MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3f33ccf1ca7693c39478bfe3e435797e9ca75f8cc774e3893f04484b433c0cdf. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 3f33ccf1ca7693c39478bfe3e435797e9ca75f8cc774e3893f04484b433c0cdf
SHA3-384 hash: 5e5f34182e755377bbae24607aeac214beaa9d7999d9ff9c6cca0fd4e9ae0417e9b1357d30a9d8fc0e75d4e4a9054fd7
SHA1 hash: f83a8fa5bbb8ce98301b95712a8b20b452333e56
MD5 hash: 45d7540cc48d45d46753e3f037e5abd9
humanhash: texas-iowa-delaware-mountain
File name:ohshit.sh
Download: download sample
File size:3'007 bytes
First seen:2026-06-05 18:23:37 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:ipa270a27N7hpa2va26Gpa2gna2zPpa2fa2KWpa21a2oUpa271a27o7Upa2fOa2C:i827D27N7h82C26G82ga2zP82y2KW82x
TLSH T18F51A0C561846D382CB7AA13B7B7812830C1A0529CFE7F95DAC8FEE88A9ED147154B53
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.149.124/hiddenbin/boatnet.x8682b6eb8108d0ccb8dc62b36d24005d82dc7be46af0bca7d09b5c1cc273161d62 Miraielf mirai ua-wget
http://176.65.149.124/hiddenbin/boatnet.mipsbb2b445a438cd2091098112e40248b332da6d01378dacf5d48c97eba74e62151 Miraielf mirai ua-wget
http://176.65.149.124/hiddenbin/boatnet.arc1ce9c129d19c9486e849393cdae519e5f99d449011c82a9764697c028acb71ab Miraielf mirai ua-wget
http://176.65.149.124/hiddenbin/boatnet.i468n/an/aelf ua-wget
http://176.65.149.124/hiddenbin/boatnet.i686n/an/aelf ua-wget
http://176.65.149.124/hiddenbin/boatnet.x86_64n/an/aelf ua-wget
http://176.65.149.124/hiddenbin/boatnet.mpsl329364457ffadf784e8520c8044438bb198330a5b3df797eafed47510de9f36f Miraielf mirai ua-wget
http://176.65.149.124/hiddenbin/boatnet.arm4b0f2bd8aebda76893ea3480b55636dff2753abaa2cf2f60e5c9bda64a022527 Miraielf mirai ua-wget
http://176.65.149.124/hiddenbin/boatnet.arm5ca44a666b44067ac905c03d39fe0b893619a4fb3ad625cb53b1618ac94c50eb1 Miraielf mirai ua-wget
http://176.65.149.124/hiddenbin/boatnet.arm69a1f87886065530d0e112292c7e00161033c1d923be4b2a58ba09407e2f2f5d7 Miraielf mirai ua-wget
http://176.65.149.124/hiddenbin/boatnet.arm7e60cd20035abf992fdc949dd8304e7aa0dd088c93b770a417e0bc47fa125bce4 Miraielf mirai ua-wget
http://176.65.149.124/hiddenbin/boatnet.ppcacdd136213b46248f93c1f6220da9b0edec77039869a7960de45e89acab62a47 Miraielf mirai ua-wget
http://176.65.149.124/hiddenbin/boatnet.spce1965ba5f3bbe992a87377396373f264bfe6958e28c192a6b394308c2f327327 Miraielf mirai ua-wget
http://176.65.149.124/hiddenbin/boatnet.m68k9bb59f64c03c1dcc8850679572b3569be20c33f2f4d281398228a5fec13115af Miraielf mirai ua-wget
http://176.65.149.124/hiddenbin/boatnet.sh443fdec415105ff3004c8d905d138a13eb91ff38a5712b96be1656d55371718d5 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
52
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/6a23145c46e44aecc0d1cf0d/reports/d32c59fa-053a-4628-8b7c-40866e29782a/overview
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen
Link:
https://opentip.kaspersky.com/3f33ccf1ca7693c39478bfe3e435797e9ca75f8cc774e3893f04484b433c0cdf/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/67c35e31-9d38-4f4f-9776-54477dcf03ef
Behavior Graph:
Download SVG
%3 guuid=028ee1e8-1600-0000-c073-b2a47e0e0000 pid=3710 /usr/bin/sudo guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719 /tmp/sample.bin guuid=028ee1e8-1600-0000-c073-b2a47e0e0000 pid=3710->guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719 execve guuid=db1f1feb-1600-0000-c073-b2a4890e0000 pid=3721 /usr/bin/cp guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=db1f1feb-1600-0000-c073-b2a4890e0000 pid=3721 execve guuid=167d64f0-1600-0000-c073-b2a49d0e0000 pid=3741 /usr/bin/wget net send-data guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=167d64f0-1600-0000-c073-b2a49d0e0000 pid=3741 execve guuid=58034bf5-1600-0000-c073-b2a4ad0e0000 pid=3757 /usr/bin/curl net send-data write-file guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=58034bf5-1600-0000-c073-b2a4ad0e0000 pid=3757 execve guuid=b9cdafff-1600-0000-c073-b2a4da0e0000 pid=3802 /usr/bin/cat guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=b9cdafff-1600-0000-c073-b2a4da0e0000 pid=3802 execve guuid=ca701400-1700-0000-c073-b2a4dd0e0000 pid=3805 /usr/bin/chmod guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=ca701400-1700-0000-c073-b2a4dd0e0000 pid=3805 execve guuid=3afe6c00-1700-0000-c073-b2a4e00e0000 pid=3808 /usr/bin/bash guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=3afe6c00-1700-0000-c073-b2a4e00e0000 pid=3808 clone guuid=f113ab00-1700-0000-c073-b2a4e20e0000 pid=3810 /usr/bin/wget net send-data guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=f113ab00-1700-0000-c073-b2a4e20e0000 pid=3810 execve guuid=47132e05-1700-0000-c073-b2a4ee0e0000 pid=3822 /usr/bin/curl net send-data write-file guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=47132e05-1700-0000-c073-b2a4ee0e0000 pid=3822 execve guuid=dfb9ea0a-1700-0000-c073-b2a4f50e0000 pid=3829 /usr/bin/cat guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=dfb9ea0a-1700-0000-c073-b2a4f50e0000 pid=3829 execve guuid=e8f04e0b-1700-0000-c073-b2a4f70e0000 pid=3831 /usr/bin/chmod guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=e8f04e0b-1700-0000-c073-b2a4f70e0000 pid=3831 execve guuid=8ee7a00b-1700-0000-c073-b2a4f80e0000 pid=3832 /usr/bin/bash guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=8ee7a00b-1700-0000-c073-b2a4f80e0000 pid=3832 clone guuid=7a7ad70b-1700-0000-c073-b2a4fa0e0000 pid=3834 /usr/bin/wget net send-data guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=7a7ad70b-1700-0000-c073-b2a4fa0e0000 pid=3834 execve guuid=be41190f-1700-0000-c073-b2a4060f0000 pid=3846 /usr/bin/curl net send-data write-file guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=be41190f-1700-0000-c073-b2a4060f0000 pid=3846 execve guuid=ff354914-1700-0000-c073-b2a4190f0000 pid=3865 /usr/bin/cat guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=ff354914-1700-0000-c073-b2a4190f0000 pid=3865 execve guuid=33a8ba14-1700-0000-c073-b2a41c0f0000 pid=3868 /usr/bin/chmod guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=33a8ba14-1700-0000-c073-b2a41c0f0000 pid=3868 execve guuid=94372615-1700-0000-c073-b2a41e0f0000 pid=3870 /usr/bin/bash guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=94372615-1700-0000-c073-b2a41e0f0000 pid=3870 clone guuid=5e456715-1700-0000-c073-b2a41f0f0000 pid=3871 /usr/bin/wget net send-data guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=5e456715-1700-0000-c073-b2a41f0f0000 pid=3871 execve guuid=5a8b5426-1700-0000-c073-b2a46b0f0000 pid=3947 /usr/bin/curl net send-data write-file guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=5a8b5426-1700-0000-c073-b2a46b0f0000 pid=3947 execve guuid=bd9ac92b-1700-0000-c073-b2a4830f0000 pid=3971 /usr/bin/cat guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=bd9ac92b-1700-0000-c073-b2a4830f0000 pid=3971 execve guuid=9f7a112c-1700-0000-c073-b2a4840f0000 pid=3972 /usr/bin/chmod guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=9f7a112c-1700-0000-c073-b2a4840f0000 pid=3972 execve guuid=20b04d2c-1700-0000-c073-b2a4850f0000 pid=3973 /usr/bin/bash guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=20b04d2c-1700-0000-c073-b2a4850f0000 pid=3973 clone guuid=fccc8d2c-1700-0000-c073-b2a4890f0000 pid=3977 /usr/bin/wget net send-data guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=fccc8d2c-1700-0000-c073-b2a4890f0000 pid=3977 execve guuid=3dc1e42f-1700-0000-c073-b2a4920f0000 pid=3986 /usr/bin/curl net send-data write-file guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=3dc1e42f-1700-0000-c073-b2a4920f0000 pid=3986 execve guuid=731ded33-1700-0000-c073-b2a4a00f0000 pid=4000 /usr/bin/cat guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=731ded33-1700-0000-c073-b2a4a00f0000 pid=4000 execve guuid=45604034-1700-0000-c073-b2a4a20f0000 pid=4002 /usr/bin/chmod guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=45604034-1700-0000-c073-b2a4a20f0000 pid=4002 execve guuid=c96f8d34-1700-0000-c073-b2a4a60f0000 pid=4006 /usr/bin/bash guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=c96f8d34-1700-0000-c073-b2a4a60f0000 pid=4006 clone guuid=494eb734-1700-0000-c073-b2a4a70f0000 pid=4007 /usr/bin/wget net send-data guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=494eb734-1700-0000-c073-b2a4a70f0000 pid=4007 execve guuid=8e5dd637-1700-0000-c073-b2a4b50f0000 pid=4021 /usr/bin/curl net send-data write-file guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=8e5dd637-1700-0000-c073-b2a4b50f0000 pid=4021 execve guuid=ce42d43b-1700-0000-c073-b2a4c50f0000 pid=4037 /usr/bin/cat guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=ce42d43b-1700-0000-c073-b2a4c50f0000 pid=4037 execve guuid=aae4453c-1700-0000-c073-b2a4c80f0000 pid=4040 /usr/bin/chmod guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=aae4453c-1700-0000-c073-b2a4c80f0000 pid=4040 execve guuid=6d54b53c-1700-0000-c073-b2a4ca0f0000 pid=4042 /usr/bin/bash guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=6d54b53c-1700-0000-c073-b2a4ca0f0000 pid=4042 clone guuid=3a10ea3c-1700-0000-c073-b2a4cb0f0000 pid=4043 /usr/bin/wget net send-data guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=3a10ea3c-1700-0000-c073-b2a4cb0f0000 pid=4043 execve guuid=f1902640-1700-0000-c073-b2a4dc0f0000 pid=4060 /usr/bin/curl net send-data write-file guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=f1902640-1700-0000-c073-b2a4dc0f0000 pid=4060 execve guuid=34e59e44-1700-0000-c073-b2a4eb0f0000 pid=4075 /usr/bin/cat guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=34e59e44-1700-0000-c073-b2a4eb0f0000 pid=4075 execve guuid=0bb00e45-1700-0000-c073-b2a4ee0f0000 pid=4078 /usr/bin/chmod guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=0bb00e45-1700-0000-c073-b2a4ee0f0000 pid=4078 execve guuid=c0d98c45-1700-0000-c073-b2a4f10f0000 pid=4081 /usr/bin/bash guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=c0d98c45-1700-0000-c073-b2a4f10f0000 pid=4081 clone guuid=35e9c645-1700-0000-c073-b2a4f20f0000 pid=4082 /usr/bin/wget net send-data guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=35e9c645-1700-0000-c073-b2a4f20f0000 pid=4082 execve guuid=c1f38449-1700-0000-c073-b2a401100000 pid=4097 /usr/bin/curl net send-data write-file guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=c1f38449-1700-0000-c073-b2a401100000 pid=4097 execve guuid=e6e16a4d-1700-0000-c073-b2a411100000 pid=4113 /usr/bin/cat guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=e6e16a4d-1700-0000-c073-b2a411100000 pid=4113 execve guuid=4578c24d-1700-0000-c073-b2a414100000 pid=4116 /usr/bin/chmod guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=4578c24d-1700-0000-c073-b2a414100000 pid=4116 execve guuid=f71b1c4e-1700-0000-c073-b2a418100000 pid=4120 /usr/bin/bash guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=f71b1c4e-1700-0000-c073-b2a418100000 pid=4120 clone guuid=971c4a4e-1700-0000-c073-b2a419100000 pid=4121 /usr/bin/wget net send-data guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=971c4a4e-1700-0000-c073-b2a419100000 pid=4121 execve guuid=6c345351-1700-0000-c073-b2a426100000 pid=4134 /usr/bin/curl net send-data write-file guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=6c345351-1700-0000-c073-b2a426100000 pid=4134 execve guuid=e61c0455-1700-0000-c073-b2a437100000 pid=4151 /usr/bin/cat guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=e61c0455-1700-0000-c073-b2a437100000 pid=4151 execve guuid=342e5155-1700-0000-c073-b2a439100000 pid=4153 /usr/bin/chmod guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=342e5155-1700-0000-c073-b2a439100000 pid=4153 execve guuid=bb099d55-1700-0000-c073-b2a43b100000 pid=4155 /usr/bin/bash guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=bb099d55-1700-0000-c073-b2a43b100000 pid=4155 clone guuid=3dbec055-1700-0000-c073-b2a43c100000 pid=4156 /usr/bin/wget net send-data guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=3dbec055-1700-0000-c073-b2a43c100000 pid=4156 execve guuid=8437ad58-1700-0000-c073-b2a44c100000 pid=4172 /usr/bin/curl net send-data write-file guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=8437ad58-1700-0000-c073-b2a44c100000 pid=4172 execve guuid=63296c5c-1700-0000-c073-b2a45e100000 pid=4190 /usr/bin/cat guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=63296c5c-1700-0000-c073-b2a45e100000 pid=4190 execve guuid=c7a2b85c-1700-0000-c073-b2a45f100000 pid=4191 /usr/bin/chmod guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=c7a2b85c-1700-0000-c073-b2a45f100000 pid=4191 execve guuid=0279055d-1700-0000-c073-b2a461100000 pid=4193 /usr/bin/bash guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=0279055d-1700-0000-c073-b2a461100000 pid=4193 clone guuid=3d386c5d-1700-0000-c073-b2a464100000 pid=4196 /usr/bin/wget net send-data guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=3d386c5d-1700-0000-c073-b2a464100000 pid=4196 execve guuid=3c03cf60-1700-0000-c073-b2a46e100000 pid=4206 /usr/bin/curl net send-data write-file guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=3c03cf60-1700-0000-c073-b2a46e100000 pid=4206 execve guuid=9b30c265-1700-0000-c073-b2a483100000 pid=4227 /usr/bin/cat guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=9b30c265-1700-0000-c073-b2a483100000 pid=4227 execve guuid=e50b0f66-1700-0000-c073-b2a484100000 pid=4228 /usr/bin/chmod guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=e50b0f66-1700-0000-c073-b2a484100000 pid=4228 execve guuid=501d5e66-1700-0000-c073-b2a486100000 pid=4230 /usr/bin/bash guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=501d5e66-1700-0000-c073-b2a486100000 pid=4230 clone guuid=6ff8af66-1700-0000-c073-b2a489100000 pid=4233 /usr/bin/wget net send-data guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=6ff8af66-1700-0000-c073-b2a489100000 pid=4233 execve guuid=96a6026a-1700-0000-c073-b2a494100000 pid=4244 /usr/bin/curl net send-data write-file guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=96a6026a-1700-0000-c073-b2a494100000 pid=4244 execve guuid=42defe6d-1700-0000-c073-b2a4a8100000 pid=4264 /usr/bin/cat guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=42defe6d-1700-0000-c073-b2a4a8100000 pid=4264 execve guuid=dae3506e-1700-0000-c073-b2a4aa100000 pid=4266 /usr/bin/chmod guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=dae3506e-1700-0000-c073-b2a4aa100000 pid=4266 execve guuid=1b7da36e-1700-0000-c073-b2a4ac100000 pid=4268 /usr/bin/bash guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=1b7da36e-1700-0000-c073-b2a4ac100000 pid=4268 clone guuid=adf1de6e-1700-0000-c073-b2a4ae100000 pid=4270 /usr/bin/wget net send-data guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=adf1de6e-1700-0000-c073-b2a4ae100000 pid=4270 execve guuid=c814f3ae-1700-0000-c073-b2a47e110000 pid=4478 /usr/bin/curl net send-data write-file guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=c814f3ae-1700-0000-c073-b2a47e110000 pid=4478 execve guuid=b8b920b6-1700-0000-c073-b2a49c110000 pid=4508 /usr/bin/cat guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=b8b920b6-1700-0000-c073-b2a49c110000 pid=4508 execve guuid=1ae567b6-1700-0000-c073-b2a49e110000 pid=4510 /usr/bin/chmod guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=1ae567b6-1700-0000-c073-b2a49e110000 pid=4510 execve guuid=70feaab6-1700-0000-c073-b2a4a2110000 pid=4514 /usr/bin/bash guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=70feaab6-1700-0000-c073-b2a4a2110000 pid=4514 clone guuid=237dcbb6-1700-0000-c073-b2a4a3110000 pid=4515 /usr/bin/wget net send-data guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=237dcbb6-1700-0000-c073-b2a4a3110000 pid=4515 execve guuid=809658ba-1700-0000-c073-b2a4b3110000 pid=4531 /usr/bin/curl net send-data write-file guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=809658ba-1700-0000-c073-b2a4b3110000 pid=4531 execve guuid=365165be-1700-0000-c073-b2a4c4110000 pid=4548 /usr/bin/cat guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=365165be-1700-0000-c073-b2a4c4110000 pid=4548 execve guuid=d232c1be-1700-0000-c073-b2a4c6110000 pid=4550 /usr/bin/chmod guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=d232c1be-1700-0000-c073-b2a4c6110000 pid=4550 execve guuid=cedc02bf-1700-0000-c073-b2a4c8110000 pid=4552 /usr/bin/bash guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=cedc02bf-1700-0000-c073-b2a4c8110000 pid=4552 clone guuid=444422bf-1700-0000-c073-b2a4ca110000 pid=4554 /usr/bin/wget net send-data guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=444422bf-1700-0000-c073-b2a4ca110000 pid=4554 execve guuid=03832bc2-1700-0000-c073-b2a4d4110000 pid=4564 /usr/bin/curl net send-data write-file guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=03832bc2-1700-0000-c073-b2a4d4110000 pid=4564 execve guuid=0b720a10-1800-0000-c073-b2a4bf120000 pid=4799 /usr/bin/cat guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=0b720a10-1800-0000-c073-b2a4bf120000 pid=4799 execve guuid=5f766510-1800-0000-c073-b2a4c0120000 pid=4800 /usr/bin/chmod guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=5f766510-1800-0000-c073-b2a4c0120000 pid=4800 execve guuid=b58ce910-1800-0000-c073-b2a4c1120000 pid=4801 /usr/bin/bash guuid=1a18bdea-1600-0000-c073-b2a4870e0000 pid=3719->guuid=b58ce910-1800-0000-c073-b2a4c1120000 pid=4801 clone 1fc6b743-0eda-5886-96d1-e73891c839d1 176.65.149.124:80 guuid=167d64f0-1600-0000-c073-b2a49d0e0000 pid=3741->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 150B guuid=58034bf5-1600-0000-c073-b2a4ad0e0000 pid=3757->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 99B guuid=f113ab00-1700-0000-c073-b2a4e20e0000 pid=3810->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 151B guuid=47132e05-1700-0000-c073-b2a4ee0e0000 pid=3822->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 100B guuid=7a7ad70b-1700-0000-c073-b2a4fa0e0000 pid=3834->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 150B guuid=be41190f-1700-0000-c073-b2a4060f0000 pid=3846->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 99B guuid=5e456715-1700-0000-c073-b2a41f0f0000 pid=3871->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 151B guuid=5a8b5426-1700-0000-c073-b2a46b0f0000 pid=3947->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 100B guuid=fccc8d2c-1700-0000-c073-b2a4890f0000 pid=3977->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 151B guuid=3dc1e42f-1700-0000-c073-b2a4920f0000 pid=3986->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 100B guuid=494eb734-1700-0000-c073-b2a4a70f0000 pid=4007->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 153B guuid=8e5dd637-1700-0000-c073-b2a4b50f0000 pid=4021->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 102B guuid=3a10ea3c-1700-0000-c073-b2a4cb0f0000 pid=4043->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 151B guuid=f1902640-1700-0000-c073-b2a4dc0f0000 pid=4060->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 100B guuid=35e9c645-1700-0000-c073-b2a4f20f0000 pid=4082->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 150B guuid=c1f38449-1700-0000-c073-b2a401100000 pid=4097->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 99B guuid=971c4a4e-1700-0000-c073-b2a419100000 pid=4121->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 151B guuid=6c345351-1700-0000-c073-b2a426100000 pid=4134->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 100B guuid=3dbec055-1700-0000-c073-b2a43c100000 pid=4156->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 151B guuid=8437ad58-1700-0000-c073-b2a44c100000 pid=4172->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 100B guuid=3d386c5d-1700-0000-c073-b2a464100000 pid=4196->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 151B guuid=3c03cf60-1700-0000-c073-b2a46e100000 pid=4206->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 100B guuid=6ff8af66-1700-0000-c073-b2a489100000 pid=4233->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 150B guuid=96a6026a-1700-0000-c073-b2a494100000 pid=4244->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 99B guuid=adf1de6e-1700-0000-c073-b2a4ae100000 pid=4270->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 150B guuid=c814f3ae-1700-0000-c073-b2a47e110000 pid=4478->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 99B guuid=237dcbb6-1700-0000-c073-b2a4a3110000 pid=4515->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 151B guuid=809658ba-1700-0000-c073-b2a4b3110000 pid=4531->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 100B guuid=444422bf-1700-0000-c073-b2a4ca110000 pid=4554->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 150B guuid=03832bc2-1700-0000-c073-b2a4d4110000 pid=4564->1fc6b743-0eda-5886-96d1-e73891c839d1 send: 99B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/3f33ccf1ca7693c39478bfe3e435797e9ca75f8cc774e3893f04484b433c0cdf
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/3f33ccf1ca7693c39478bfe3e435797e9ca75f8cc774e3893f04484b433c0cdf/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/3f33ccf1ca7693c39478bfe3e435797e9ca75f8cc774e3893f04484b433c0cdf
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-06-05 18:24:38 UTC
File Type:
Text (Shell)
AV detection:
17 of 24 (70.83%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=h4z4z4oko2j4hfdyx7r6inlzp2okox4my52ohcj7areewqz4btpq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux
Link:
https://tria.ge/reports/260605-w19nqact5w/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/3f33ccf1ca76/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/3f33ccf1ca7693c39478bfe3e435797e9ca75f8cc774e3893f04484b433c0cdf

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 3f33ccf1ca7693c39478bfe3e435797e9ca75f8cc774e3893f04484b433c0cdf

(this sample)

Mirai

elf 66f57f5d3b01b3073e441dd123c0a7d1aaaae6ffeb1434a5f068a4cf23ab4abf

Mirai

elf 82b6eb8108d0ccb8dc62b36d24005d82dc7be46af0bca7d09b5c1cc273161d62

  
URLhaus
https://urlhaus.abuse.ch/url/3859367/
  
Delivery method
Distributed via web download
  
Dropping
MD5 91cc4721cf0e60e153672c55156bd1f5
  
Dropping
SHA256 82b6eb8108d0ccb8dc62b36d24005d82dc7be46af0bca7d09b5c1cc273161d62

Comments