MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6473ff099675cd5a7468f1f4bff1d22a3769f6a6d757a91bc87442b193b57b6b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6473ff099675cd5a7468f1f4bff1d22a3769f6a6d757a91bc87442b193b57b6b
SHA3-384 hash: a7e1817991ac3acb1a1182c4e0c509d081d2a7ce6d98c0461d2fe8ef559db3fce04560d24c22a59f3be4fce2fe302ebd
SHA1 hash: ecdf9fc7b08e7a54bb2f5e857972cdd2f9a12bb3
MD5 hash: bb10227cd7efd0a28d5fedccb0c620cb
humanhash: muppet-pip-eighteen-lima
File name:ohshit.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'007 bytes
First seen:2026-01-24 08:00:57 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:iO7F7N7hOQ6GOgIzPOAKWOCoUO7C7o7UOfr3bOV9ROGcgOxpVOISOOU+CO7fTOTk:iO7F7N7hOQ6GOgIzPOAKWOCoUO7C7o7w
TLSH T19F51B08D42444D7A2D676E53EEB761683083D1B219EABF95DAC8BEF0074FD1A3140763
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://167.88.164.167/hiddenbin/boatnet.x86fbbbb78af0b286efb5c9d0bc0ec1cee87b1ad3b6ba9f36f7e7e70495129bb3fa Miraielf mirai ua-wget
http://167.88.164.167/hiddenbin/boatnet.mips6ce3e03082e6381112f007b173ae1ec419479a599560bd242bd51a35eb4358a5 Miraielf mirai ua-wget
http://167.88.164.167/hiddenbin/boatnet.arcb2cb954d4da4f46675fed24646cfee8e19072beea03b66e7ce0a31f6ea6cc1ae Miraielf mirai ua-wget
http://167.88.164.167/hiddenbin/boatnet.i468n/an/aelf ua-wget
http://167.88.164.167/hiddenbin/boatnet.i686n/an/aelf ua-wget
http://167.88.164.167/hiddenbin/boatnet.x86_64n/an/aelf ua-wget
http://167.88.164.167/hiddenbin/boatnet.mpslb3785ce6d33809a45a6217d12cd1b2040715617f76afc69a6b92629efbed23f8 Miraielf mirai ua-wget
http://167.88.164.167/hiddenbin/boatnet.arm6c32c4038da5e4b810ff21b5ff60c762d00173bd131618cea84122a2de562948 Miraielf mirai ua-wget
http://167.88.164.167/hiddenbin/boatnet.arm51e6f0a9355dc5db8f99978dccfdc3df5f3b3e8375da860d5b899815ac1917420 Miraielf mirai ua-wget
http://167.88.164.167/hiddenbin/boatnet.arm6562d17800122196dab14bea876f58da47db9d7a88abb8c60fd3abba479aa8401 Miraielf mirai ua-wget
http://167.88.164.167/hiddenbin/boatnet.arm772682692e6fe8efd5bd7bbcbfb6b7e252b975aae6829462c7ca269d63dbffca8 Miraielf mirai ua-wget
http://167.88.164.167/hiddenbin/boatnet.ppc056fb753639e1fe84a3509173309815320bb35d52356664d7acce7c23bd05b1a Miraielf mirai ua-wget
http://167.88.164.167/hiddenbin/boatnet.spcn/an/aelf ua-wget
http://167.88.164.167/hiddenbin/boatnet.m68k7b178cce65dc25e492e52a865d899c7b7ade906b1937f8d82a95a39eb7d4c38f Miraielf mirai ua-wget
http://167.88.164.167/hiddenbin/boatnet.sh4032378d26a8e343e980eb8aad7832dc77ed35283c3ffcbf48f5c7597dea89e78 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
53
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox medusa mirai virus
Link:
https://www.filescan.io/uploads/69747c5755805a763ff3eb01/reports/788bd235-5782-4bdd-a9a1-f4cd70f2f750/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-01-24T05:12:00Z UTC
Last seen:
2026-01-24T15:32:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/6473ff099675cd5a7468f1f4bff1d22a3769f6a6d757a91bc87442b193b57b6b/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/63df9388-0d34-47a4-ac9d-ff0786678931
Behavior Graph:
Download SVG
%3 guuid=c8f2fc98-1600-0000-5f0d-334feb0f0000 pid=4075 /usr/bin/sudo guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083 /tmp/sample.bin guuid=c8f2fc98-1600-0000-5f0d-334feb0f0000 pid=4075->guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083 execve guuid=928b909b-1600-0000-5f0d-334ff70f0000 pid=4087 /usr/bin/cp guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=928b909b-1600-0000-5f0d-334ff70f0000 pid=4087 execve guuid=cdfe8ca0-1600-0000-5f0d-334f08100000 pid=4104 /usr/bin/wget net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=cdfe8ca0-1600-0000-5f0d-334f08100000 pid=4104 execve guuid=6fcce7c0-1600-0000-5f0d-334f84100000 pid=4228 /usr/bin/curl net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=6fcce7c0-1600-0000-5f0d-334f84100000 pid=4228 execve guuid=074e60e3-1600-0000-5f0d-334fed100000 pid=4333 /usr/bin/cat guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=074e60e3-1600-0000-5f0d-334fed100000 pid=4333 execve guuid=f32cf8e3-1600-0000-5f0d-334fef100000 pid=4335 /usr/bin/chmod guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=f32cf8e3-1600-0000-5f0d-334fef100000 pid=4335 execve guuid=1f5b5fe4-1600-0000-5f0d-334ff1100000 pid=4337 /tmp/WTF net guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=1f5b5fe4-1600-0000-5f0d-334ff1100000 pid=4337 execve guuid=973577e5-1600-0000-5f0d-334ffa100000 pid=4346 /usr/bin/wget net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=973577e5-1600-0000-5f0d-334ffa100000 pid=4346 execve guuid=150f1205-1700-0000-5f0d-334f80110000 pid=4480 /usr/bin/curl net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=150f1205-1700-0000-5f0d-334f80110000 pid=4480 execve guuid=00f52425-1700-0000-5f0d-334ffa110000 pid=4602 /usr/bin/bash guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=00f52425-1700-0000-5f0d-334ffa110000 pid=4602 clone guuid=4aaf4025-1700-0000-5f0d-334ffb110000 pid=4603 /usr/bin/chmod guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=4aaf4025-1700-0000-5f0d-334ffb110000 pid=4603 execve guuid=7bf98225-1700-0000-5f0d-334fff110000 pid=4607 /tmp/WTF net guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=7bf98225-1700-0000-5f0d-334fff110000 pid=4607 execve guuid=d8ad1f26-1700-0000-5f0d-334f07120000 pid=4615 /usr/bin/wget net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=d8ad1f26-1700-0000-5f0d-334f07120000 pid=4615 execve guuid=9490b54a-1700-0000-5f0d-334f6e120000 pid=4718 /usr/bin/curl net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=9490b54a-1700-0000-5f0d-334f6e120000 pid=4718 execve guuid=ba5c6672-1700-0000-5f0d-334fd6120000 pid=4822 /usr/bin/bash guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=ba5c6672-1700-0000-5f0d-334fd6120000 pid=4822 clone guuid=42aa7c72-1700-0000-5f0d-334fd8120000 pid=4824 /usr/bin/chmod guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=42aa7c72-1700-0000-5f0d-334fd8120000 pid=4824 execve guuid=ea67c072-1700-0000-5f0d-334fda120000 pid=4826 /tmp/WTF net guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=ea67c072-1700-0000-5f0d-334fda120000 pid=4826 execve guuid=b4666973-1700-0000-5f0d-334fe1120000 pid=4833 /usr/bin/wget net send-data guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=b4666973-1700-0000-5f0d-334fe1120000 pid=4833 execve guuid=44eb9d82-1700-0000-5f0d-334f24130000 pid=4900 /usr/bin/curl net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=44eb9d82-1700-0000-5f0d-334f24130000 pid=4900 execve guuid=1e4f5393-1700-0000-5f0d-334f6e130000 pid=4974 /usr/bin/bash guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=1e4f5393-1700-0000-5f0d-334f6e130000 pid=4974 clone guuid=61157a93-1700-0000-5f0d-334f6f130000 pid=4975 /usr/bin/chmod guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=61157a93-1700-0000-5f0d-334f6f130000 pid=4975 execve guuid=f2d1f793-1700-0000-5f0d-334f71130000 pid=4977 /tmp/WTF net guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=f2d1f793-1700-0000-5f0d-334f71130000 pid=4977 execve guuid=97a6cb94-1700-0000-5f0d-334f78130000 pid=4984 /usr/bin/wget net send-data guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=97a6cb94-1700-0000-5f0d-334f78130000 pid=4984 execve guuid=d0ace3a4-1700-0000-5f0d-334fb0130000 pid=5040 /usr/bin/curl net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=d0ace3a4-1700-0000-5f0d-334fb0130000 pid=5040 execve guuid=e3be93b5-1700-0000-5f0d-334f05140000 pid=5125 /usr/bin/bash guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=e3be93b5-1700-0000-5f0d-334f05140000 pid=5125 clone guuid=4a07aeb5-1700-0000-5f0d-334f06140000 pid=5126 /usr/bin/chmod guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=4a07aeb5-1700-0000-5f0d-334f06140000 pid=5126 execve guuid=79d9edb5-1700-0000-5f0d-334f08140000 pid=5128 /tmp/WTF net guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=79d9edb5-1700-0000-5f0d-334f08140000 pid=5128 execve guuid=db2a96b6-1700-0000-5f0d-334f0e140000 pid=5134 /usr/bin/wget net send-data guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=db2a96b6-1700-0000-5f0d-334f0e140000 pid=5134 execve guuid=884a42c6-1700-0000-5f0d-334f44140000 pid=5188 /usr/bin/curl net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=884a42c6-1700-0000-5f0d-334f44140000 pid=5188 execve guuid=57fca2d7-1700-0000-5f0d-334f86140000 pid=5254 /usr/bin/bash guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=57fca2d7-1700-0000-5f0d-334f86140000 pid=5254 clone guuid=4e52bfd7-1700-0000-5f0d-334f87140000 pid=5255 /usr/bin/chmod guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=4e52bfd7-1700-0000-5f0d-334f87140000 pid=5255 execve guuid=c8e02cd8-1700-0000-5f0d-334f88140000 pid=5256 /tmp/WTF net guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=c8e02cd8-1700-0000-5f0d-334f88140000 pid=5256 execve guuid=5633e9d8-1700-0000-5f0d-334f8c140000 pid=5260 /usr/bin/wget net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=5633e9d8-1700-0000-5f0d-334f8c140000 pid=5260 execve guuid=8c61faf7-1700-0000-5f0d-334f98140000 pid=5272 /usr/bin/curl net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=8c61faf7-1700-0000-5f0d-334f98140000 pid=5272 execve guuid=9aa2c216-1800-0000-5f0d-334f99140000 pid=5273 /usr/bin/bash guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=9aa2c216-1800-0000-5f0d-334f99140000 pid=5273 clone guuid=0dcdff16-1800-0000-5f0d-334f9a140000 pid=5274 /usr/bin/chmod guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=0dcdff16-1800-0000-5f0d-334f9a140000 pid=5274 execve guuid=77efc817-1800-0000-5f0d-334f9b140000 pid=5275 /tmp/WTF net guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=77efc817-1800-0000-5f0d-334f9b140000 pid=5275 execve guuid=6fae3b19-1800-0000-5f0d-334f9f140000 pid=5279 /usr/bin/wget net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=6fae3b19-1800-0000-5f0d-334f9f140000 pid=5279 execve guuid=9caf1138-1800-0000-5f0d-334fa0140000 pid=5280 /usr/bin/curl net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=9caf1138-1800-0000-5f0d-334fa0140000 pid=5280 execve guuid=f33e7759-1800-0000-5f0d-334fa1140000 pid=5281 /usr/bin/bash guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=f33e7759-1800-0000-5f0d-334fa1140000 pid=5281 clone guuid=582b9159-1800-0000-5f0d-334fa2140000 pid=5282 /usr/bin/chmod guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=582b9159-1800-0000-5f0d-334fa2140000 pid=5282 execve guuid=a5b7e359-1800-0000-5f0d-334fa3140000 pid=5283 /tmp/WTF net guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=a5b7e359-1800-0000-5f0d-334fa3140000 pid=5283 execve guuid=e09ead5a-1800-0000-5f0d-334fa7140000 pid=5287 /usr/bin/wget net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=e09ead5a-1800-0000-5f0d-334fa7140000 pid=5287 execve guuid=401f2e71-1800-0000-5f0d-334fa8140000 pid=5288 /usr/bin/curl net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=401f2e71-1800-0000-5f0d-334fa8140000 pid=5288 execve guuid=b0a64089-1800-0000-5f0d-334fa9140000 pid=5289 /usr/bin/bash guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=b0a64089-1800-0000-5f0d-334fa9140000 pid=5289 clone guuid=04626089-1800-0000-5f0d-334faa140000 pid=5290 /usr/bin/chmod guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=04626089-1800-0000-5f0d-334faa140000 pid=5290 execve guuid=a2d1b289-1800-0000-5f0d-334fab140000 pid=5291 /tmp/WTF net guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=a2d1b289-1800-0000-5f0d-334fab140000 pid=5291 execve guuid=3cf9728a-1800-0000-5f0d-334faf140000 pid=5295 /usr/bin/wget net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=3cf9728a-1800-0000-5f0d-334faf140000 pid=5295 execve guuid=6065b9a8-1800-0000-5f0d-334fb0140000 pid=5296 /usr/bin/curl net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=6065b9a8-1800-0000-5f0d-334fb0140000 pid=5296 execve guuid=9050fbc8-1800-0000-5f0d-334fb8140000 pid=5304 /usr/bin/bash guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=9050fbc8-1800-0000-5f0d-334fb8140000 pid=5304 clone guuid=38b725c9-1800-0000-5f0d-334fb9140000 pid=5305 /usr/bin/chmod guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=38b725c9-1800-0000-5f0d-334fb9140000 pid=5305 execve guuid=8d658fc9-1800-0000-5f0d-334fba140000 pid=5306 /tmp/WTF net guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=8d658fc9-1800-0000-5f0d-334fba140000 pid=5306 execve guuid=cf9287ca-1800-0000-5f0d-334fbe140000 pid=5310 /usr/bin/wget net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=cf9287ca-1800-0000-5f0d-334fbe140000 pid=5310 execve guuid=cbe79be9-1800-0000-5f0d-334fbf140000 pid=5311 /usr/bin/curl net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=cbe79be9-1800-0000-5f0d-334fbf140000 pid=5311 execve guuid=6566f909-1900-0000-5f0d-334fc0140000 pid=5312 /usr/bin/bash guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=6566f909-1900-0000-5f0d-334fc0140000 pid=5312 clone guuid=f8081f0a-1900-0000-5f0d-334fc1140000 pid=5313 /usr/bin/chmod guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=f8081f0a-1900-0000-5f0d-334fc1140000 pid=5313 execve guuid=a9c17f0a-1900-0000-5f0d-334fc2140000 pid=5314 /tmp/WTF net guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=a9c17f0a-1900-0000-5f0d-334fc2140000 pid=5314 execve guuid=2217a00b-1900-0000-5f0d-334fc6140000 pid=5318 /usr/bin/wget net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=2217a00b-1900-0000-5f0d-334fc6140000 pid=5318 execve guuid=fecbf12a-1900-0000-5f0d-334fc7140000 pid=5319 /usr/bin/curl net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=fecbf12a-1900-0000-5f0d-334fc7140000 pid=5319 execve guuid=183c804e-1900-0000-5f0d-334fc8140000 pid=5320 /usr/bin/bash guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=183c804e-1900-0000-5f0d-334fc8140000 pid=5320 clone guuid=050fa14e-1900-0000-5f0d-334fc9140000 pid=5321 /usr/bin/chmod guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=050fa14e-1900-0000-5f0d-334fc9140000 pid=5321 execve guuid=2eddf84e-1900-0000-5f0d-334fca140000 pid=5322 /tmp/WTF net guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=2eddf84e-1900-0000-5f0d-334fca140000 pid=5322 execve guuid=fdb1db4f-1900-0000-5f0d-334fce140000 pid=5326 /usr/bin/wget net send-data guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=fdb1db4f-1900-0000-5f0d-334fce140000 pid=5326 execve guuid=19182560-1900-0000-5f0d-334fcf140000 pid=5327 /usr/bin/curl net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=19182560-1900-0000-5f0d-334fcf140000 pid=5327 execve guuid=d88a4d73-1900-0000-5f0d-334fd0140000 pid=5328 /usr/bin/bash guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=d88a4d73-1900-0000-5f0d-334fd0140000 pid=5328 clone guuid=a89eb973-1900-0000-5f0d-334fd1140000 pid=5329 /usr/bin/chmod guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=a89eb973-1900-0000-5f0d-334fd1140000 pid=5329 execve guuid=4c617e74-1900-0000-5f0d-334fd2140000 pid=5330 /tmp/WTF net guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=4c617e74-1900-0000-5f0d-334fd2140000 pid=5330 execve guuid=51b8ca75-1900-0000-5f0d-334fd6140000 pid=5334 /usr/bin/wget net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=51b8ca75-1900-0000-5f0d-334fd6140000 pid=5334 execve guuid=3af8329d-1900-0000-5f0d-334fd7140000 pid=5335 /usr/bin/curl net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=3af8329d-1900-0000-5f0d-334fd7140000 pid=5335 execve guuid=b574fdc3-1900-0000-5f0d-334fde140000 pid=5342 /usr/bin/bash guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=b574fdc3-1900-0000-5f0d-334fde140000 pid=5342 clone guuid=167f21c4-1900-0000-5f0d-334fdf140000 pid=5343 /usr/bin/chmod guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=167f21c4-1900-0000-5f0d-334fdf140000 pid=5343 execve guuid=2e7d73c4-1900-0000-5f0d-334fe0140000 pid=5344 /tmp/WTF net guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=2e7d73c4-1900-0000-5f0d-334fe0140000 pid=5344 execve guuid=7c1a3dc5-1900-0000-5f0d-334fe4140000 pid=5348 /usr/bin/wget net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=7c1a3dc5-1900-0000-5f0d-334fe4140000 pid=5348 execve guuid=d54ef1eb-1900-0000-5f0d-334fec140000 pid=5356 /usr/bin/curl net send-data write-file guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=d54ef1eb-1900-0000-5f0d-334fec140000 pid=5356 execve guuid=d94e3714-1a00-0000-5f0d-334f00150000 pid=5376 /usr/bin/bash guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=d94e3714-1a00-0000-5f0d-334f00150000 pid=5376 clone guuid=b8995b14-1a00-0000-5f0d-334f01150000 pid=5377 /usr/bin/chmod guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=b8995b14-1a00-0000-5f0d-334f01150000 pid=5377 execve guuid=16b3a614-1a00-0000-5f0d-334f02150000 pid=5378 /tmp/WTF net guuid=acb9b29a-1600-0000-5f0d-334ff30f0000 pid=4083->guuid=16b3a614-1a00-0000-5f0d-334f02150000 pid=5378 execve 15e00a20-68bc-50b8-9150-48537c8cf84b 167.88.164.167:80 guuid=cdfe8ca0-1600-0000-5f0d-334f08100000 pid=4104->15e00a20-68bc-50b8-9150-48537c8cf84b send: 150B guuid=6fcce7c0-1600-0000-5f0d-334f84100000 pid=4228->15e00a20-68bc-50b8-9150-48537c8cf84b send: 99B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=1f5b5fe4-1600-0000-5f0d-334ff1100000 pid=4337->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b8a450e5-1600-0000-5f0d-334ff5100000 pid=4341 /tmp/WTF guuid=1f5b5fe4-1600-0000-5f0d-334ff1100000 pid=4337->guuid=b8a450e5-1600-0000-5f0d-334ff5100000 pid=4341 clone guuid=af9356e5-1600-0000-5f0d-334ff6100000 pid=4342 /tmp/WTF guuid=1f5b5fe4-1600-0000-5f0d-334ff1100000 pid=4337->guuid=af9356e5-1600-0000-5f0d-334ff6100000 pid=4342 clone guuid=c8f85ce5-1600-0000-5f0d-334ff8100000 pid=4344 /tmp/WTF net send-data zombie guuid=1f5b5fe4-1600-0000-5f0d-334ff1100000 pid=4337->guuid=c8f85ce5-1600-0000-5f0d-334ff8100000 pid=4344 clone guuid=c8f85ce5-1600-0000-5f0d-334ff8100000 pid=4344->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con a8cbecd6-bd97-5c84-8a19-e003bad38bb8 216.126.236.103:3778 guuid=c8f85ce5-1600-0000-5f0d-334ff8100000 pid=4344->a8cbecd6-bd97-5c84-8a19-e003bad38bb8 send: 12B guuid=973577e5-1600-0000-5f0d-334ffa100000 pid=4346->15e00a20-68bc-50b8-9150-48537c8cf84b send: 151B guuid=150f1205-1700-0000-5f0d-334f80110000 pid=4480->15e00a20-68bc-50b8-9150-48537c8cf84b send: 100B guuid=7bf98225-1700-0000-5f0d-334fff110000 pid=4607->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=00c50d26-1700-0000-5f0d-334f03120000 pid=4611 /tmp/WTF guuid=7bf98225-1700-0000-5f0d-334fff110000 pid=4607->guuid=00c50d26-1700-0000-5f0d-334f03120000 pid=4611 clone guuid=da1b1126-1700-0000-5f0d-334f04120000 pid=4612 /tmp/WTF guuid=7bf98225-1700-0000-5f0d-334fff110000 pid=4607->guuid=da1b1126-1700-0000-5f0d-334f04120000 pid=4612 clone guuid=4d9a1426-1700-0000-5f0d-334f05120000 pid=4613 /tmp/WTF net send-data zombie guuid=7bf98225-1700-0000-5f0d-334fff110000 pid=4607->guuid=4d9a1426-1700-0000-5f0d-334f05120000 pid=4613 clone guuid=4d9a1426-1700-0000-5f0d-334f05120000 pid=4613->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4d9a1426-1700-0000-5f0d-334f05120000 pid=4613->a8cbecd6-bd97-5c84-8a19-e003bad38bb8 send: 7B guuid=d8ad1f26-1700-0000-5f0d-334f07120000 pid=4615->15e00a20-68bc-50b8-9150-48537c8cf84b send: 150B guuid=9490b54a-1700-0000-5f0d-334f6e120000 pid=4718->15e00a20-68bc-50b8-9150-48537c8cf84b send: 99B guuid=ea67c072-1700-0000-5f0d-334fda120000 pid=4826->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8e4f5173-1700-0000-5f0d-334fde120000 pid=4830 /tmp/WTF guuid=ea67c072-1700-0000-5f0d-334fda120000 pid=4826->guuid=8e4f5173-1700-0000-5f0d-334fde120000 pid=4830 clone guuid=94b95473-1700-0000-5f0d-334fdf120000 pid=4831 /tmp/WTF guuid=ea67c072-1700-0000-5f0d-334fda120000 pid=4826->guuid=94b95473-1700-0000-5f0d-334fdf120000 pid=4831 clone guuid=07a45873-1700-0000-5f0d-334fe0120000 pid=4832 /tmp/WTF net send-data zombie guuid=ea67c072-1700-0000-5f0d-334fda120000 pid=4826->guuid=07a45873-1700-0000-5f0d-334fe0120000 pid=4832 clone guuid=07a45873-1700-0000-5f0d-334fe0120000 pid=4832->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=07a45873-1700-0000-5f0d-334fe0120000 pid=4832->a8cbecd6-bd97-5c84-8a19-e003bad38bb8 send: 7B guuid=b4666973-1700-0000-5f0d-334fe1120000 pid=4833->15e00a20-68bc-50b8-9150-48537c8cf84b send: 151B guuid=44eb9d82-1700-0000-5f0d-334f24130000 pid=4900->15e00a20-68bc-50b8-9150-48537c8cf84b send: 100B guuid=f2d1f793-1700-0000-5f0d-334f71130000 pid=4977->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=369eb294-1700-0000-5f0d-334f74130000 pid=4980 /tmp/WTF guuid=f2d1f793-1700-0000-5f0d-334f71130000 pid=4977->guuid=369eb294-1700-0000-5f0d-334f74130000 pid=4980 clone guuid=159ab794-1700-0000-5f0d-334f75130000 pid=4981 /tmp/WTF guuid=f2d1f793-1700-0000-5f0d-334f71130000 pid=4977->guuid=159ab794-1700-0000-5f0d-334f75130000 pid=4981 clone guuid=2c62bd94-1700-0000-5f0d-334f76130000 pid=4982 /tmp/WTF net send-data zombie guuid=f2d1f793-1700-0000-5f0d-334f71130000 pid=4977->guuid=2c62bd94-1700-0000-5f0d-334f76130000 pid=4982 clone guuid=2c62bd94-1700-0000-5f0d-334f76130000 pid=4982->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2c62bd94-1700-0000-5f0d-334f76130000 pid=4982->a8cbecd6-bd97-5c84-8a19-e003bad38bb8 send: 7B guuid=97a6cb94-1700-0000-5f0d-334f78130000 pid=4984->15e00a20-68bc-50b8-9150-48537c8cf84b send: 151B guuid=d0ace3a4-1700-0000-5f0d-334fb0130000 pid=5040->15e00a20-68bc-50b8-9150-48537c8cf84b send: 100B guuid=79d9edb5-1700-0000-5f0d-334f08140000 pid=5128->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8c1f80b6-1700-0000-5f0d-334f0a140000 pid=5130 /tmp/WTF guuid=79d9edb5-1700-0000-5f0d-334f08140000 pid=5128->guuid=8c1f80b6-1700-0000-5f0d-334f0a140000 pid=5130 clone guuid=358c85b6-1700-0000-5f0d-334f0b140000 pid=5131 /tmp/WTF guuid=79d9edb5-1700-0000-5f0d-334f08140000 pid=5128->guuid=358c85b6-1700-0000-5f0d-334f0b140000 pid=5131 clone guuid=97bd89b6-1700-0000-5f0d-334f0c140000 pid=5132 /tmp/WTF net send-data zombie guuid=79d9edb5-1700-0000-5f0d-334f08140000 pid=5128->guuid=97bd89b6-1700-0000-5f0d-334f0c140000 pid=5132 clone guuid=97bd89b6-1700-0000-5f0d-334f0c140000 pid=5132->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=97bd89b6-1700-0000-5f0d-334f0c140000 pid=5132->a8cbecd6-bd97-5c84-8a19-e003bad38bb8 send: 7B guuid=db2a96b6-1700-0000-5f0d-334f0e140000 pid=5134->15e00a20-68bc-50b8-9150-48537c8cf84b send: 153B guuid=884a42c6-1700-0000-5f0d-334f44140000 pid=5188->15e00a20-68bc-50b8-9150-48537c8cf84b send: 102B guuid=c8e02cd8-1700-0000-5f0d-334f88140000 pid=5256->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=55c1ced8-1700-0000-5f0d-334f89140000 pid=5257 /tmp/WTF guuid=c8e02cd8-1700-0000-5f0d-334f88140000 pid=5256->guuid=55c1ced8-1700-0000-5f0d-334f89140000 pid=5257 clone guuid=7fe8d2d8-1700-0000-5f0d-334f8a140000 pid=5258 /tmp/WTF guuid=c8e02cd8-1700-0000-5f0d-334f88140000 pid=5256->guuid=7fe8d2d8-1700-0000-5f0d-334f8a140000 pid=5258 clone guuid=f81ed7d8-1700-0000-5f0d-334f8b140000 pid=5259 /tmp/WTF net send-data zombie guuid=c8e02cd8-1700-0000-5f0d-334f88140000 pid=5256->guuid=f81ed7d8-1700-0000-5f0d-334f8b140000 pid=5259 clone guuid=f81ed7d8-1700-0000-5f0d-334f8b140000 pid=5259->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f81ed7d8-1700-0000-5f0d-334f8b140000 pid=5259->a8cbecd6-bd97-5c84-8a19-e003bad38bb8 send: 7B guuid=5633e9d8-1700-0000-5f0d-334f8c140000 pid=5260->15e00a20-68bc-50b8-9150-48537c8cf84b send: 151B guuid=8c61faf7-1700-0000-5f0d-334f98140000 pid=5272->15e00a20-68bc-50b8-9150-48537c8cf84b send: 100B guuid=77efc817-1800-0000-5f0d-334f9b140000 pid=5275->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=80951a19-1800-0000-5f0d-334f9c140000 pid=5276 /tmp/WTF guuid=77efc817-1800-0000-5f0d-334f9b140000 pid=5275->guuid=80951a19-1800-0000-5f0d-334f9c140000 pid=5276 clone guuid=6b332219-1800-0000-5f0d-334f9d140000 pid=5277 /tmp/WTF guuid=77efc817-1800-0000-5f0d-334f9b140000 pid=5275->guuid=6b332219-1800-0000-5f0d-334f9d140000 pid=5277 clone guuid=46612b19-1800-0000-5f0d-334f9e140000 pid=5278 /tmp/WTF net send-data zombie guuid=77efc817-1800-0000-5f0d-334f9b140000 pid=5275->guuid=46612b19-1800-0000-5f0d-334f9e140000 pid=5278 clone guuid=46612b19-1800-0000-5f0d-334f9e140000 pid=5278->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=46612b19-1800-0000-5f0d-334f9e140000 pid=5278->a8cbecd6-bd97-5c84-8a19-e003bad38bb8 send: 7B guuid=6fae3b19-1800-0000-5f0d-334f9f140000 pid=5279->15e00a20-68bc-50b8-9150-48537c8cf84b send: 150B guuid=9caf1138-1800-0000-5f0d-334fa0140000 pid=5280->15e00a20-68bc-50b8-9150-48537c8cf84b send: 99B guuid=a5b7e359-1800-0000-5f0d-334fa3140000 pid=5283->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=0e778d5a-1800-0000-5f0d-334fa4140000 pid=5284 /tmp/WTF guuid=a5b7e359-1800-0000-5f0d-334fa3140000 pid=5283->guuid=0e778d5a-1800-0000-5f0d-334fa4140000 pid=5284 clone guuid=7697925a-1800-0000-5f0d-334fa5140000 pid=5285 /tmp/WTF guuid=a5b7e359-1800-0000-5f0d-334fa3140000 pid=5283->guuid=7697925a-1800-0000-5f0d-334fa5140000 pid=5285 clone guuid=55fa975a-1800-0000-5f0d-334fa6140000 pid=5286 /tmp/WTF net send-data zombie guuid=a5b7e359-1800-0000-5f0d-334fa3140000 pid=5283->guuid=55fa975a-1800-0000-5f0d-334fa6140000 pid=5286 clone guuid=55fa975a-1800-0000-5f0d-334fa6140000 pid=5286->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=55fa975a-1800-0000-5f0d-334fa6140000 pid=5286->a8cbecd6-bd97-5c84-8a19-e003bad38bb8 send: 7B guuid=e09ead5a-1800-0000-5f0d-334fa7140000 pid=5287->15e00a20-68bc-50b8-9150-48537c8cf84b send: 151B guuid=401f2e71-1800-0000-5f0d-334fa8140000 pid=5288->15e00a20-68bc-50b8-9150-48537c8cf84b send: 100B guuid=a2d1b289-1800-0000-5f0d-334fab140000 pid=5291->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c018538a-1800-0000-5f0d-334fac140000 pid=5292 /tmp/WTF guuid=a2d1b289-1800-0000-5f0d-334fab140000 pid=5291->guuid=c018538a-1800-0000-5f0d-334fac140000 pid=5292 clone guuid=4050598a-1800-0000-5f0d-334fad140000 pid=5293 /tmp/WTF guuid=a2d1b289-1800-0000-5f0d-334fab140000 pid=5291->guuid=4050598a-1800-0000-5f0d-334fad140000 pid=5293 clone guuid=d6f4648a-1800-0000-5f0d-334fae140000 pid=5294 /tmp/WTF net send-data zombie guuid=a2d1b289-1800-0000-5f0d-334fab140000 pid=5291->guuid=d6f4648a-1800-0000-5f0d-334fae140000 pid=5294 clone guuid=d6f4648a-1800-0000-5f0d-334fae140000 pid=5294->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d6f4648a-1800-0000-5f0d-334fae140000 pid=5294->a8cbecd6-bd97-5c84-8a19-e003bad38bb8 send: 7B guuid=3cf9728a-1800-0000-5f0d-334faf140000 pid=5295->15e00a20-68bc-50b8-9150-48537c8cf84b send: 151B guuid=6065b9a8-1800-0000-5f0d-334fb0140000 pid=5296->15e00a20-68bc-50b8-9150-48537c8cf84b send: 100B guuid=8d658fc9-1800-0000-5f0d-334fba140000 pid=5306->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=736f65ca-1800-0000-5f0d-334fbb140000 pid=5307 /tmp/WTF guuid=8d658fc9-1800-0000-5f0d-334fba140000 pid=5306->guuid=736f65ca-1800-0000-5f0d-334fbb140000 pid=5307 clone guuid=3a486bca-1800-0000-5f0d-334fbc140000 pid=5308 /tmp/WTF guuid=8d658fc9-1800-0000-5f0d-334fba140000 pid=5306->guuid=3a486bca-1800-0000-5f0d-334fbc140000 pid=5308 clone guuid=665071ca-1800-0000-5f0d-334fbd140000 pid=5309 /tmp/WTF net send-data zombie guuid=8d658fc9-1800-0000-5f0d-334fba140000 pid=5306->guuid=665071ca-1800-0000-5f0d-334fbd140000 pid=5309 clone guuid=665071ca-1800-0000-5f0d-334fbd140000 pid=5309->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=665071ca-1800-0000-5f0d-334fbd140000 pid=5309->a8cbecd6-bd97-5c84-8a19-e003bad38bb8 send: 7B guuid=cf9287ca-1800-0000-5f0d-334fbe140000 pid=5310->15e00a20-68bc-50b8-9150-48537c8cf84b send: 151B guuid=cbe79be9-1800-0000-5f0d-334fbf140000 pid=5311->15e00a20-68bc-50b8-9150-48537c8cf84b send: 100B guuid=a9c17f0a-1900-0000-5f0d-334fc2140000 pid=5314->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=de0f7a0b-1900-0000-5f0d-334fc3140000 pid=5315 /tmp/WTF guuid=a9c17f0a-1900-0000-5f0d-334fc2140000 pid=5314->guuid=de0f7a0b-1900-0000-5f0d-334fc3140000 pid=5315 clone guuid=bc707f0b-1900-0000-5f0d-334fc4140000 pid=5316 /tmp/WTF guuid=a9c17f0a-1900-0000-5f0d-334fc2140000 pid=5314->guuid=bc707f0b-1900-0000-5f0d-334fc4140000 pid=5316 clone guuid=5255850b-1900-0000-5f0d-334fc5140000 pid=5317 /tmp/WTF net send-data zombie guuid=a9c17f0a-1900-0000-5f0d-334fc2140000 pid=5314->guuid=5255850b-1900-0000-5f0d-334fc5140000 pid=5317 clone guuid=5255850b-1900-0000-5f0d-334fc5140000 pid=5317->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5255850b-1900-0000-5f0d-334fc5140000 pid=5317->a8cbecd6-bd97-5c84-8a19-e003bad38bb8 send: 7B guuid=2217a00b-1900-0000-5f0d-334fc6140000 pid=5318->15e00a20-68bc-50b8-9150-48537c8cf84b send: 150B guuid=fecbf12a-1900-0000-5f0d-334fc7140000 pid=5319->15e00a20-68bc-50b8-9150-48537c8cf84b send: 99B guuid=2eddf84e-1900-0000-5f0d-334fca140000 pid=5322->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8425b14f-1900-0000-5f0d-334fcb140000 pid=5323 /tmp/WTF guuid=2eddf84e-1900-0000-5f0d-334fca140000 pid=5322->guuid=8425b14f-1900-0000-5f0d-334fcb140000 pid=5323 clone guuid=bc25b84f-1900-0000-5f0d-334fcc140000 pid=5324 /tmp/WTF guuid=2eddf84e-1900-0000-5f0d-334fca140000 pid=5322->guuid=bc25b84f-1900-0000-5f0d-334fcc140000 pid=5324 clone guuid=f894cb4f-1900-0000-5f0d-334fcd140000 pid=5325 /tmp/WTF net send-data zombie guuid=2eddf84e-1900-0000-5f0d-334fca140000 pid=5322->guuid=f894cb4f-1900-0000-5f0d-334fcd140000 pid=5325 clone guuid=f894cb4f-1900-0000-5f0d-334fcd140000 pid=5325->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f894cb4f-1900-0000-5f0d-334fcd140000 pid=5325->a8cbecd6-bd97-5c84-8a19-e003bad38bb8 send: 7B guuid=fdb1db4f-1900-0000-5f0d-334fce140000 pid=5326->15e00a20-68bc-50b8-9150-48537c8cf84b send: 150B guuid=19182560-1900-0000-5f0d-334fcf140000 pid=5327->15e00a20-68bc-50b8-9150-48537c8cf84b send: 99B guuid=4c617e74-1900-0000-5f0d-334fd2140000 pid=5330->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=303ab475-1900-0000-5f0d-334fd3140000 pid=5331 /tmp/WTF guuid=4c617e74-1900-0000-5f0d-334fd2140000 pid=5330->guuid=303ab475-1900-0000-5f0d-334fd3140000 pid=5331 clone guuid=e95ab875-1900-0000-5f0d-334fd4140000 pid=5332 /tmp/WTF guuid=4c617e74-1900-0000-5f0d-334fd2140000 pid=5330->guuid=e95ab875-1900-0000-5f0d-334fd4140000 pid=5332 clone guuid=cc14bd75-1900-0000-5f0d-334fd5140000 pid=5333 /tmp/WTF net send-data zombie guuid=4c617e74-1900-0000-5f0d-334fd2140000 pid=5330->guuid=cc14bd75-1900-0000-5f0d-334fd5140000 pid=5333 clone guuid=cc14bd75-1900-0000-5f0d-334fd5140000 pid=5333->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=cc14bd75-1900-0000-5f0d-334fd5140000 pid=5333->a8cbecd6-bd97-5c84-8a19-e003bad38bb8 send: 7B guuid=51b8ca75-1900-0000-5f0d-334fd6140000 pid=5334->15e00a20-68bc-50b8-9150-48537c8cf84b send: 151B guuid=3af8329d-1900-0000-5f0d-334fd7140000 pid=5335->15e00a20-68bc-50b8-9150-48537c8cf84b send: 100B guuid=2e7d73c4-1900-0000-5f0d-334fe0140000 pid=5344->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=26ee21c5-1900-0000-5f0d-334fe1140000 pid=5345 /tmp/WTF guuid=2e7d73c4-1900-0000-5f0d-334fe0140000 pid=5344->guuid=26ee21c5-1900-0000-5f0d-334fe1140000 pid=5345 clone guuid=2c4a27c5-1900-0000-5f0d-334fe2140000 pid=5346 /tmp/WTF guuid=2e7d73c4-1900-0000-5f0d-334fe0140000 pid=5344->guuid=2c4a27c5-1900-0000-5f0d-334fe2140000 pid=5346 clone guuid=bbe62cc5-1900-0000-5f0d-334fe3140000 pid=5347 /tmp/WTF net send-data zombie guuid=2e7d73c4-1900-0000-5f0d-334fe0140000 pid=5344->guuid=bbe62cc5-1900-0000-5f0d-334fe3140000 pid=5347 clone guuid=bbe62cc5-1900-0000-5f0d-334fe3140000 pid=5347->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=bbe62cc5-1900-0000-5f0d-334fe3140000 pid=5347->a8cbecd6-bd97-5c84-8a19-e003bad38bb8 send: 7B guuid=7c1a3dc5-1900-0000-5f0d-334fe4140000 pid=5348->15e00a20-68bc-50b8-9150-48537c8cf84b send: 150B guuid=d54ef1eb-1900-0000-5f0d-334fec140000 pid=5356->15e00a20-68bc-50b8-9150-48537c8cf84b send: 99B guuid=16b3a614-1a00-0000-5f0d-334f02150000 pid=5378->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=74e54c15-1a00-0000-5f0d-334f03150000 pid=5379 /tmp/WTF guuid=16b3a614-1a00-0000-5f0d-334f02150000 pid=5378->guuid=74e54c15-1a00-0000-5f0d-334f03150000 pid=5379 clone guuid=ccfe5015-1a00-0000-5f0d-334f04150000 pid=5380 /tmp/WTF guuid=16b3a614-1a00-0000-5f0d-334f02150000 pid=5378->guuid=ccfe5015-1a00-0000-5f0d-334f04150000 pid=5380 clone guuid=136d5415-1a00-0000-5f0d-334f05150000 pid=5381 /tmp/WTF net send-data zombie guuid=16b3a614-1a00-0000-5f0d-334f02150000 pid=5378->guuid=136d5415-1a00-0000-5f0d-334f05150000 pid=5381 clone guuid=136d5415-1a00-0000-5f0d-334f05150000 pid=5381->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=136d5415-1a00-0000-5f0d-334f05150000 pid=5381->a8cbecd6-bd97-5c84-8a19-e003bad38bb8 send: 7B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/6473ff099675cd5a7468f1f4bff1d22a3769f6a6d757a91bc87442b193b57b6b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6473ff099675cd5a7468f1f4bff1d22a3769f6a6d757a91bc87442b193b57b6b/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/6473ff099675cd5a7468f1f4bff1d22a3769f6a6d757a91bc87442b193b57b6b
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-01-24 08:01:32 UTC
File Type:
Text (Shell)
AV detection:
22 of 36 (61.11%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mrz76cmwoxgvu5di6h2l74osfi3wt5vg25l2sg6iorblde5vpnvq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/260124-j12lwsbt3d/
Behaviour
Writes file to tmp directory
Reads runtime system information
System Network Configuration Discovery
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/6473ff099675/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.39
Link:
https://yomi.yoroi.company/submissions/6473ff099675cd5a7468f1f4bff1d22a3769f6a6d757a91bc87442b193b57b6b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 6473ff099675cd5a7468f1f4bff1d22a3769f6a6d757a91bc87442b193b57b6b

(this sample)

Mirai

elf 40b6388c7f86ba68b06c768a9cf0c127f74c5f09d261c8a97cac5139fc92d5e9

Mirai

elf fbbbb78af0b286efb5c9d0bc0ec1cee87b1ad3b6ba9f36f7e7e70495129bb3fa

  
URLhaus
https://urlhaus.abuse.ch/url/3762976/
  
Delivery method
Distributed via web download
  
Dropping
MD5 4456a9ef058e727a2da9333372f22ab7
  
Dropping
SHA256 fbbbb78af0b286efb5c9d0bc0ec1cee87b1ad3b6ba9f36f7e7e70495129bb3fa

Comments