MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 625e9444371bda1468375f4d8d5dbf245e0b528d34bed452a34f6fc0490a0749. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 14


Intelligence 14 IOCs YARA 30 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 625e9444371bda1468375f4d8d5dbf245e0b528d34bed452a34f6fc0490a0749
SHA3-384 hash: 8db6be3185c5279699d6fc8b101de8cb90d60037ad71f003ef16645330598ce90b9adebede943aee9dd071e9202e44e0
SHA1 hash: 7109d9bad451a2e6d6eb358785fd4bf711edd786
MD5 hash: 4bb419f3f4b33047e5d41475bc4b4f14
humanhash: autumn-apart-massachusetts-foxtrot
File name:ssh
Download: download sample
Signature Mirai
Create hunting rule
File size:152'701 bytes
First seen:2025-07-12 05:44:34 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 3072:5LxQtMt9SrBduRCYP0m0KqIvGJcHOulBhwqhmmFA8hNhDlLgNU:9oZmPjvAuxthmmFA8hNhDlLgNU
TLSH T150E3A92AF1428737D197127022DDEE226C316EE4379AB11B33F07AB569B74872D15E8C
telfhash t1f0315611943546142fb39928acbd56b315221b2323586f716f25c5cc49260e1e93dd0f
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf gafgyt mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
17
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL
Create hunting rule

Sanesecurity.Malware.29052.TSource.UNOFFICIAL
Create hunting rule

Unix.Trojan.Gafgyt-6981154-0
Create hunting rule

Unix.Dropper.Mirai-7135944-0
Create hunting rule

Unix.Dropper.Mirai-7136018-0
Create hunting rule

Unix.Dropper.Mirai-7136031-0
Create hunting rule

Unix.Dropper.Mirai-7139229-0
Create hunting rule

Unix.Dropper.Mirai-7540662-0
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6871f679900df8e7f86a09e8linux22vpnfull_triage
Tags:
gafgyt mirai ddos
Result
Verdict:
Malware
Maliciousness:

Behaviour
DNS request
Creating a file
Sets a written file as executable
Launching a process
Kills processes
Sends data to a server
Connection attempt
Substitutes an application name
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
gcc mirai
Link:
https://www.filescan.io/uploads/6871f67a425a30d7acd74a85/reports/246d84a3-0e67-4a13-a54d-35042c7afd8a/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/a80116d3-93aa-40d3-83b8-f8d2083c6867
Behavior Graph:
Download SVG
%3 guuid=688456a2-1800-0000-eec3-1a59ed0c0000 pid=3309 /usr/bin/sudo guuid=55e140a5-1800-0000-eec3-1a59f50c0000 pid=3317 /tmp/sample.bin net guuid=688456a2-1800-0000-eec3-1a59ed0c0000 pid=3309->guuid=55e140a5-1800-0000-eec3-1a59f50c0000 pid=3317 execve 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=55e140a5-1800-0000-eec3-1a59f50c0000 pid=3317->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319 /tmp/sample.bin zombie guuid=55e140a5-1800-0000-eec3-1a59f50c0000 pid=3317->guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319 clone guuid=70878da5-1800-0000-eec3-1a59f80c0000 pid=3320 /usr/bin/dash zombie guuid=55e140a5-1800-0000-eec3-1a59f50c0000 pid=3317->guuid=70878da5-1800-0000-eec3-1a59f80c0000 pid=3320 execve guuid=48ec91a5-1800-0000-eec3-1a59f90c0000 pid=3321 /tmp/sample.bin guuid=55e140a5-1800-0000-eec3-1a59f50c0000 pid=3317->guuid=48ec91a5-1800-0000-eec3-1a59f90c0000 pid=3321 clone guuid=2e1c95a5-1800-0000-eec3-1a59fa0c0000 pid=3322 /tmp/sample.bin guuid=55e140a5-1800-0000-eec3-1a59f50c0000 pid=3317->guuid=2e1c95a5-1800-0000-eec3-1a59fa0c0000 pid=3322 clone guuid=39ff22d5-1800-0000-eec3-1a59460d0000 pid=3398 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=39ff22d5-1800-0000-eec3-1a59460d0000 pid=3398 execve guuid=414c7cd8-1800-0000-eec3-1a59510d0000 pid=3409 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=414c7cd8-1800-0000-eec3-1a59510d0000 pid=3409 execve guuid=8adabfd9-1800-0000-eec3-1a59560d0000 pid=3414 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=8adabfd9-1800-0000-eec3-1a59560d0000 pid=3414 execve guuid=14e6c1da-1800-0000-eec3-1a595a0d0000 pid=3418 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=14e6c1da-1800-0000-eec3-1a595a0d0000 pid=3418 execve guuid=0fee81dc-1800-0000-eec3-1a59620d0000 pid=3426 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=0fee81dc-1800-0000-eec3-1a59620d0000 pid=3426 execve guuid=2663e6dd-1800-0000-eec3-1a59680d0000 pid=3432 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=2663e6dd-1800-0000-eec3-1a59680d0000 pid=3432 execve guuid=b566ccde-1800-0000-eec3-1a596c0d0000 pid=3436 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=b566ccde-1800-0000-eec3-1a596c0d0000 pid=3436 execve guuid=cbdeb6df-1800-0000-eec3-1a59700d0000 pid=3440 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=cbdeb6df-1800-0000-eec3-1a59700d0000 pid=3440 execve guuid=5313b7e0-1800-0000-eec3-1a59750d0000 pid=3445 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=5313b7e0-1800-0000-eec3-1a59750d0000 pid=3445 execve guuid=04c4140c-1a00-0000-eec3-1a59f20f0000 pid=4082 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=04c4140c-1a00-0000-eec3-1a59f20f0000 pid=4082 execve guuid=b2565c0f-1a00-0000-eec3-1a5904100000 pid=4100 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=b2565c0f-1a00-0000-eec3-1a5904100000 pid=4100 execve guuid=76405010-1a00-0000-eec3-1a5908100000 pid=4104 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=76405010-1a00-0000-eec3-1a5908100000 pid=4104 execve guuid=6efb7b11-1a00-0000-eec3-1a590d100000 pid=4109 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=6efb7b11-1a00-0000-eec3-1a590d100000 pid=4109 execve guuid=7d395c12-1a00-0000-eec3-1a5912100000 pid=4114 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=7d395c12-1a00-0000-eec3-1a5912100000 pid=4114 execve guuid=b7465713-1a00-0000-eec3-1a591a100000 pid=4122 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=b7465713-1a00-0000-eec3-1a591a100000 pid=4122 execve guuid=bfb84b14-1a00-0000-eec3-1a591f100000 pid=4127 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=bfb84b14-1a00-0000-eec3-1a591f100000 pid=4127 execve guuid=5be83d15-1a00-0000-eec3-1a5925100000 pid=4133 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=5be83d15-1a00-0000-eec3-1a5925100000 pid=4133 execve guuid=59cc2716-1a00-0000-eec3-1a592b100000 pid=4139 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=59cc2716-1a00-0000-eec3-1a592b100000 pid=4139 execve guuid=93032053-1b00-0000-eec3-1a590f130000 pid=4879 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=93032053-1b00-0000-eec3-1a590f130000 pid=4879 execve guuid=c8e93a57-1b00-0000-eec3-1a5912130000 pid=4882 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=c8e93a57-1b00-0000-eec3-1a5912130000 pid=4882 execve guuid=0e391458-1b00-0000-eec3-1a5914130000 pid=4884 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=0e391458-1b00-0000-eec3-1a5914130000 pid=4884 execve guuid=c262db58-1b00-0000-eec3-1a5916130000 pid=4886 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=c262db58-1b00-0000-eec3-1a5916130000 pid=4886 execve guuid=8d31a159-1b00-0000-eec3-1a5918130000 pid=4888 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=8d31a159-1b00-0000-eec3-1a5918130000 pid=4888 execve guuid=e7c2705a-1b00-0000-eec3-1a591d130000 pid=4893 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=e7c2705a-1b00-0000-eec3-1a591d130000 pid=4893 execve guuid=a69f7b5b-1b00-0000-eec3-1a5921130000 pid=4897 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=a69f7b5b-1b00-0000-eec3-1a5921130000 pid=4897 execve guuid=33e3ba5c-1b00-0000-eec3-1a5923130000 pid=4899 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=33e3ba5c-1b00-0000-eec3-1a5923130000 pid=4899 execve guuid=8e1acf5d-1b00-0000-eec3-1a5925130000 pid=4901 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=8e1acf5d-1b00-0000-eec3-1a5925130000 pid=4901 execve guuid=7e094189-1c00-0000-eec3-1a5927130000 pid=4903 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=7e094189-1c00-0000-eec3-1a5927130000 pid=4903 execve guuid=6c0b318e-1c00-0000-eec3-1a5929130000 pid=4905 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=6c0b318e-1c00-0000-eec3-1a5929130000 pid=4905 execve guuid=881fc88f-1c00-0000-eec3-1a592b130000 pid=4907 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=881fc88f-1c00-0000-eec3-1a592b130000 pid=4907 execve guuid=093dca91-1c00-0000-eec3-1a592d130000 pid=4909 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=093dca91-1c00-0000-eec3-1a592d130000 pid=4909 execve guuid=91c57493-1c00-0000-eec3-1a592f130000 pid=4911 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=91c57493-1c00-0000-eec3-1a592f130000 pid=4911 execve guuid=cbfc2d95-1c00-0000-eec3-1a5931130000 pid=4913 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=cbfc2d95-1c00-0000-eec3-1a5931130000 pid=4913 execve guuid=8bdce496-1c00-0000-eec3-1a5933130000 pid=4915 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=8bdce496-1c00-0000-eec3-1a5933130000 pid=4915 execve guuid=78519998-1c00-0000-eec3-1a5935130000 pid=4917 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=78519998-1c00-0000-eec3-1a5935130000 pid=4917 execve guuid=9742e299-1c00-0000-eec3-1a5937130000 pid=4919 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=9742e299-1c00-0000-eec3-1a5937130000 pid=4919 execve guuid=580339c5-1d00-0000-eec3-1a5939130000 pid=4921 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=580339c5-1d00-0000-eec3-1a5939130000 pid=4921 execve guuid=01ad48c9-1d00-0000-eec3-1a593b130000 pid=4923 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=01ad48c9-1d00-0000-eec3-1a593b130000 pid=4923 execve guuid=f90891ca-1d00-0000-eec3-1a593d130000 pid=4925 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=f90891ca-1d00-0000-eec3-1a593d130000 pid=4925 execve guuid=ee8102cc-1d00-0000-eec3-1a593f130000 pid=4927 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=ee8102cc-1d00-0000-eec3-1a593f130000 pid=4927 execve guuid=332d70cd-1d00-0000-eec3-1a5941130000 pid=4929 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=332d70cd-1d00-0000-eec3-1a5941130000 pid=4929 execve guuid=e6e4c0ce-1d00-0000-eec3-1a5943130000 pid=4931 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=e6e4c0ce-1d00-0000-eec3-1a5943130000 pid=4931 execve guuid=8d74a5d0-1d00-0000-eec3-1a5945130000 pid=4933 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=8d74a5d0-1d00-0000-eec3-1a5945130000 pid=4933 execve guuid=f3c735d2-1d00-0000-eec3-1a5947130000 pid=4935 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=f3c735d2-1d00-0000-eec3-1a5947130000 pid=4935 execve guuid=a43d5cd4-1d00-0000-eec3-1a5949130000 pid=4937 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=a43d5cd4-1d00-0000-eec3-1a5949130000 pid=4937 execve guuid=a7adaa00-1f00-0000-eec3-1a594b130000 pid=4939 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=a7adaa00-1f00-0000-eec3-1a594b130000 pid=4939 execve guuid=4c90d804-1f00-0000-eec3-1a594d130000 pid=4941 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=4c90d804-1f00-0000-eec3-1a594d130000 pid=4941 execve guuid=75f06706-1f00-0000-eec3-1a594f130000 pid=4943 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=75f06706-1f00-0000-eec3-1a594f130000 pid=4943 execve guuid=da69cd07-1f00-0000-eec3-1a5951130000 pid=4945 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=da69cd07-1f00-0000-eec3-1a5951130000 pid=4945 execve guuid=48f87c09-1f00-0000-eec3-1a5953130000 pid=4947 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=48f87c09-1f00-0000-eec3-1a5953130000 pid=4947 execve guuid=d6f12a0b-1f00-0000-eec3-1a5955130000 pid=4949 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=d6f12a0b-1f00-0000-eec3-1a5955130000 pid=4949 execve guuid=ab84dd0c-1f00-0000-eec3-1a5957130000 pid=4951 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=ab84dd0c-1f00-0000-eec3-1a5957130000 pid=4951 execve guuid=c84a720e-1f00-0000-eec3-1a5959130000 pid=4953 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=c84a720e-1f00-0000-eec3-1a5959130000 pid=4953 execve guuid=6ba30b10-1f00-0000-eec3-1a595b130000 pid=4955 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=6ba30b10-1f00-0000-eec3-1a595b130000 pid=4955 execve guuid=4b1c2d3c-2000-0000-eec3-1a595d130000 pid=4957 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=4b1c2d3c-2000-0000-eec3-1a595d130000 pid=4957 execve guuid=b5dce140-2000-0000-eec3-1a595f130000 pid=4959 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=b5dce140-2000-0000-eec3-1a595f130000 pid=4959 execve guuid=76046042-2000-0000-eec3-1a5961130000 pid=4961 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=76046042-2000-0000-eec3-1a5961130000 pid=4961 execve guuid=0a99fe43-2000-0000-eec3-1a5963130000 pid=4963 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=0a99fe43-2000-0000-eec3-1a5963130000 pid=4963 execve guuid=4e12a245-2000-0000-eec3-1a5965130000 pid=4965 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=4e12a245-2000-0000-eec3-1a5965130000 pid=4965 execve guuid=f7ef4747-2000-0000-eec3-1a5967130000 pid=4967 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=f7ef4747-2000-0000-eec3-1a5967130000 pid=4967 execve guuid=a62ff748-2000-0000-eec3-1a5969130000 pid=4969 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=a62ff748-2000-0000-eec3-1a5969130000 pid=4969 execve guuid=75d6a44a-2000-0000-eec3-1a596b130000 pid=4971 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=75d6a44a-2000-0000-eec3-1a596b130000 pid=4971 execve guuid=e5cc534c-2000-0000-eec3-1a596d130000 pid=4973 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=e5cc534c-2000-0000-eec3-1a596d130000 pid=4973 execve guuid=fbe38578-2100-0000-eec3-1a596f130000 pid=4975 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=fbe38578-2100-0000-eec3-1a596f130000 pid=4975 execve guuid=5e1d2d7d-2100-0000-eec3-1a5971130000 pid=4977 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=5e1d2d7d-2100-0000-eec3-1a5971130000 pid=4977 execve guuid=8e34927e-2100-0000-eec3-1a5973130000 pid=4979 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=8e34927e-2100-0000-eec3-1a5973130000 pid=4979 execve guuid=efba3380-2100-0000-eec3-1a5975130000 pid=4981 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=efba3380-2100-0000-eec3-1a5975130000 pid=4981 execve guuid=d901de81-2100-0000-eec3-1a5977130000 pid=4983 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=d901de81-2100-0000-eec3-1a5977130000 pid=4983 execve guuid=e37f9383-2100-0000-eec3-1a5979130000 pid=4985 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=e37f9383-2100-0000-eec3-1a5979130000 pid=4985 execve guuid=92224185-2100-0000-eec3-1a597b130000 pid=4987 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=92224185-2100-0000-eec3-1a597b130000 pid=4987 execve guuid=d5780087-2100-0000-eec3-1a597d130000 pid=4989 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=d5780087-2100-0000-eec3-1a597d130000 pid=4989 execve guuid=2c9ba788-2100-0000-eec3-1a597f130000 pid=4991 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=2c9ba788-2100-0000-eec3-1a597f130000 pid=4991 execve guuid=7defddb4-2200-0000-eec3-1a5981130000 pid=4993 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=7defddb4-2200-0000-eec3-1a5981130000 pid=4993 execve guuid=2f89cfb8-2200-0000-eec3-1a5983130000 pid=4995 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=2f89cfb8-2200-0000-eec3-1a5983130000 pid=4995 execve guuid=db49b5b9-2200-0000-eec3-1a5985130000 pid=4997 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=db49b5b9-2200-0000-eec3-1a5985130000 pid=4997 execve guuid=b3de13bb-2200-0000-eec3-1a5987130000 pid=4999 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=b3de13bb-2200-0000-eec3-1a5987130000 pid=4999 execve guuid=ee2148bc-2200-0000-eec3-1a5989130000 pid=5001 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=ee2148bc-2200-0000-eec3-1a5989130000 pid=5001 execve guuid=e19f81bd-2200-0000-eec3-1a598b130000 pid=5003 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=e19f81bd-2200-0000-eec3-1a598b130000 pid=5003 execve guuid=1e9ef0be-2200-0000-eec3-1a598d130000 pid=5005 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=1e9ef0be-2200-0000-eec3-1a598d130000 pid=5005 execve guuid=7f9920c0-2200-0000-eec3-1a598f130000 pid=5007 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=7f9920c0-2200-0000-eec3-1a598f130000 pid=5007 execve guuid=0d6a98c1-2200-0000-eec3-1a5991130000 pid=5009 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=0d6a98c1-2200-0000-eec3-1a5991130000 pid=5009 execve guuid=b60571ed-2300-0000-eec3-1a5993130000 pid=5011 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=b60571ed-2300-0000-eec3-1a5993130000 pid=5011 execve guuid=a1dc1bf2-2300-0000-eec3-1a5995130000 pid=5013 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=a1dc1bf2-2300-0000-eec3-1a5995130000 pid=5013 execve guuid=51bc89f3-2300-0000-eec3-1a5997130000 pid=5015 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=51bc89f3-2300-0000-eec3-1a5997130000 pid=5015 execve guuid=e552fcf4-2300-0000-eec3-1a5999130000 pid=5017 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=e552fcf4-2300-0000-eec3-1a5999130000 pid=5017 execve guuid=558d84f6-2300-0000-eec3-1a599b130000 pid=5019 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=558d84f6-2300-0000-eec3-1a599b130000 pid=5019 execve guuid=371f49f8-2300-0000-eec3-1a599d130000 pid=5021 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=371f49f8-2300-0000-eec3-1a599d130000 pid=5021 execve guuid=5ff6faf9-2300-0000-eec3-1a599f130000 pid=5023 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=5ff6faf9-2300-0000-eec3-1a599f130000 pid=5023 execve guuid=ae1cb2fb-2300-0000-eec3-1a59a1130000 pid=5025 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=ae1cb2fb-2300-0000-eec3-1a59a1130000 pid=5025 execve guuid=e60041fd-2300-0000-eec3-1a59a3130000 pid=5027 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=e60041fd-2300-0000-eec3-1a59a3130000 pid=5027 execve guuid=3d606929-2500-0000-eec3-1a59a5130000 pid=5029 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=3d606929-2500-0000-eec3-1a59a5130000 pid=5029 execve guuid=2ec5fa2d-2500-0000-eec3-1a59a7130000 pid=5031 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=2ec5fa2d-2500-0000-eec3-1a59a7130000 pid=5031 execve guuid=94eb5c2f-2500-0000-eec3-1a59a9130000 pid=5033 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=94eb5c2f-2500-0000-eec3-1a59a9130000 pid=5033 execve guuid=e413de30-2500-0000-eec3-1a59ab130000 pid=5035 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=e413de30-2500-0000-eec3-1a59ab130000 pid=5035 execve guuid=91e77b32-2500-0000-eec3-1a59ad130000 pid=5037 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=91e77b32-2500-0000-eec3-1a59ad130000 pid=5037 execve guuid=39d5db33-2500-0000-eec3-1a59af130000 pid=5039 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=39d5db33-2500-0000-eec3-1a59af130000 pid=5039 execve guuid=28ad7435-2500-0000-eec3-1a59b1130000 pid=5041 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=28ad7435-2500-0000-eec3-1a59b1130000 pid=5041 execve guuid=f3daeb36-2500-0000-eec3-1a59b3130000 pid=5043 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=f3daeb36-2500-0000-eec3-1a59b3130000 pid=5043 execve guuid=e78f5238-2500-0000-eec3-1a59b5130000 pid=5045 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=e78f5238-2500-0000-eec3-1a59b5130000 pid=5045 execve guuid=ad8a7264-2600-0000-eec3-1a59b7130000 pid=5047 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=ad8a7264-2600-0000-eec3-1a59b7130000 pid=5047 execve guuid=87821e67-2600-0000-eec3-1a59b9130000 pid=5049 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=87821e67-2600-0000-eec3-1a59b9130000 pid=5049 execve guuid=a3924268-2600-0000-eec3-1a59bb130000 pid=5051 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=a3924268-2600-0000-eec3-1a59bb130000 pid=5051 execve guuid=e2327469-2600-0000-eec3-1a59bd130000 pid=5053 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=e2327469-2600-0000-eec3-1a59bd130000 pid=5053 execve guuid=c88f776a-2600-0000-eec3-1a59bf130000 pid=5055 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=c88f776a-2600-0000-eec3-1a59bf130000 pid=5055 execve guuid=721ead6b-2600-0000-eec3-1a59c1130000 pid=5057 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=721ead6b-2600-0000-eec3-1a59c1130000 pid=5057 execve guuid=c057d76c-2600-0000-eec3-1a59c3130000 pid=5059 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=c057d76c-2600-0000-eec3-1a59c3130000 pid=5059 execve guuid=bbb0806e-2600-0000-eec3-1a59c5130000 pid=5061 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=bbb0806e-2600-0000-eec3-1a59c5130000 pid=5061 execve guuid=110c3370-2600-0000-eec3-1a59c7130000 pid=5063 /usr/bin/dash guuid=4f958aa5-1800-0000-eec3-1a59f70c0000 pid=3319->guuid=110c3370-2600-0000-eec3-1a59c7130000 pid=5063 execve guuid=557df3a5-1800-0000-eec3-1a59fd0c0000 pid=3325 /usr/bin/wget dns net send-data guuid=70878da5-1800-0000-eec3-1a59f80c0000 pid=3320->guuid=557df3a5-1800-0000-eec3-1a59fd0c0000 pid=3325 execve guuid=af7bf0ab-1800-0000-eec3-1a59030d0000 pid=3331 /usr/bin/chmod guuid=70878da5-1800-0000-eec3-1a59f80c0000 pid=3320->guuid=af7bf0ab-1800-0000-eec3-1a59030d0000 pid=3331 execve guuid=6f9240ac-1800-0000-eec3-1a59040d0000 pid=3332 /home/sandbox/..... guuid=70878da5-1800-0000-eec3-1a59f80c0000 pid=3320->guuid=6f9240ac-1800-0000-eec3-1a59040d0000 pid=3332 execve guuid=f4a142ad-1800-0000-eec3-1a59060d0000 pid=3334 /usr/bin/rm delete-file guuid=70878da5-1800-0000-eec3-1a59f80c0000 pid=3320->guuid=f4a142ad-1800-0000-eec3-1a59060d0000 pid=3334 execve guuid=1d80a4a5-1800-0000-eec3-1a59fb0c0000 pid=3323 /tmp/sample.bin net send-data zombie guuid=2e1c95a5-1800-0000-eec3-1a59fa0c0000 pid=3322->guuid=1d80a4a5-1800-0000-eec3-1a59fb0c0000 pid=3323 clone aa741c27-8342-57db-90e7-58fe0cd14bd8 206.123.128.67:65481 guuid=1d80a4a5-1800-0000-eec3-1a59fb0c0000 pid=3323->aa741c27-8342-57db-90e7-58fe0cd14bd8 send: 9B 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=557df3a5-1800-0000-eec3-1a59fd0c0000 pid=3325->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 112B guuid=ff646bd5-1800-0000-eec3-1a59470d0000 pid=3399 /usr/bin/pgrep guuid=39ff22d5-1800-0000-eec3-1a59460d0000 pid=3398->guuid=ff646bd5-1800-0000-eec3-1a59470d0000 pid=3399 execve guuid=87b9b5d8-1800-0000-eec3-1a59530d0000 pid=3411 /usr/bin/killall guuid=414c7cd8-1800-0000-eec3-1a59510d0000 pid=3409->guuid=87b9b5d8-1800-0000-eec3-1a59530d0000 pid=3411 execve guuid=ae6a0cda-1800-0000-eec3-1a59570d0000 pid=3415 /usr/bin/killall guuid=8adabfd9-1800-0000-eec3-1a59560d0000 pid=3414->guuid=ae6a0cda-1800-0000-eec3-1a59570d0000 pid=3415 execve guuid=b2190fdb-1800-0000-eec3-1a595c0d0000 pid=3420 /usr/bin/killall guuid=14e6c1da-1800-0000-eec3-1a595a0d0000 pid=3418->guuid=b2190fdb-1800-0000-eec3-1a595c0d0000 pid=3420 execve guuid=5f3acbdc-1800-0000-eec3-1a59640d0000 pid=3428 /usr/bin/killall guuid=0fee81dc-1800-0000-eec3-1a59620d0000 pid=3426->guuid=5f3acbdc-1800-0000-eec3-1a59640d0000 pid=3428 execve guuid=94e711de-1800-0000-eec3-1a59690d0000 pid=3433 /usr/bin/killall guuid=2663e6dd-1800-0000-eec3-1a59680d0000 pid=3432->guuid=94e711de-1800-0000-eec3-1a59690d0000 pid=3433 execve guuid=d2b100df-1800-0000-eec3-1a596d0d0000 pid=3437 /usr/bin/killall guuid=b566ccde-1800-0000-eec3-1a596c0d0000 pid=3436->guuid=d2b100df-1800-0000-eec3-1a596d0d0000 pid=3437 execve guuid=de8fe8df-1800-0000-eec3-1a59710d0000 pid=3441 /usr/bin/killall guuid=cbdeb6df-1800-0000-eec3-1a59700d0000 pid=3440->guuid=de8fe8df-1800-0000-eec3-1a59710d0000 pid=3441 execve guuid=8d6ce6e0-1800-0000-eec3-1a59760d0000 pid=3446 /usr/bin/killall guuid=5313b7e0-1800-0000-eec3-1a59750d0000 pid=3445->guuid=8d6ce6e0-1800-0000-eec3-1a59760d0000 pid=3446 execve guuid=b1c9410c-1a00-0000-eec3-1a59f40f0000 pid=4084 /usr/bin/pgrep guuid=04c4140c-1a00-0000-eec3-1a59f20f0000 pid=4082->guuid=b1c9410c-1a00-0000-eec3-1a59f40f0000 pid=4084 execve guuid=f5ec9e0f-1a00-0000-eec3-1a5905100000 pid=4101 /usr/bin/killall guuid=b2565c0f-1a00-0000-eec3-1a5904100000 pid=4100->guuid=f5ec9e0f-1a00-0000-eec3-1a5905100000 pid=4101 execve guuid=88f08910-1a00-0000-eec3-1a5909100000 pid=4105 /usr/bin/killall guuid=76405010-1a00-0000-eec3-1a5908100000 pid=4104->guuid=88f08910-1a00-0000-eec3-1a5909100000 pid=4105 execve guuid=627ca811-1a00-0000-eec3-1a590f100000 pid=4111 /usr/bin/killall guuid=6efb7b11-1a00-0000-eec3-1a590d100000 pid=4109->guuid=627ca811-1a00-0000-eec3-1a590f100000 pid=4111 execve guuid=c01b8512-1a00-0000-eec3-1a5913100000 pid=4115 /usr/bin/killall guuid=7d395c12-1a00-0000-eec3-1a5912100000 pid=4114->guuid=c01b8512-1a00-0000-eec3-1a5913100000 pid=4115 execve guuid=7c3d8513-1a00-0000-eec3-1a591b100000 pid=4123 /usr/bin/killall guuid=b7465713-1a00-0000-eec3-1a591a100000 pid=4122->guuid=7c3d8513-1a00-0000-eec3-1a591b100000 pid=4123 execve guuid=6d157c14-1a00-0000-eec3-1a5921100000 pid=4129 /usr/bin/killall guuid=bfb84b14-1a00-0000-eec3-1a591f100000 pid=4127->guuid=6d157c14-1a00-0000-eec3-1a5921100000 pid=4129 execve guuid=ff5c6d15-1a00-0000-eec3-1a5927100000 pid=4135 /usr/bin/killall guuid=5be83d15-1a00-0000-eec3-1a5925100000 pid=4133->guuid=ff5c6d15-1a00-0000-eec3-1a5927100000 pid=4135 execve guuid=565a5016-1a00-0000-eec3-1a592f100000 pid=4143 /usr/bin/killall guuid=59cc2716-1a00-0000-eec3-1a592b100000 pid=4139->guuid=565a5016-1a00-0000-eec3-1a592f100000 pid=4143 execve guuid=e0369053-1b00-0000-eec3-1a5911130000 pid=4881 /usr/bin/pgrep guuid=93032053-1b00-0000-eec3-1a590f130000 pid=4879->guuid=e0369053-1b00-0000-eec3-1a5911130000 pid=4881 execve guuid=7a0b6957-1b00-0000-eec3-1a5913130000 pid=4883 /usr/bin/killall guuid=c8e93a57-1b00-0000-eec3-1a5912130000 pid=4882->guuid=7a0b6957-1b00-0000-eec3-1a5913130000 pid=4883 execve guuid=56b83d58-1b00-0000-eec3-1a5915130000 pid=4885 /usr/bin/killall guuid=0e391458-1b00-0000-eec3-1a5914130000 pid=4884->guuid=56b83d58-1b00-0000-eec3-1a5915130000 pid=4885 execve guuid=8c3f0159-1b00-0000-eec3-1a5917130000 pid=4887 /usr/bin/killall guuid=c262db58-1b00-0000-eec3-1a5916130000 pid=4886->guuid=8c3f0159-1b00-0000-eec3-1a5917130000 pid=4887 execve guuid=818ec759-1b00-0000-eec3-1a5919130000 pid=4889 /usr/bin/killall guuid=8d31a159-1b00-0000-eec3-1a5918130000 pid=4888->guuid=818ec759-1b00-0000-eec3-1a5919130000 pid=4889 execve guuid=ca4a9e5a-1b00-0000-eec3-1a591f130000 pid=4895 /usr/bin/killall guuid=e7c2705a-1b00-0000-eec3-1a591d130000 pid=4893->guuid=ca4a9e5a-1b00-0000-eec3-1a591f130000 pid=4895 execve guuid=6177a85b-1b00-0000-eec3-1a5922130000 pid=4898 /usr/bin/killall guuid=a69f7b5b-1b00-0000-eec3-1a5921130000 pid=4897->guuid=6177a85b-1b00-0000-eec3-1a5922130000 pid=4898 execve guuid=c460f45c-1b00-0000-eec3-1a5924130000 pid=4900 /usr/bin/killall guuid=33e3ba5c-1b00-0000-eec3-1a5923130000 pid=4899->guuid=c460f45c-1b00-0000-eec3-1a5924130000 pid=4900 execve guuid=0187135e-1b00-0000-eec3-1a5926130000 pid=4902 /usr/bin/killall guuid=8e1acf5d-1b00-0000-eec3-1a5925130000 pid=4901->guuid=0187135e-1b00-0000-eec3-1a5926130000 pid=4902 execve guuid=99019789-1c00-0000-eec3-1a5928130000 pid=4904 /usr/bin/pgrep guuid=7e094189-1c00-0000-eec3-1a5927130000 pid=4903->guuid=99019789-1c00-0000-eec3-1a5928130000 pid=4904 execve guuid=d0af698e-1c00-0000-eec3-1a592a130000 pid=4906 /usr/bin/killall guuid=6c0b318e-1c00-0000-eec3-1a5929130000 pid=4905->guuid=d0af698e-1c00-0000-eec3-1a592a130000 pid=4906 execve guuid=ad822c90-1c00-0000-eec3-1a592c130000 pid=4908 /usr/bin/killall guuid=881fc88f-1c00-0000-eec3-1a592b130000 pid=4907->guuid=ad822c90-1c00-0000-eec3-1a592c130000 pid=4908 execve guuid=bb151f92-1c00-0000-eec3-1a592e130000 pid=4910 /usr/bin/killall guuid=093dca91-1c00-0000-eec3-1a592d130000 pid=4909->guuid=bb151f92-1c00-0000-eec3-1a592e130000 pid=4910 execve guuid=20b2ce93-1c00-0000-eec3-1a5930130000 pid=4912 /usr/bin/killall guuid=91c57493-1c00-0000-eec3-1a592f130000 pid=4911->guuid=20b2ce93-1c00-0000-eec3-1a5930130000 pid=4912 execve guuid=c0678195-1c00-0000-eec3-1a5932130000 pid=4914 /usr/bin/killall guuid=cbfc2d95-1c00-0000-eec3-1a5931130000 pid=4913->guuid=c0678195-1c00-0000-eec3-1a5932130000 pid=4914 execve guuid=80ea3f97-1c00-0000-eec3-1a5934130000 pid=4916 /usr/bin/killall guuid=8bdce496-1c00-0000-eec3-1a5933130000 pid=4915->guuid=80ea3f97-1c00-0000-eec3-1a5934130000 pid=4916 execve guuid=f08ce998-1c00-0000-eec3-1a5936130000 pid=4918 /usr/bin/killall guuid=78519998-1c00-0000-eec3-1a5935130000 pid=4917->guuid=f08ce998-1c00-0000-eec3-1a5936130000 pid=4918 execve guuid=bace129a-1c00-0000-eec3-1a5938130000 pid=4920 /usr/bin/killall guuid=9742e299-1c00-0000-eec3-1a5937130000 pid=4919->guuid=bace129a-1c00-0000-eec3-1a5938130000 pid=4920 execve guuid=43189bc5-1d00-0000-eec3-1a593a130000 pid=4922 /usr/bin/pgrep guuid=580339c5-1d00-0000-eec3-1a5939130000 pid=4921->guuid=43189bc5-1d00-0000-eec3-1a593a130000 pid=4922 execve guuid=054c9fc9-1d00-0000-eec3-1a593c130000 pid=4924 /usr/bin/killall guuid=01ad48c9-1d00-0000-eec3-1a593b130000 pid=4923->guuid=054c9fc9-1d00-0000-eec3-1a593c130000 pid=4924 execve guuid=fb44caca-1d00-0000-eec3-1a593e130000 pid=4926 /usr/bin/killall guuid=f90891ca-1d00-0000-eec3-1a593d130000 pid=4925->guuid=fb44caca-1d00-0000-eec3-1a593e130000 pid=4926 execve guuid=4cec6dcc-1d00-0000-eec3-1a5940130000 pid=4928 /usr/bin/killall guuid=ee8102cc-1d00-0000-eec3-1a593f130000 pid=4927->guuid=4cec6dcc-1d00-0000-eec3-1a5940130000 pid=4928 execve guuid=b903c3cd-1d00-0000-eec3-1a5942130000 pid=4930 /usr/bin/killall guuid=332d70cd-1d00-0000-eec3-1a5941130000 pid=4929->guuid=b903c3cd-1d00-0000-eec3-1a5942130000 pid=4930 execve guuid=ea6f0fcf-1d00-0000-eec3-1a5944130000 pid=4932 /usr/bin/killall guuid=e6e4c0ce-1d00-0000-eec3-1a5943130000 pid=4931->guuid=ea6f0fcf-1d00-0000-eec3-1a5944130000 pid=4932 execve guuid=de16fdd0-1d00-0000-eec3-1a5946130000 pid=4934 /usr/bin/killall guuid=8d74a5d0-1d00-0000-eec3-1a5945130000 pid=4933->guuid=de16fdd0-1d00-0000-eec3-1a5946130000 pid=4934 execve guuid=13347ed2-1d00-0000-eec3-1a5948130000 pid=4936 /usr/bin/killall guuid=f3c735d2-1d00-0000-eec3-1a5947130000 pid=4935->guuid=13347ed2-1d00-0000-eec3-1a5948130000 pid=4936 execve guuid=b7f5add4-1d00-0000-eec3-1a594a130000 pid=4938 /usr/bin/killall guuid=a43d5cd4-1d00-0000-eec3-1a5949130000 pid=4937->guuid=b7f5add4-1d00-0000-eec3-1a594a130000 pid=4938 execve guuid=d52a1101-1f00-0000-eec3-1a594c130000 pid=4940 /usr/bin/pgrep guuid=a7adaa00-1f00-0000-eec3-1a594b130000 pid=4939->guuid=d52a1101-1f00-0000-eec3-1a594c130000 pid=4940 execve guuid=b68e0705-1f00-0000-eec3-1a594e130000 pid=4942 /usr/bin/killall guuid=4c90d804-1f00-0000-eec3-1a594d130000 pid=4941->guuid=b68e0705-1f00-0000-eec3-1a594e130000 pid=4942 execve guuid=c762c106-1f00-0000-eec3-1a5950130000 pid=4944 /usr/bin/killall guuid=75f06706-1f00-0000-eec3-1a594f130000 pid=4943->guuid=c762c106-1f00-0000-eec3-1a5950130000 pid=4944 execve guuid=c1652208-1f00-0000-eec3-1a5952130000 pid=4946 /usr/bin/killall guuid=da69cd07-1f00-0000-eec3-1a5951130000 pid=4945->guuid=c1652208-1f00-0000-eec3-1a5952130000 pid=4946 execve guuid=782fd209-1f00-0000-eec3-1a5954130000 pid=4948 /usr/bin/killall guuid=48f87c09-1f00-0000-eec3-1a5953130000 pid=4947->guuid=782fd209-1f00-0000-eec3-1a5954130000 pid=4948 execve guuid=172a7f0b-1f00-0000-eec3-1a5956130000 pid=4950 /usr/bin/killall guuid=d6f12a0b-1f00-0000-eec3-1a5955130000 pid=4949->guuid=172a7f0b-1f00-0000-eec3-1a5956130000 pid=4950 execve guuid=17fb2e0d-1f00-0000-eec3-1a5958130000 pid=4952 /usr/bin/killall guuid=ab84dd0c-1f00-0000-eec3-1a5957130000 pid=4951->guuid=17fb2e0d-1f00-0000-eec3-1a5958130000 pid=4952 execve guuid=e057c70e-1f00-0000-eec3-1a595a130000 pid=4954 /usr/bin/killall guuid=c84a720e-1f00-0000-eec3-1a5959130000 pid=4953->guuid=e057c70e-1f00-0000-eec3-1a595a130000 pid=4954 execve guuid=dbcf4810-1f00-0000-eec3-1a595c130000 pid=4956 /usr/bin/killall guuid=6ba30b10-1f00-0000-eec3-1a595b130000 pid=4955->guuid=dbcf4810-1f00-0000-eec3-1a595c130000 pid=4956 execve guuid=d2aa8f3c-2000-0000-eec3-1a595e130000 pid=4958 /usr/bin/pgrep guuid=4b1c2d3c-2000-0000-eec3-1a595d130000 pid=4957->guuid=d2aa8f3c-2000-0000-eec3-1a595e130000 pid=4958 execve guuid=6ce63641-2000-0000-eec3-1a5960130000 pid=4960 /usr/bin/killall guuid=b5dce140-2000-0000-eec3-1a595f130000 pid=4959->guuid=6ce63641-2000-0000-eec3-1a5960130000 pid=4960 execve guuid=8402ac42-2000-0000-eec3-1a5962130000 pid=4962 /usr/bin/killall guuid=76046042-2000-0000-eec3-1a5961130000 pid=4961->guuid=8402ac42-2000-0000-eec3-1a5962130000 pid=4962 execve guuid=23ae5544-2000-0000-eec3-1a5964130000 pid=4964 /usr/bin/killall guuid=0a99fe43-2000-0000-eec3-1a5963130000 pid=4963->guuid=23ae5544-2000-0000-eec3-1a5964130000 pid=4964 execve guuid=91e2f945-2000-0000-eec3-1a5966130000 pid=4966 /usr/bin/killall guuid=4e12a245-2000-0000-eec3-1a5965130000 pid=4965->guuid=91e2f945-2000-0000-eec3-1a5966130000 pid=4966 execve guuid=bcbaa047-2000-0000-eec3-1a5968130000 pid=4968 /usr/bin/killall guuid=f7ef4747-2000-0000-eec3-1a5967130000 pid=4967->guuid=bcbaa047-2000-0000-eec3-1a5968130000 pid=4968 execve guuid=04e44e49-2000-0000-eec3-1a596a130000 pid=4970 /usr/bin/killall guuid=a62ff748-2000-0000-eec3-1a5969130000 pid=4969->guuid=04e44e49-2000-0000-eec3-1a596a130000 pid=4970 execve guuid=fff8fc4a-2000-0000-eec3-1a596c130000 pid=4972 /usr/bin/killall guuid=75d6a44a-2000-0000-eec3-1a596b130000 pid=4971->guuid=fff8fc4a-2000-0000-eec3-1a596c130000 pid=4972 execve guuid=41a4aa4c-2000-0000-eec3-1a596e130000 pid=4974 /usr/bin/killall guuid=e5cc534c-2000-0000-eec3-1a596d130000 pid=4973->guuid=41a4aa4c-2000-0000-eec3-1a596e130000 pid=4974 execve guuid=4ac4ea78-2100-0000-eec3-1a5970130000 pid=4976 /usr/bin/pgrep guuid=fbe38578-2100-0000-eec3-1a596f130000 pid=4975->guuid=4ac4ea78-2100-0000-eec3-1a5970130000 pid=4976 execve guuid=810d7f7d-2100-0000-eec3-1a5972130000 pid=4978 /usr/bin/killall guuid=5e1d2d7d-2100-0000-eec3-1a5971130000 pid=4977->guuid=810d7f7d-2100-0000-eec3-1a5972130000 pid=4978 execve guuid=2db0d97e-2100-0000-eec3-1a5974130000 pid=4980 /usr/bin/killall guuid=8e34927e-2100-0000-eec3-1a5973130000 pid=4979->guuid=2db0d97e-2100-0000-eec3-1a5974130000 pid=4980 execve guuid=ffcb8880-2100-0000-eec3-1a5976130000 pid=4982 /usr/bin/killall guuid=efba3380-2100-0000-eec3-1a5975130000 pid=4981->guuid=ffcb8880-2100-0000-eec3-1a5976130000 pid=4982 execve guuid=812c3382-2100-0000-eec3-1a5978130000 pid=4984 /usr/bin/killall guuid=d901de81-2100-0000-eec3-1a5977130000 pid=4983->guuid=812c3382-2100-0000-eec3-1a5978130000 pid=4984 execve guuid=ced0e083-2100-0000-eec3-1a597a130000 pid=4986 /usr/bin/killall guuid=e37f9383-2100-0000-eec3-1a5979130000 pid=4985->guuid=ced0e083-2100-0000-eec3-1a597a130000 pid=4986 execve guuid=34229985-2100-0000-eec3-1a597c130000 pid=4988 /usr/bin/killall guuid=92224185-2100-0000-eec3-1a597b130000 pid=4987->guuid=34229985-2100-0000-eec3-1a597c130000 pid=4988 execve guuid=d6ed5787-2100-0000-eec3-1a597e130000 pid=4990 /usr/bin/killall guuid=d5780087-2100-0000-eec3-1a597d130000 pid=4989->guuid=d6ed5787-2100-0000-eec3-1a597e130000 pid=4990 execve guuid=a5c4f988-2100-0000-eec3-1a5980130000 pid=4992 /usr/bin/killall guuid=2c9ba788-2100-0000-eec3-1a597f130000 pid=4991->guuid=a5c4f988-2100-0000-eec3-1a5980130000 pid=4992 execve guuid=1a503fb5-2200-0000-eec3-1a5982130000 pid=4994 /usr/bin/pgrep guuid=7defddb4-2200-0000-eec3-1a5981130000 pid=4993->guuid=1a503fb5-2200-0000-eec3-1a5982130000 pid=4994 execve guuid=9168fdb8-2200-0000-eec3-1a5984130000 pid=4996 /usr/bin/killall guuid=2f89cfb8-2200-0000-eec3-1a5983130000 pid=4995->guuid=9168fdb8-2200-0000-eec3-1a5984130000 pid=4996 execve guuid=4a09e2b9-2200-0000-eec3-1a5986130000 pid=4998 /usr/bin/killall guuid=db49b5b9-2200-0000-eec3-1a5985130000 pid=4997->guuid=4a09e2b9-2200-0000-eec3-1a5986130000 pid=4998 execve guuid=19cc64bb-2200-0000-eec3-1a5988130000 pid=5000 /usr/bin/killall guuid=b3de13bb-2200-0000-eec3-1a5987130000 pid=4999->guuid=19cc64bb-2200-0000-eec3-1a5988130000 pid=5000 execve guuid=eea196bc-2200-0000-eec3-1a598a130000 pid=5002 /usr/bin/killall guuid=ee2148bc-2200-0000-eec3-1a5989130000 pid=5001->guuid=eea196bc-2200-0000-eec3-1a598a130000 pid=5002 execve guuid=9492b7bd-2200-0000-eec3-1a598c130000 pid=5004 /usr/bin/killall guuid=e19f81bd-2200-0000-eec3-1a598b130000 pid=5003->guuid=9492b7bd-2200-0000-eec3-1a598c130000 pid=5004 execve guuid=5e923bbf-2200-0000-eec3-1a598e130000 pid=5006 /usr/bin/killall guuid=1e9ef0be-2200-0000-eec3-1a598d130000 pid=5005->guuid=5e923bbf-2200-0000-eec3-1a598e130000 pid=5006 execve guuid=714658c0-2200-0000-eec3-1a5990130000 pid=5008 /usr/bin/killall guuid=7f9920c0-2200-0000-eec3-1a598f130000 pid=5007->guuid=714658c0-2200-0000-eec3-1a5990130000 pid=5008 execve guuid=a518ecc1-2200-0000-eec3-1a5992130000 pid=5010 /usr/bin/killall guuid=0d6a98c1-2200-0000-eec3-1a5991130000 pid=5009->guuid=a518ecc1-2200-0000-eec3-1a5992130000 pid=5010 execve guuid=a5bad2ed-2300-0000-eec3-1a5994130000 pid=5012 /usr/bin/pgrep guuid=b60571ed-2300-0000-eec3-1a5993130000 pid=5011->guuid=a5bad2ed-2300-0000-eec3-1a5994130000 pid=5012 execve guuid=b36275f2-2300-0000-eec3-1a5996130000 pid=5014 /usr/bin/killall guuid=a1dc1bf2-2300-0000-eec3-1a5995130000 pid=5013->guuid=b36275f2-2300-0000-eec3-1a5996130000 pid=5014 execve guuid=51eadaf3-2300-0000-eec3-1a5998130000 pid=5016 /usr/bin/killall guuid=51bc89f3-2300-0000-eec3-1a5997130000 pid=5015->guuid=51eadaf3-2300-0000-eec3-1a5998130000 pid=5016 execve guuid=512250f5-2300-0000-eec3-1a599a130000 pid=5018 /usr/bin/killall guuid=e552fcf4-2300-0000-eec3-1a5999130000 pid=5017->guuid=512250f5-2300-0000-eec3-1a599a130000 pid=5018 execve guuid=f0d3ebf6-2300-0000-eec3-1a599c130000 pid=5020 /usr/bin/killall guuid=558d84f6-2300-0000-eec3-1a599b130000 pid=5019->guuid=f0d3ebf6-2300-0000-eec3-1a599c130000 pid=5020 execve guuid=d8569cf8-2300-0000-eec3-1a599e130000 pid=5022 /usr/bin/killall guuid=371f49f8-2300-0000-eec3-1a599d130000 pid=5021->guuid=d8569cf8-2300-0000-eec3-1a599e130000 pid=5022 execve guuid=00de4bfa-2300-0000-eec3-1a59a0130000 pid=5024 /usr/bin/killall guuid=5ff6faf9-2300-0000-eec3-1a599f130000 pid=5023->guuid=00de4bfa-2300-0000-eec3-1a59a0130000 pid=5024 execve guuid=17970cfc-2300-0000-eec3-1a59a2130000 pid=5026 /usr/bin/killall guuid=ae1cb2fb-2300-0000-eec3-1a59a1130000 pid=5025->guuid=17970cfc-2300-0000-eec3-1a59a2130000 pid=5026 execve guuid=8d9e84fd-2300-0000-eec3-1a59a4130000 pid=5028 /usr/bin/killall guuid=e60041fd-2300-0000-eec3-1a59a3130000 pid=5027->guuid=8d9e84fd-2300-0000-eec3-1a59a4130000 pid=5028 execve guuid=f4dec629-2500-0000-eec3-1a59a6130000 pid=5030 /usr/bin/pgrep guuid=3d606929-2500-0000-eec3-1a59a5130000 pid=5029->guuid=f4dec629-2500-0000-eec3-1a59a6130000 pid=5030 execve guuid=9c5d252e-2500-0000-eec3-1a59a8130000 pid=5032 /usr/bin/killall guuid=2ec5fa2d-2500-0000-eec3-1a59a7130000 pid=5031->guuid=9c5d252e-2500-0000-eec3-1a59a8130000 pid=5032 execve guuid=758b972f-2500-0000-eec3-1a59aa130000 pid=5034 /usr/bin/killall guuid=94eb5c2f-2500-0000-eec3-1a59a9130000 pid=5033->guuid=758b972f-2500-0000-eec3-1a59aa130000 pid=5034 execve guuid=d9a22331-2500-0000-eec3-1a59ac130000 pid=5036 /usr/bin/killall guuid=e413de30-2500-0000-eec3-1a59ab130000 pid=5035->guuid=d9a22331-2500-0000-eec3-1a59ac130000 pid=5036 execve guuid=1a96ca32-2500-0000-eec3-1a59ae130000 pid=5038 /usr/bin/killall guuid=91e77b32-2500-0000-eec3-1a59ad130000 pid=5037->guuid=1a96ca32-2500-0000-eec3-1a59ae130000 pid=5038 execve guuid=2be32834-2500-0000-eec3-1a59b0130000 pid=5040 /usr/bin/killall guuid=39d5db33-2500-0000-eec3-1a59af130000 pid=5039->guuid=2be32834-2500-0000-eec3-1a59b0130000 pid=5040 execve guuid=152bb735-2500-0000-eec3-1a59b2130000 pid=5042 /usr/bin/killall guuid=28ad7435-2500-0000-eec3-1a59b1130000 pid=5041->guuid=152bb735-2500-0000-eec3-1a59b2130000 pid=5042 execve guuid=5a413137-2500-0000-eec3-1a59b4130000 pid=5044 /usr/bin/killall guuid=f3daeb36-2500-0000-eec3-1a59b3130000 pid=5043->guuid=5a413137-2500-0000-eec3-1a59b4130000 pid=5044 execve guuid=86f3ba38-2500-0000-eec3-1a59b6130000 pid=5046 /usr/bin/killall guuid=e78f5238-2500-0000-eec3-1a59b5130000 pid=5045->guuid=86f3ba38-2500-0000-eec3-1a59b6130000 pid=5046 execve guuid=6b70ec64-2600-0000-eec3-1a59b8130000 pid=5048 /usr/bin/pgrep guuid=ad8a7264-2600-0000-eec3-1a59b7130000 pid=5047->guuid=6b70ec64-2600-0000-eec3-1a59b8130000 pid=5048 execve guuid=139c8967-2600-0000-eec3-1a59ba130000 pid=5050 /usr/bin/killall guuid=87821e67-2600-0000-eec3-1a59b9130000 pid=5049->guuid=139c8967-2600-0000-eec3-1a59ba130000 pid=5050 execve guuid=1f3ecb68-2600-0000-eec3-1a59bc130000 pid=5052 /usr/bin/killall guuid=a3924268-2600-0000-eec3-1a59bb130000 pid=5051->guuid=1f3ecb68-2600-0000-eec3-1a59bc130000 pid=5052 execve guuid=d922c869-2600-0000-eec3-1a59be130000 pid=5054 /usr/bin/killall guuid=e2327469-2600-0000-eec3-1a59bd130000 pid=5053->guuid=d922c869-2600-0000-eec3-1a59be130000 pid=5054 execve guuid=0804d16a-2600-0000-eec3-1a59c0130000 pid=5056 /usr/bin/killall guuid=c88f776a-2600-0000-eec3-1a59bf130000 pid=5055->guuid=0804d16a-2600-0000-eec3-1a59c0130000 pid=5056 execve guuid=5c55fe6b-2600-0000-eec3-1a59c2130000 pid=5058 /usr/bin/killall guuid=721ead6b-2600-0000-eec3-1a59c1130000 pid=5057->guuid=5c55fe6b-2600-0000-eec3-1a59c2130000 pid=5058 execve guuid=0443336d-2600-0000-eec3-1a59c4130000 pid=5060 /usr/bin/killall guuid=c057d76c-2600-0000-eec3-1a59c3130000 pid=5059->guuid=0443336d-2600-0000-eec3-1a59c4130000 pid=5060 execve guuid=3fc4d86e-2600-0000-eec3-1a59c6130000 pid=5062 /usr/bin/killall guuid=bbb0806e-2600-0000-eec3-1a59c5130000 pid=5061->guuid=3fc4d86e-2600-0000-eec3-1a59c6130000 pid=5062 execve guuid=ec4d8170-2600-0000-eec3-1a59c8130000 pid=5064 /usr/bin/killall guuid=110c3370-2600-0000-eec3-1a59c7130000 pid=5063->guuid=ec4d8170-2600-0000-eec3-1a59c8130000 pid=5064 execve
Malware family:
Gafgyt
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/f8811f6d-02db-4286-aae4-8ac6789850bf
Result
Threat name:
Gafgyt, Mirai
Create hunting rule
Detection:
malicious
Classification:
spre.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1734507
Signature
Antivirus / Scanner detection for submitted sample
Connects to many ports of the same IP (likely port scanning)
Contains symbols with names commonly found in malware
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Opens /proc/net/* files useful for finding connected devices and routers
Sample tries to kill multiple processes (SIGKILL)
Suricata IDS alerts for network traffic
Terminates several processes with shell command 'killall'
Yara detected Gafgyt
Yara detected Mirai
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1734507 Sample: ssh.elf Startdate: 12/07/2025 Architecture: LINUX Score: 100 38 206.123.128.67, 52862, 52864, 52866 LEASEWEB-USA-NYC-11US United States 2->38 40 gay.energy 2->40 42 daisy.ubuntu.com 2->42 44 Suricata IDS alerts for network traffic 2->44 46 Malicious sample detected (through community Yara rule) 2->46 48 Antivirus / Scanner detection for submitted sample 2->48 50 5 other signatures 2->50 9 ssh.elf 2->9         started        signatures3 process4 signatures5 54 Opens /proc/net/* files useful for finding connected devices and routers 9->54 12 ssh.elf 9->12         started        process6 signatures7 56 Sample tries to kill multiple processes (SIGKILL) 12->56 15 ssh.elf sh 12->15         started        17 ssh.elf sh 12->17         started        19 ssh.elf sh 12->19         started        21 59 other processes 12->21 process8 process9 23 sh killall 15->23         started        26 sh killall 17->26         started        28 sh killall 19->28         started        30 sh killall 21->30         started        32 sh killall 21->32         started        34 sh killall 21->34         started        36 56 other processes 21->36 signatures10 52 Terminates several processes with shell command 'killall' 23->52
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/625e9444371bda1468375f4d8d5dbf245e0b528d34bed452a34f6fc0490a0749
Detection:
mirai
Create hunting rule
Link:
https://mwdb.cert.pl/sample/625e9444371bda1468375f4d8d5dbf245e0b528d34bed452a34f6fc0490a0749/
Verdict:
Malicious
Threat:
Linux.Backdoor.Gafgyt
Link:
https://tip.neiki.dev/file/625e9444371bda1468375f4d8d5dbf245e0b528d34bed452a34f6fc0490a0749
Threat name:
Linux.Backdoor.Gafgyt
Create hunting rule
Status:
Malicious
First seen:
2025-07-12 05:45:28 UTC
File Type:
ELF64 Little (Exe)
AV detection:
17 of 24 (70.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mjpjirbxdpnbi2bxl5gy2xn7erpawuungs7niuvdj5x4asika5eq._file
Result
Malware family:
gafgyt
Create hunting rule
Score:
  10/10
Tags:
family:gafgyt defense_evasion discovery linux
Link:
https://tria.ge/reports/250712-gfxq4adp6t/
Behaviour
Reads runtime system information
Writes file to tmp directory
Changes its process name
Reads CPU attributes
Reads system network configuration
Enumerates running processes
Reads system routing table
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Verdict:
Malicious
Tags:
trojan gafgyt mirai Unix.Trojan.Gafgyt-6981154-0
YARA:
Linux_Trojan_Gafgyt_28a2fe0c Linux_Trojan_Gafgyt_a6a2adb9 Linux_Trojan_Gafgyt_9e9530a7 Linux_Trojan_Gafgyt_f3d83a74 Linux_Trojan_Gafgyt_807911a2 Linux_Trojan_Gafgyt_e0673a90 Linux_Trojan_Gafgyt_a0a4de11 Linux_Trojan_Gafgyt_d4227dbf Linux_Trojan_Gafgyt_09c3070e Linux_Trojan_Gafgyt_46eec778 Linux_Trojan_Gafgyt_d996d335 Linux_Trojan_Gafgyt_d0c57a2e Linux_Trojan_Gafgyt_656bf077 Linux_Trojan_Gafgyt_620087b9 Linux_Trojan_Gafgyt_dd0d6173 Linux_Trojan_Gafgyt_779e142f Linux_Trojan_Gafgyt_cf84c9f2 Linux_Trojan_Gafgyt_0cd591cd Linux_Trojan_Gafgyt_33b4111a Linux_Trojan_Gafgyt_862c4e0e Linux_Trojan_Gafgyt_32eb0c81 Linux_Trojan_Gafgyt_a33a8363 Linux_Trojan_Mirai_3fe3c668 Linux_Trojan_Mirai_637f2c04 elf_bashlite_auto Linux_Gafgyt_May_2024
Link:
https://app.threat.zone/submission/341e8074-f88f-4c4a-9ec8-3a3f607cdebd
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/625e9444371bda1468375f4d8d5dbf245e0b528d34bed452a34f6fc0490a0749

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:botnet_plaintext_c2
Create hunting rule
Author:cip
Description:Attempts to match at least some of the strings used in some botnet variants which use plaintext communication protocols.
Rule name:elf_bashlite_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects elf.bashlite.
Rule name:Linux_Gafgyt_Generic
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Mirai/Gafgyt samples
Rule name:Linux_Trojan_Gafgyt_09c3070e
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_0cd591cd
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_28a2fe0c
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_32eb0c81
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_33b4111a
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_46eec778
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_620087b9
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_656bf077
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_779e142f
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_807911a2
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_862c4e0e
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_9e9530a7
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_a0a4de11
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_a33a8363
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_a6a2adb9
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_cf84c9f2
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_d0c57a2e
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_d4227dbf
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_d996d335
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_dd0d6173
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_e0673a90
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Gafgyt_f3d83a74
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_3fe3c668
Create hunting rule
Author:Elastic Security
Rule name:Linux_Trojan_Mirai_637f2c04
Create hunting rule
Author:Elastic Security
Rule name:Mal_LNX_Gafgyt_Botnet_ELF
Create hunting rule
Author:Phatcharadol Thangplub
Description:Use to detect Gafgyt botnet, and there variants.
Rule name:setsockopt
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for setsockopt() red flags
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

elf 625e9444371bda1468375f4d8d5dbf245e0b528d34bed452a34f6fc0490a0749

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3576535/
  
Delivery method
Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_PIEMissing Position-Independent Executable (PIE) Protectionhigh

Comments