aac80b752223c279e28e49de774e1a68309e426095c52690a105f313 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64power8e3ed9343357d6cb963060d7908aa2637165f89cf21a4eb8f7538bb2ddb79e54f DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpce300c395d23e5693047c429dcf68baf9141ee074a578d08d434f6e1ae520374d0c7928 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpce500mc189b5636d5a9a46a6ed38a7fdcd6b4f063fd7abc292363ff9ef7ac77852eae49 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.sparc25bf2d5845b6d3497bbceeeda40ba99a78e27f8ca88ec2efb690d919b4c5b8f6 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.sparc640e7338e304ae5c960e232d80d98edb0a281d03c974ab13c6de4b0596fd0557c9 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.armv4n/an/aelf

Intelligence

File Origin
# of uploads :
1
# of downloads :
22
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
URLhaus.3462419.UNOFFICIAL
Create hunting rule

URLhaus.3462413.UNOFFICIAL
Create hunting rule

URLhaus.3462403.UNOFFICIAL
Create hunting rule

URLhaus.3462409.UNOFFICIAL
Create hunting rule

URLhaus.3462416.UNOFFICIAL
Create hunting rule

URLhaus.3462399.UNOFFICIAL
Create hunting rule

URLhaus.3462402.UNOFFICIAL
Create hunting rule

URLhaus.3447675.UNOFFICIAL
Create hunting rule

URLhaus.3447676.UNOFFICIAL
Create hunting rule

URLhaus.3447679.UNOFFICIAL
Create hunting rule

URLhaus.3462417.UNOFFICIAL
Create hunting rule

URLhaus.3462395.UNOFFICIAL
Create hunting rule

URLhaus.3447674.UNOFFICIAL
Create hunting rule

URLhaus.3462404.UNOFFICIAL
Create hunting rule

URLhaus.3462410.UNOFFICIAL
Create hunting rule

URLhaus.3462418.UNOFFICIAL
Create hunting rule

URLhaus.3462407.UNOFFICIAL
Create hunting rule

URLhaus.3462397.UNOFFICIAL
Create hunting rule

URLhaus.3447677.UNOFFICIAL
Create hunting rule

URLhaus.3462398.UNOFFICIAL
Create hunting rule

URLhaus.3462400.UNOFFICIAL
Create hunting rule

URLhaus.3462415.UNOFFICIAL
Create hunting rule

URLhaus.3462406.UNOFFICIAL
Create hunting rule

URLhaus.3462405.UNOFFICIAL
Create hunting rule

URLhaus.3462401.UNOFFICIAL
Create hunting rule

URLhaus.3462396.UNOFFICIAL
Create hunting rule

URLhaus.3462412.UNOFFICIAL
Create hunting rule

URLhaus.3462408.UNOFFICIAL
Create hunting rule

URLhaus.3462414.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/687d345a8a7d628a81b8a525/reports/82dbb7bc-0b2f-41c2-82d6-454afe2953e2/overview
Verdict:
Malicious
Labled as:
Bash.MiraiA.Generic
Link:
https://www.hybrid-analysis.com/sample/3ea57f49c459e920fe76836749a0872c879f8fd7ff1a369109ef9d551c07fcaf
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2d992a9a-dc18-427c-ba40-2b2295943063
Behavior Graph:
Download SVG
%3 guuid=2b778bb7-1900-0000-7fae-d26ca0090000 pid=2464 /usr/bin/sudo guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470 /tmp/sample.bin guuid=2b778bb7-1900-0000-7fae-d26ca0090000 pid=2464->guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470 execve guuid=174bf4b9-1900-0000-7fae-d26ca8090000 pid=2472 /usr/bin/rm guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=174bf4b9-1900-0000-7fae-d26ca8090000 pid=2472 execve guuid=d1953fba-1900-0000-7fae-d26caa090000 pid=2474 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=d1953fba-1900-0000-7fae-d26caa090000 pid=2474 execve guuid=dfd920c9-1900-0000-7fae-d26cc8090000 pid=2504 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=dfd920c9-1900-0000-7fae-d26cc8090000 pid=2504 execve guuid=06e07ec9-1900-0000-7fae-d26cca090000 pid=2506 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=06e07ec9-1900-0000-7fae-d26cca090000 pid=2506 clone guuid=d0b35aca-1900-0000-7fae-d26ccd090000 pid=2509 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=d0b35aca-1900-0000-7fae-d26ccd090000 pid=2509 execve guuid=2f5bb9ca-1900-0000-7fae-d26ccf090000 pid=2511 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=2f5bb9ca-1900-0000-7fae-d26ccf090000 pid=2511 execve guuid=aa7bced8-1900-0000-7fae-d26cee090000 pid=2542 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=aa7bced8-1900-0000-7fae-d26cee090000 pid=2542 execve guuid=1b2e2ed9-1900-0000-7fae-d26cef090000 pid=2543 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=1b2e2ed9-1900-0000-7fae-d26cef090000 pid=2543 clone guuid=eab804da-1900-0000-7fae-d26cf1090000 pid=2545 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=eab804da-1900-0000-7fae-d26cf1090000 pid=2545 execve guuid=a8c260da-1900-0000-7fae-d26cf3090000 pid=2547 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=a8c260da-1900-0000-7fae-d26cf3090000 pid=2547 execve guuid=92679ae9-1900-0000-7fae-d26c1c0a0000 pid=2588 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=92679ae9-1900-0000-7fae-d26c1c0a0000 pid=2588 execve guuid=eb5ddee9-1900-0000-7fae-d26c1d0a0000 pid=2589 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=eb5ddee9-1900-0000-7fae-d26c1d0a0000 pid=2589 clone guuid=826171ea-1900-0000-7fae-d26c200a0000 pid=2592 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=826171ea-1900-0000-7fae-d26c200a0000 pid=2592 execve guuid=d1bfbbea-1900-0000-7fae-d26c220a0000 pid=2594 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=d1bfbbea-1900-0000-7fae-d26c220a0000 pid=2594 execve guuid=fd3683f8-1900-0000-7fae-d26c490a0000 pid=2633 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=fd3683f8-1900-0000-7fae-d26c490a0000 pid=2633 execve guuid=b016baf8-1900-0000-7fae-d26c4b0a0000 pid=2635 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=b016baf8-1900-0000-7fae-d26c4b0a0000 pid=2635 clone guuid=526f11fa-1900-0000-7fae-d26c4f0a0000 pid=2639 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=526f11fa-1900-0000-7fae-d26c4f0a0000 pid=2639 execve guuid=2d6466fa-1900-0000-7fae-d26c500a0000 pid=2640 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=2d6466fa-1900-0000-7fae-d26c500a0000 pid=2640 execve guuid=dc5d2b0b-1a00-0000-7fae-d26c7e0a0000 pid=2686 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=dc5d2b0b-1a00-0000-7fae-d26c7e0a0000 pid=2686 execve guuid=6293720b-1a00-0000-7fae-d26c800a0000 pid=2688 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=6293720b-1a00-0000-7fae-d26c800a0000 pid=2688 clone guuid=0a12200c-1a00-0000-7fae-d26c830a0000 pid=2691 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=0a12200c-1a00-0000-7fae-d26c830a0000 pid=2691 execve guuid=13516a0c-1a00-0000-7fae-d26c850a0000 pid=2693 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=13516a0c-1a00-0000-7fae-d26c850a0000 pid=2693 execve guuid=164de417-1a00-0000-7fae-d26ca20a0000 pid=2722 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=164de417-1a00-0000-7fae-d26ca20a0000 pid=2722 execve guuid=2a5c4918-1a00-0000-7fae-d26ca50a0000 pid=2725 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=2a5c4918-1a00-0000-7fae-d26ca50a0000 pid=2725 clone guuid=a8351219-1a00-0000-7fae-d26caa0a0000 pid=2730 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=a8351219-1a00-0000-7fae-d26caa0a0000 pid=2730 execve guuid=b0b85319-1a00-0000-7fae-d26cac0a0000 pid=2732 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=b0b85319-1a00-0000-7fae-d26cac0a0000 pid=2732 execve guuid=5e8ab225-1a00-0000-7fae-d26ccd0a0000 pid=2765 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=5e8ab225-1a00-0000-7fae-d26ccd0a0000 pid=2765 execve guuid=f2d6fa25-1a00-0000-7fae-d26ccf0a0000 pid=2767 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=f2d6fa25-1a00-0000-7fae-d26ccf0a0000 pid=2767 clone guuid=3b7cdd26-1a00-0000-7fae-d26cd20a0000 pid=2770 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=3b7cdd26-1a00-0000-7fae-d26cd20a0000 pid=2770 execve guuid=0e675127-1a00-0000-7fae-d26cd40a0000 pid=2772 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=0e675127-1a00-0000-7fae-d26cd40a0000 pid=2772 execve guuid=536fa835-1a00-0000-7fae-d26ceb0a0000 pid=2795 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=536fa835-1a00-0000-7fae-d26ceb0a0000 pid=2795 execve guuid=bb14f735-1a00-0000-7fae-d26ced0a0000 pid=2797 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=bb14f735-1a00-0000-7fae-d26ced0a0000 pid=2797 clone guuid=3eda9d36-1a00-0000-7fae-d26cf10a0000 pid=2801 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=3eda9d36-1a00-0000-7fae-d26cf10a0000 pid=2801 execve guuid=f1e7df36-1a00-0000-7fae-d26cf20a0000 pid=2802 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=f1e7df36-1a00-0000-7fae-d26cf20a0000 pid=2802 execve guuid=ebb0554a-1a00-0000-7fae-d26c120b0000 pid=2834 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=ebb0554a-1a00-0000-7fae-d26c120b0000 pid=2834 execve guuid=1a01a14a-1a00-0000-7fae-d26c140b0000 pid=2836 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=1a01a14a-1a00-0000-7fae-d26c140b0000 pid=2836 clone guuid=9571534b-1a00-0000-7fae-d26c170b0000 pid=2839 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=9571534b-1a00-0000-7fae-d26c170b0000 pid=2839 execve guuid=2ba5954b-1a00-0000-7fae-d26c190b0000 pid=2841 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=2ba5954b-1a00-0000-7fae-d26c190b0000 pid=2841 execve guuid=d77be761-1a00-0000-7fae-d26c360b0000 pid=2870 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=d77be761-1a00-0000-7fae-d26c360b0000 pid=2870 execve guuid=fbb32c62-1a00-0000-7fae-d26c380b0000 pid=2872 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=fbb32c62-1a00-0000-7fae-d26c380b0000 pid=2872 clone guuid=8ebcd662-1a00-0000-7fae-d26c3b0b0000 pid=2875 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=8ebcd662-1a00-0000-7fae-d26c3b0b0000 pid=2875 execve guuid=77aa2e63-1a00-0000-7fae-d26c3d0b0000 pid=2877 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=77aa2e63-1a00-0000-7fae-d26c3d0b0000 pid=2877 execve guuid=316aa774-1a00-0000-7fae-d26c610b0000 pid=2913 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=316aa774-1a00-0000-7fae-d26c610b0000 pid=2913 execve guuid=d8f8fd74-1a00-0000-7fae-d26c620b0000 pid=2914 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=d8f8fd74-1a00-0000-7fae-d26c620b0000 pid=2914 clone guuid=9831c175-1a00-0000-7fae-d26c660b0000 pid=2918 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=9831c175-1a00-0000-7fae-d26c660b0000 pid=2918 execve guuid=77c41476-1a00-0000-7fae-d26c680b0000 pid=2920 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=77c41476-1a00-0000-7fae-d26c680b0000 pid=2920 execve guuid=81eb1d84-1a00-0000-7fae-d26c8c0b0000 pid=2956 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=81eb1d84-1a00-0000-7fae-d26c8c0b0000 pid=2956 execve guuid=a22ab584-1a00-0000-7fae-d26c8e0b0000 pid=2958 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=a22ab584-1a00-0000-7fae-d26c8e0b0000 pid=2958 clone guuid=01495786-1a00-0000-7fae-d26c920b0000 pid=2962 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=01495786-1a00-0000-7fae-d26c920b0000 pid=2962 execve guuid=f7809986-1a00-0000-7fae-d26c940b0000 pid=2964 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=f7809986-1a00-0000-7fae-d26c940b0000 pid=2964 execve guuid=fd448f97-1a00-0000-7fae-d26cab0b0000 pid=2987 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=fd448f97-1a00-0000-7fae-d26cab0b0000 pid=2987 execve guuid=39c9e897-1a00-0000-7fae-d26cac0b0000 pid=2988 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=39c9e897-1a00-0000-7fae-d26cac0b0000 pid=2988 clone guuid=539a7a98-1a00-0000-7fae-d26caf0b0000 pid=2991 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=539a7a98-1a00-0000-7fae-d26caf0b0000 pid=2991 execve guuid=2a83be98-1a00-0000-7fae-d26cb10b0000 pid=2993 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=2a83be98-1a00-0000-7fae-d26cb10b0000 pid=2993 execve guuid=f9d8f9ad-1a00-0000-7fae-d26cc60b0000 pid=3014 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=f9d8f9ad-1a00-0000-7fae-d26cc60b0000 pid=3014 execve guuid=25dd61ae-1a00-0000-7fae-d26cc70b0000 pid=3015 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=25dd61ae-1a00-0000-7fae-d26cc70b0000 pid=3015 clone guuid=710939af-1a00-0000-7fae-d26cc90b0000 pid=3017 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=710939af-1a00-0000-7fae-d26cc90b0000 pid=3017 execve guuid=bdf993af-1a00-0000-7fae-d26cca0b0000 pid=3018 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=bdf993af-1a00-0000-7fae-d26cca0b0000 pid=3018 execve guuid=4963b3bf-1a00-0000-7fae-d26ce00b0000 pid=3040 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=4963b3bf-1a00-0000-7fae-d26ce00b0000 pid=3040 execve guuid=0b93fabf-1a00-0000-7fae-d26ce20b0000 pid=3042 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=0b93fabf-1a00-0000-7fae-d26ce20b0000 pid=3042 clone guuid=cc2385c1-1a00-0000-7fae-d26ce70b0000 pid=3047 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=cc2385c1-1a00-0000-7fae-d26ce70b0000 pid=3047 execve guuid=aeeec9c1-1a00-0000-7fae-d26ce90b0000 pid=3049 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=aeeec9c1-1a00-0000-7fae-d26ce90b0000 pid=3049 execve guuid=d19c1ccd-1a00-0000-7fae-d26c020c0000 pid=3074 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=d19c1ccd-1a00-0000-7fae-d26c020c0000 pid=3074 execve guuid=a78868cd-1a00-0000-7fae-d26c040c0000 pid=3076 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=a78868cd-1a00-0000-7fae-d26c040c0000 pid=3076 clone guuid=233dfecd-1a00-0000-7fae-d26c080c0000 pid=3080 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=233dfecd-1a00-0000-7fae-d26c080c0000 pid=3080 execve guuid=782944ce-1a00-0000-7fae-d26c0a0c0000 pid=3082 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=782944ce-1a00-0000-7fae-d26c0a0c0000 pid=3082 execve guuid=3cd348dc-1a00-0000-7fae-d26c2e0c0000 pid=3118 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=3cd348dc-1a00-0000-7fae-d26c2e0c0000 pid=3118 execve guuid=0ed7c6dc-1a00-0000-7fae-d26c300c0000 pid=3120 /usr/bin/dash guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=0ed7c6dc-1a00-0000-7fae-d26c300c0000 pid=3120 clone guuid=94e37cdd-1a00-0000-7fae-d26c340c0000 pid=3124 /usr/bin/rm delete-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=94e37cdd-1a00-0000-7fae-d26c340c0000 pid=3124 execve guuid=bd3bc8dd-1a00-0000-7fae-d26c360c0000 pid=3126 /usr/bin/wget net send-data write-file guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=bd3bc8dd-1a00-0000-7fae-d26c360c0000 pid=3126 execve guuid=5c6d32ec-1a00-0000-7fae-d26c5a0c0000 pid=3162 /usr/bin/chmod guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=5c6d32ec-1a00-0000-7fae-d26c5a0c0000 pid=3162 execve guuid=3e3f97ec-1a00-0000-7fae-d26c5c0c0000 pid=3164 /tmp/whisper.i686 net send-data guuid=6f5d98b9-1900-0000-7fae-d26ca6090000 pid=2470->guuid=3e3f97ec-1a00-0000-7fae-d26c5c0c0000 pid=3164 execve 4466a7ec-d357-5dbd-9f7f-c7e61f48c387 31.170.22.205:80 guuid=d1953fba-1900-0000-7fae-d26caa090000 pid=2474->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 146B guuid=2f5bb9ca-1900-0000-7fae-d26ccf090000 pid=2511->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 146B guuid=a8c260da-1900-0000-7fae-d26cf3090000 pid=2547->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 146B guuid=d1bfbbea-1900-0000-7fae-d26c220a0000 pid=2594->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 148B guuid=2d6466fa-1900-0000-7fae-d26c500a0000 pid=2640->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=13516a0c-1a00-0000-7fae-d26c850a0000 pid=2693->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=b0b85319-1a00-0000-7fae-d26cac0a0000 pid=2732->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=0e675127-1a00-0000-7fae-d26cd40a0000 pid=2772->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 145B guuid=f1e7df36-1a00-0000-7fae-d26cf20a0000 pid=2802->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 147B guuid=2ba5954b-1a00-0000-7fae-d26c190b0000 pid=2841->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 149B guuid=77aa2e63-1a00-0000-7fae-d26c3d0b0000 pid=2877->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 152B guuid=77c41476-1a00-0000-7fae-d26c680b0000 pid=2920->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=f7809986-1a00-0000-7fae-d26c940b0000 pid=2964->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 147B guuid=2a83be98-1a00-0000-7fae-d26cb10b0000 pid=2993->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 148B guuid=bdf993af-1a00-0000-7fae-d26cca0b0000 pid=3018->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 148B guuid=aeeec9c1-1a00-0000-7fae-d26ce90b0000 pid=3049->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 145B guuid=782944ce-1a00-0000-7fae-d26c0a0c0000 pid=3082->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 144B guuid=bd3bc8dd-1a00-0000-7fae-d26c360c0000 pid=3126->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 145B guuid=3e3f97ec-1a00-0000-7fae-d26c5c0c0000 pid=3164->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 139B
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3ea57f49c459e920fe76836749a0872c879f8fd7ff1a369109ef9d551c07fcaf
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3ea57f49c459e920fe76836749a0872c879f8fd7ff1a369109ef9d551c07fcaf/
Threat name:
Script-Shell.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-07-21 01:24:00 UTC
File Type:
Text (Shell)
AV detection:
10 of 23 (43.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h2sx6soelhusb7twqntutiehfsdz7d6x74ndneij56ovkhah7sxq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/3ea57f49c459e920fe76836749a0872c879f8fd7ff1a369109ef9d551c07fcaf

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DDoSAgent

sh 3ea57f49c459e920fe76836749a0872c879f8fd7ff1a369109ef9d551c07fcaf

(this sample)

DDoSAgent

elf 55d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527

  
URLhaus
https://urlhaus.abuse.ch/url/3484493/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2f4c13a8e22bcca551ce49a5b20245af
  
Dropping
SHA256 55d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527

Comments