MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5380bc5893d043bbbc7680d359e80ae7464b729fd128d313a56327a245c8e0b7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: 5380bc5893d043bbbc7680d359e80ae7464b729fd128d313a56327a245c8e0b7
SHA3-384 hash: ea6abbde7bd3c9e969497856bae043e0f1089f98a9ccf932f1192c4b83def74a31eac3f66dd920d7a6b859c5ac2054a0
SHA1 hash: cecc40ab71393b4b90df678b6dcc9480581fee91
MD5 hash: 64955d7462de9ae2fc7c19de146ee872
humanhash: mirror-sierra-tango-network
File name:WSW0
Download: download sample
File size:266 bytes
First seen:2026-07-02 13:14:52 UTC
Last seen:2026-07-03 04:10:34 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 3:TKH4vLYbFD1R8r8CnUU6bqfECFZAutDMFsMLONFYqGSrP/c5c/DOOdKX+G80bKVO:hTUnR6ZIQAulNXYq9DG+NjVsNXYrkJ
TLSH T1DDD097F340B302B060E7A800F8C6A801BE0087BF8C22CA2FFA1768341F41306F2C03A1
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://216.107.139.197/n/an/an/a

Intelligence


File Origin
# of uploads :
3
# of downloads :
62
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
downloader
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-07-02T10:32:00Z UTC
Last seen:
2026-07-03T19:49:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Status:
terminated
Behavior Graph:
%3 guuid=9f47cd4f-1900-0000-5684-5447170e0000 pid=3607 /usr/bin/sudo guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612 /tmp/sample.bin guuid=9f47cd4f-1900-0000-5684-5447170e0000 pid=3607->guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612 execve guuid=90558152-1900-0000-5684-54471d0e0000 pid=3613 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=90558152-1900-0000-5684-54471d0e0000 pid=3613 execve guuid=e1ef3a53-1900-0000-5684-54471e0e0000 pid=3614 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=e1ef3a53-1900-0000-5684-54471e0e0000 pid=3614 execve guuid=47aa2970-1900-0000-5684-5447710e0000 pid=3697 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=47aa2970-1900-0000-5684-5447710e0000 pid=3697 execve guuid=23777770-1900-0000-5684-5447730e0000 pid=3699 /usr/bin/dash guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=23777770-1900-0000-5684-5447730e0000 pid=3699 clone guuid=e2ae9e71-1900-0000-5684-5447780e0000 pid=3704 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=e2ae9e71-1900-0000-5684-5447780e0000 pid=3704 execve guuid=4f58fc71-1900-0000-5684-54477a0e0000 pid=3706 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=4f58fc71-1900-0000-5684-54477a0e0000 pid=3706 execve guuid=2a151a8e-1900-0000-5684-5447ce0e0000 pid=3790 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=2a151a8e-1900-0000-5684-5447ce0e0000 pid=3790 execve guuid=4439778e-1900-0000-5684-5447d00e0000 pid=3792 /usr/bin/dash guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=4439778e-1900-0000-5684-5447d00e0000 pid=3792 clone guuid=b3d9268f-1900-0000-5684-5447d40e0000 pid=3796 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=b3d9268f-1900-0000-5684-5447d40e0000 pid=3796 execve guuid=1c2a668f-1900-0000-5684-5447d60e0000 pid=3798 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=1c2a668f-1900-0000-5684-5447d60e0000 pid=3798 execve guuid=a5d6d8ab-1900-0000-5684-5447160f0000 pid=3862 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=a5d6d8ab-1900-0000-5684-5447160f0000 pid=3862 execve guuid=717170ac-1900-0000-5684-5447180f0000 pid=3864 /tmp/UOWR guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=717170ac-1900-0000-5684-5447180f0000 pid=3864 execve guuid=a848acac-1900-0000-5684-54471a0f0000 pid=3866 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=a848acac-1900-0000-5684-54471a0f0000 pid=3866 execve guuid=433c17ad-1900-0000-5684-54471e0f0000 pid=3870 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=433c17ad-1900-0000-5684-54471e0f0000 pid=3870 execve guuid=8a8dc7c9-1900-0000-5684-54475f0f0000 pid=3935 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=8a8dc7c9-1900-0000-5684-54475f0f0000 pid=3935 execve guuid=331f43ca-1900-0000-5684-5447620f0000 pid=3938 /usr/bin/dash guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=331f43ca-1900-0000-5684-5447620f0000 pid=3938 clone guuid=173c40cc-1900-0000-5684-54476a0f0000 pid=3946 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=173c40cc-1900-0000-5684-54476a0f0000 pid=3946 execve guuid=f94290cc-1900-0000-5684-54476b0f0000 pid=3947 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=f94290cc-1900-0000-5684-54476b0f0000 pid=3947 execve guuid=a4a8abe7-1900-0000-5684-5447c10f0000 pid=4033 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=a4a8abe7-1900-0000-5684-5447c10f0000 pid=4033 execve guuid=fa1cdfe7-1900-0000-5684-5447c30f0000 pid=4035 /tmp/GRVS guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=fa1cdfe7-1900-0000-5684-5447c30f0000 pid=4035 execve guuid=fabef7e7-1900-0000-5684-5447c50f0000 pid=4037 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=fabef7e7-1900-0000-5684-5447c50f0000 pid=4037 execve guuid=9b814fe8-1900-0000-5684-5447c60f0000 pid=4038 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=9b814fe8-1900-0000-5684-5447c60f0000 pid=4038 execve guuid=d9a18a03-1a00-0000-5684-54471f100000 pid=4127 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=d9a18a03-1a00-0000-5684-54471f100000 pid=4127 execve guuid=a04bcb03-1a00-0000-5684-544722100000 pid=4130 /usr/bin/dash guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=a04bcb03-1a00-0000-5684-544722100000 pid=4130 clone guuid=500e5e04-1a00-0000-5684-544727100000 pid=4135 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=500e5e04-1a00-0000-5684-544727100000 pid=4135 execve guuid=47f4d404-1a00-0000-5684-544728100000 pid=4136 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=47f4d404-1a00-0000-5684-544728100000 pid=4136 execve guuid=d1a93621-1a00-0000-5684-5447a0100000 pid=4256 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=d1a93621-1a00-0000-5684-5447a0100000 pid=4256 execve guuid=99b77d21-1a00-0000-5684-5447a4100000 pid=4260 /usr/bin/dash guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=99b77d21-1a00-0000-5684-5447a4100000 pid=4260 clone guuid=9a8b1022-1a00-0000-5684-5447a6100000 pid=4262 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=9a8b1022-1a00-0000-5684-5447a6100000 pid=4262 execve guuid=43ca5222-1a00-0000-5684-5447aa100000 pid=4266 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=43ca5222-1a00-0000-5684-5447aa100000 pid=4266 execve guuid=44da253d-1a00-0000-5684-544709110000 pid=4361 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=44da253d-1a00-0000-5684-544709110000 pid=4361 execve guuid=9546673d-1a00-0000-5684-54470b110000 pid=4363 /usr/bin/dash guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=9546673d-1a00-0000-5684-54470b110000 pid=4363 clone guuid=a9ab203f-1a00-0000-5684-544710110000 pid=4368 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=a9ab203f-1a00-0000-5684-544710110000 pid=4368 execve guuid=c82cad3f-1a00-0000-5684-544714110000 pid=4372 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=c82cad3f-1a00-0000-5684-544714110000 pid=4372 execve guuid=2903927e-1a00-0000-5684-54477a110000 pid=4474 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=2903927e-1a00-0000-5684-54477a110000 pid=4474 execve guuid=6a14367f-1a00-0000-5684-54477c110000 pid=4476 /usr/bin/dash guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=6a14367f-1a00-0000-5684-54477c110000 pid=4476 clone guuid=7c14b681-1a00-0000-5684-544782110000 pid=4482 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=7c14b681-1a00-0000-5684-544782110000 pid=4482 execve guuid=a37a0a82-1a00-0000-5684-544783110000 pid=4483 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=a37a0a82-1a00-0000-5684-544783110000 pid=4483 execve guuid=a77a819d-1a00-0000-5684-5447bf110000 pid=4543 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=a77a819d-1a00-0000-5684-5447bf110000 pid=4543 execve guuid=f57f0c9e-1a00-0000-5684-5447c3110000 pid=4547 /usr/bin/dash guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=f57f0c9e-1a00-0000-5684-5447c3110000 pid=4547 clone guuid=83e8fd9e-1a00-0000-5684-5447c8110000 pid=4552 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=83e8fd9e-1a00-0000-5684-5447c8110000 pid=4552 execve guuid=afcf509f-1a00-0000-5684-5447ca110000 pid=4554 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=afcf509f-1a00-0000-5684-5447ca110000 pid=4554 execve guuid=04cad1ff-1a00-0000-5684-5447c6120000 pid=4806 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=04cad1ff-1a00-0000-5684-5447c6120000 pid=4806 execve guuid=a6cd2e00-1b00-0000-5684-5447c8120000 pid=4808 /usr/bin/dash guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=a6cd2e00-1b00-0000-5684-5447c8120000 pid=4808 clone guuid=3f75e400-1b00-0000-5684-5447cc120000 pid=4812 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=3f75e400-1b00-0000-5684-5447cc120000 pid=4812 execve guuid=55174301-1b00-0000-5684-5447ce120000 pid=4814 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=55174301-1b00-0000-5684-5447ce120000 pid=4814 execve guuid=bfa8401e-1b00-0000-5684-544708130000 pid=4872 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=bfa8401e-1b00-0000-5684-544708130000 pid=4872 execve guuid=49d6ca1e-1b00-0000-5684-54470a130000 pid=4874 /usr/bin/dash guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=49d6ca1e-1b00-0000-5684-54470a130000 pid=4874 clone guuid=3e9fc61f-1b00-0000-5684-54470d130000 pid=4877 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=3e9fc61f-1b00-0000-5684-54470d130000 pid=4877 execve guuid=fdc22020-1b00-0000-5684-54470f130000 pid=4879 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=fdc22020-1b00-0000-5684-54470f130000 pid=4879 execve guuid=f897673d-1b00-0000-5684-54474a130000 pid=4938 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=f897673d-1b00-0000-5684-54474a130000 pid=4938 execve guuid=7bfbe43d-1b00-0000-5684-54474c130000 pid=4940 /usr/bin/dash guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=7bfbe43d-1b00-0000-5684-54474c130000 pid=4940 clone guuid=20bcdc3e-1b00-0000-5684-544751130000 pid=4945 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=20bcdc3e-1b00-0000-5684-544751130000 pid=4945 execve guuid=c803853f-1b00-0000-5684-544753130000 pid=4947 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=c803853f-1b00-0000-5684-544753130000 pid=4947 execve guuid=25c1865b-1b00-0000-5684-544790130000 pid=5008 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=25c1865b-1b00-0000-5684-544790130000 pid=5008 execve guuid=29bdf55b-1b00-0000-5684-544792130000 pid=5010 /usr/bin/dash guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=29bdf55b-1b00-0000-5684-544792130000 pid=5010 clone guuid=c93a305d-1b00-0000-5684-544795130000 pid=5013 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=c93a305d-1b00-0000-5684-544795130000 pid=5013 execve guuid=64c5155e-1b00-0000-5684-544797130000 pid=5015 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=64c5155e-1b00-0000-5684-544797130000 pid=5015 execve guuid=a02cfb79-1b00-0000-5684-5447d8130000 pid=5080 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=a02cfb79-1b00-0000-5684-5447d8130000 pid=5080 execve guuid=2b20677a-1b00-0000-5684-5447da130000 pid=5082 /usr/bin/dash guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=2b20677a-1b00-0000-5684-5447da130000 pid=5082 clone guuid=c036337b-1b00-0000-5684-5447e0130000 pid=5088 /usr/bin/rm guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=c036337b-1b00-0000-5684-5447e0130000 pid=5088 execve guuid=a08c997b-1b00-0000-5684-5447e1130000 pid=5089 /usr/bin/wget net send-data write-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=a08c997b-1b00-0000-5684-5447e1130000 pid=5089 execve guuid=9522c498-1b00-0000-5684-544726140000 pid=5158 /usr/bin/chmod guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=9522c498-1b00-0000-5684-544726140000 pid=5158 execve guuid=4aa22b99-1b00-0000-5684-544727140000 pid=5159 /usr/bin/dash guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=4aa22b99-1b00-0000-5684-544727140000 pid=5159 clone guuid=2154e799-1b00-0000-5684-54472b140000 pid=5163 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=2154e799-1b00-0000-5684-54472b140000 pid=5163 execve guuid=043c339a-1b00-0000-5684-54472c140000 pid=5164 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=043c339a-1b00-0000-5684-54472c140000 pid=5164 execve guuid=198f939a-1b00-0000-5684-54472e140000 pid=5166 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=198f939a-1b00-0000-5684-54472e140000 pid=5166 execve guuid=3f56e39a-1b00-0000-5684-544730140000 pid=5168 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=3f56e39a-1b00-0000-5684-544730140000 pid=5168 execve guuid=471f449b-1b00-0000-5684-544732140000 pid=5170 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=471f449b-1b00-0000-5684-544732140000 pid=5170 execve guuid=4e4d979b-1b00-0000-5684-544734140000 pid=5172 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=4e4d979b-1b00-0000-5684-544734140000 pid=5172 execve guuid=ec90e89b-1b00-0000-5684-544736140000 pid=5174 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=ec90e89b-1b00-0000-5684-544736140000 pid=5174 execve guuid=6988459c-1b00-0000-5684-544738140000 pid=5176 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=6988459c-1b00-0000-5684-544738140000 pid=5176 execve guuid=c3bb969c-1b00-0000-5684-544739140000 pid=5177 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=c3bb969c-1b00-0000-5684-544739140000 pid=5177 execve guuid=3726dc9c-1b00-0000-5684-54473b140000 pid=5179 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=3726dc9c-1b00-0000-5684-54473b140000 pid=5179 execve guuid=185b349d-1b00-0000-5684-54473d140000 pid=5181 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=185b349d-1b00-0000-5684-54473d140000 pid=5181 execve guuid=9dd18b9d-1b00-0000-5684-54473f140000 pid=5183 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=9dd18b9d-1b00-0000-5684-54473f140000 pid=5183 execve guuid=9a03009e-1b00-0000-5684-544741140000 pid=5185 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=9a03009e-1b00-0000-5684-544741140000 pid=5185 execve guuid=77986a9e-1b00-0000-5684-544743140000 pid=5187 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=77986a9e-1b00-0000-5684-544743140000 pid=5187 execve guuid=23c7a49e-1b00-0000-5684-544745140000 pid=5189 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=23c7a49e-1b00-0000-5684-544745140000 pid=5189 execve guuid=3e8be29e-1b00-0000-5684-544747140000 pid=5191 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=3e8be29e-1b00-0000-5684-544747140000 pid=5191 execve guuid=4e8e249f-1b00-0000-5684-544749140000 pid=5193 /usr/bin/rm delete-file guuid=b6011b52-1900-0000-5684-54471c0e0000 pid=3612->guuid=4e8e249f-1b00-0000-5684-544749140000 pid=5193 execve d7be7143-8a84-51ae-b4d7-8e2f14064a79 216.107.139.197:80 guuid=e1ef3a53-1900-0000-5684-54471e0e0000 pid=3614->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=4f58fc71-1900-0000-5684-54477a0e0000 pid=3706->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=1c2a668f-1900-0000-5684-5447d60e0000 pid=3798->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=1c949dac-1900-0000-5684-5447190f0000 pid=3865 /tmp/UOWR net send-data write-file zombie guuid=717170ac-1900-0000-5684-5447180f0000 pid=3864->guuid=1c949dac-1900-0000-5684-5447190f0000 pid=3865 clone aaf9c0a7-7302-5ede-b172-9a9351bb3b01 2000:::0 guuid=1c949dac-1900-0000-5684-5447190f0000 pid=3865->aaf9c0a7-7302-5ede-b172-9a9351bb3b01 con 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=1c949dac-1900-0000-5684-5447190f0000 pid=3865->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 495B e0ec34da-6728-5421-bf74-e67eb37a76fd 127.0.0.1:53 guuid=1c949dac-1900-0000-5684-5447190f0000 pid=3865->e0ec34da-6728-5421-bf74-e67eb37a76fd send: 495B guuid=427899c4-1900-0000-5684-54474d0f0000 pid=3917 /usr/bin/uname guuid=1c949dac-1900-0000-5684-5447190f0000 pid=3865->guuid=427899c4-1900-0000-5684-54474d0f0000 pid=3917 execve guuid=433c17ad-1900-0000-5684-54471e0f0000 pid=3870->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=f94290cc-1900-0000-5684-54476b0f0000 pid=3947->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=7daaefe7-1900-0000-5684-5447c40f0000 pid=4036 /tmp/GRVS zombie guuid=fa1cdfe7-1900-0000-5684-5447c30f0000 pid=4035->guuid=7daaefe7-1900-0000-5684-5447c40f0000 pid=4036 clone guuid=9b814fe8-1900-0000-5684-5447c60f0000 pid=4038->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=47f4d404-1a00-0000-5684-544728100000 pid=4136->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=43ca5222-1a00-0000-5684-5447aa100000 pid=4266->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=c82cad3f-1a00-0000-5684-544714110000 pid=4372->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=a37a0a82-1a00-0000-5684-544783110000 pid=4483->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=afcf509f-1a00-0000-5684-5447ca110000 pid=4554->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=55174301-1b00-0000-5684-5447ce120000 pid=4814->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=fdc22020-1b00-0000-5684-54470f130000 pid=4879->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=c803853f-1b00-0000-5684-544753130000 pid=4947->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=64c5155e-1b00-0000-5684-544797130000 pid=5015->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=a08c997b-1b00-0000-5684-5447e1130000 pid=5089->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B
Threat name:
Win32.Trojan.Vigorf
Status:
Malicious
First seen:
2026-07-02 13:16:05 UTC
File Type:
Text (Shell)
AV detection:
10 of 23 (43.48%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm credential_access defense_evasion linux
Behaviour
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
OS Credential Dumping
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 5380bc5893d043bbbc7680d359e80ae7464b729fd128d313a56327a245c8e0b7

(this sample)

  
Delivery method
Distributed via web download

Comments