MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 862983e55f8be580463b19aed7c0bb24a846c127376e01965f4a2e93c18ae235. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 862983e55f8be580463b19aed7c0bb24a846c127376e01965f4a2e93c18ae235
SHA3-384 hash: 3fe2af6d3ac3d1f5d89a44b9335799bf226f789e3cf02f3b3bb9635264d680c2c1546e9b8dfbefc88e82eaea7f3c0b6b
SHA1 hash: 06a34556821f563381f0164b2b2e260c0c13e5e4
MD5 hash: 48bc982b3a99adc38fd9aa0ffaaa984f
humanhash: leopard-fanta-single-don
File name:0x83911d24Fx.sh
Download: download sample
File size:2'457 bytes
First seen:2025-06-28 08:53:39 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:q0FWj8cPFKX0F/ZhBxCMFKX0FliIpYFKX0FyUeFKX0FvLBHJFKX0Fji78FsFKX0Z:v0/LXCWllEMZjH2z/I1Co2+4fj
TLSH T1605190C63293C73A3C61942B71E6007CF298949954C97F61FBF87CE8928CD4831D9AA3
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://45.125.66.90/LjEZs/uYtea.x86n/an/acensys elf ua-wget
http://45.125.66.90/LjEZs/uYtea.mipsn/an/acensys elf ua-wget
http://45.125.66.90/LjEZs/uYtea.mpsln/an/acensys elf ua-wget
http://45.125.66.90/LjEZs/uYtea.armn/an/acensys elf ua-wget
http://45.125.66.90/LjEZs/uYtea.arm5n/an/acensys elf ua-wget
http://45.125.66.90/LjEZs/uYtea.arm6n/an/acensys elf ua-wget
http://45.125.66.90/LjEZs/uYtea.arm7n/an/acensys elf ua-wget
http://45.125.66.90/LjEZs/uYtea.ppcn/an/acensys elf ua-wget
http://45.125.66.90/LjEZs/uYtea.m68kn/an/acensys elf ua-wget
http://45.125.66.90/LjEZs/uYtea.sh4n/an/acensys elf ua-wget
http://45.125.66.90/LjEZs/uYtea.spcn/an/acensys elf ua-wget
http://45.125.66.90/LjEZs/uYtea.arcn/an/acensys elf ua-wget
http://45.125.66.90/LjEZs/uYtea.x86_64n/an/acensys elf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
68
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=685fadc20fceda814b46950clinux22vpnfull_triage
Tags:
downloader trojan agent
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/0a31b568-6337-46a8-a44f-d12d954e7bd3
Behavior Graph:
Download SVG
%3 guuid=1e7c3a58-1900-0000-b8eb-e64301100000 pid=4097 /usr/bin/sudo guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108 /tmp/sample.bin guuid=1e7c3a58-1900-0000-b8eb-e64301100000 pid=4097->guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108 execve guuid=11e17a5a-1900-0000-b8eb-e6430e100000 pid=4110 /usr/bin/wget net send-data guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=11e17a5a-1900-0000-b8eb-e6430e100000 pid=4110 execve guuid=78cfa763-1900-0000-b8eb-e6432d100000 pid=4141 /usr/bin/curl net send-data write-file guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=78cfa763-1900-0000-b8eb-e6432d100000 pid=4141 execve guuid=95940c74-1900-0000-b8eb-e6435c100000 pid=4188 /usr/bin/cat guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=95940c74-1900-0000-b8eb-e6435c100000 pid=4188 execve guuid=d7d34c74-1900-0000-b8eb-e6435e100000 pid=4190 /usr/bin/chmod guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=d7d34c74-1900-0000-b8eb-e6435e100000 pid=4190 execve guuid=f83f8774-1900-0000-b8eb-e64360100000 pid=4192 /usr/bin/bash guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=f83f8774-1900-0000-b8eb-e64360100000 pid=4192 clone guuid=6163a974-1900-0000-b8eb-e64361100000 pid=4193 /usr/bin/wget net send-data guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=6163a974-1900-0000-b8eb-e64361100000 pid=4193 execve guuid=babe7b7e-1900-0000-b8eb-e64384100000 pid=4228 /usr/bin/curl net send-data write-file guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=babe7b7e-1900-0000-b8eb-e64384100000 pid=4228 execve guuid=bf0e7987-1900-0000-b8eb-e6439d100000 pid=4253 /usr/bin/cat guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=bf0e7987-1900-0000-b8eb-e6439d100000 pid=4253 execve guuid=05a72188-1900-0000-b8eb-e643a1100000 pid=4257 /usr/bin/chmod guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=05a72188-1900-0000-b8eb-e643a1100000 pid=4257 execve guuid=c5947e88-1900-0000-b8eb-e643a3100000 pid=4259 /usr/bin/bash guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=c5947e88-1900-0000-b8eb-e643a3100000 pid=4259 clone guuid=23efbc88-1900-0000-b8eb-e643a4100000 pid=4260 /usr/bin/wget net send-data guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=23efbc88-1900-0000-b8eb-e643a4100000 pid=4260 execve guuid=c51d9390-1900-0000-b8eb-e643bb100000 pid=4283 /usr/bin/curl net send-data write-file guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=c51d9390-1900-0000-b8eb-e643bb100000 pid=4283 execve guuid=1ddc609a-1900-0000-b8eb-e643dd100000 pid=4317 /usr/bin/cat guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=1ddc609a-1900-0000-b8eb-e643dd100000 pid=4317 execve guuid=c9a9bb9a-1900-0000-b8eb-e643df100000 pid=4319 /usr/bin/chmod guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=c9a9bb9a-1900-0000-b8eb-e643df100000 pid=4319 execve guuid=56f9279b-1900-0000-b8eb-e643e3100000 pid=4323 /usr/bin/bash guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=56f9279b-1900-0000-b8eb-e643e3100000 pid=4323 clone guuid=8f95629b-1900-0000-b8eb-e643e4100000 pid=4324 /usr/bin/wget net send-data guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=8f95629b-1900-0000-b8eb-e643e4100000 pid=4324 execve guuid=e306b4a2-1900-0000-b8eb-e64303110000 pid=4355 /usr/bin/curl net send-data write-file guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=e306b4a2-1900-0000-b8eb-e64303110000 pid=4355 execve guuid=a323e3aa-1900-0000-b8eb-e64327110000 pid=4391 /usr/bin/cat guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=a323e3aa-1900-0000-b8eb-e64327110000 pid=4391 execve guuid=086a3aab-1900-0000-b8eb-e6432b110000 pid=4395 /usr/bin/chmod guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=086a3aab-1900-0000-b8eb-e6432b110000 pid=4395 execve guuid=386fbeab-1900-0000-b8eb-e6432d110000 pid=4397 /usr/bin/bash guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=386fbeab-1900-0000-b8eb-e6432d110000 pid=4397 clone guuid=82ae0fac-1900-0000-b8eb-e6432f110000 pid=4399 /usr/bin/wget net send-data guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=82ae0fac-1900-0000-b8eb-e6432f110000 pid=4399 execve guuid=75dcd1b3-1900-0000-b8eb-e6434e110000 pid=4430 /usr/bin/curl net send-data write-file guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=75dcd1b3-1900-0000-b8eb-e6434e110000 pid=4430 execve guuid=aa0c71be-1900-0000-b8eb-e6437a110000 pid=4474 /usr/bin/cat guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=aa0c71be-1900-0000-b8eb-e6437a110000 pid=4474 execve guuid=7819b6be-1900-0000-b8eb-e6437c110000 pid=4476 /usr/bin/chmod guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=7819b6be-1900-0000-b8eb-e6437c110000 pid=4476 execve guuid=3eeaf9be-1900-0000-b8eb-e6437e110000 pid=4478 /usr/bin/bash guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=3eeaf9be-1900-0000-b8eb-e6437e110000 pid=4478 clone guuid=1dc91cbf-1900-0000-b8eb-e64380110000 pid=4480 /usr/bin/wget net send-data guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=1dc91cbf-1900-0000-b8eb-e64380110000 pid=4480 execve guuid=27250ac6-1900-0000-b8eb-e6439b110000 pid=4507 /usr/bin/curl net send-data write-file guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=27250ac6-1900-0000-b8eb-e6439b110000 pid=4507 execve guuid=4fa1e1cd-1900-0000-b8eb-e643b0110000 pid=4528 /usr/bin/cat guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=4fa1e1cd-1900-0000-b8eb-e643b0110000 pid=4528 execve guuid=f1fb29ce-1900-0000-b8eb-e643b1110000 pid=4529 /usr/bin/chmod guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=f1fb29ce-1900-0000-b8eb-e643b1110000 pid=4529 execve guuid=9a5969ce-1900-0000-b8eb-e643b3110000 pid=4531 /usr/bin/bash guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=9a5969ce-1900-0000-b8eb-e643b3110000 pid=4531 clone guuid=430387ce-1900-0000-b8eb-e643b4110000 pid=4532 /usr/bin/wget net send-data guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=430387ce-1900-0000-b8eb-e643b4110000 pid=4532 execve guuid=4efcb1d5-1900-0000-b8eb-e643d5110000 pid=4565 /usr/bin/curl net send-data write-file guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=4efcb1d5-1900-0000-b8eb-e643d5110000 pid=4565 execve guuid=d6ff05e2-1900-0000-b8eb-e6430f120000 pid=4623 /usr/bin/cat guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=d6ff05e2-1900-0000-b8eb-e6430f120000 pid=4623 execve guuid=80de8515-1a00-0000-b8eb-e64359120000 pid=4697 /usr/bin/chmod guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=80de8515-1a00-0000-b8eb-e64359120000 pid=4697 execve guuid=a3051716-1a00-0000-b8eb-e6435d120000 pid=4701 /usr/bin/bash guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=a3051716-1a00-0000-b8eb-e6435d120000 pid=4701 clone guuid=49878816-1a00-0000-b8eb-e64361120000 pid=4705 /usr/bin/wget net send-data guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=49878816-1a00-0000-b8eb-e64361120000 pid=4705 execve guuid=78ab1c1e-1a00-0000-b8eb-e64375120000 pid=4725 /usr/bin/curl net send-data write-file guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=78ab1c1e-1a00-0000-b8eb-e64375120000 pid=4725 execve guuid=2cb59027-1a00-0000-b8eb-e64395120000 pid=4757 /usr/bin/cat guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=2cb59027-1a00-0000-b8eb-e64395120000 pid=4757 execve guuid=7a57f827-1a00-0000-b8eb-e64398120000 pid=4760 /usr/bin/chmod guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=7a57f827-1a00-0000-b8eb-e64398120000 pid=4760 execve guuid=74b45a28-1a00-0000-b8eb-e6439a120000 pid=4762 /usr/bin/bash guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=74b45a28-1a00-0000-b8eb-e6439a120000 pid=4762 clone guuid=37469528-1a00-0000-b8eb-e6439c120000 pid=4764 /usr/bin/wget net send-data guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=37469528-1a00-0000-b8eb-e6439c120000 pid=4764 execve guuid=8c913030-1a00-0000-b8eb-e643ae120000 pid=4782 /usr/bin/curl net send-data write-file guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=8c913030-1a00-0000-b8eb-e643ae120000 pid=4782 execve guuid=00cbcf39-1a00-0000-b8eb-e643cb120000 pid=4811 /usr/bin/cat guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=00cbcf39-1a00-0000-b8eb-e643cb120000 pid=4811 execve guuid=c81d2d3a-1a00-0000-b8eb-e643cc120000 pid=4812 /usr/bin/chmod guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=c81d2d3a-1a00-0000-b8eb-e643cc120000 pid=4812 execve guuid=d2b9893a-1a00-0000-b8eb-e643ce120000 pid=4814 /usr/bin/bash guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=d2b9893a-1a00-0000-b8eb-e643ce120000 pid=4814 clone guuid=41f7b63a-1a00-0000-b8eb-e643d0120000 pid=4816 /usr/bin/wget net send-data guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=41f7b63a-1a00-0000-b8eb-e643d0120000 pid=4816 execve guuid=127ba942-1a00-0000-b8eb-e643e9120000 pid=4841 /usr/bin/curl net send-data write-file guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=127ba942-1a00-0000-b8eb-e643e9120000 pid=4841 execve guuid=a6e4ed4e-1a00-0000-b8eb-e64309130000 pid=4873 /usr/bin/cat guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=a6e4ed4e-1a00-0000-b8eb-e64309130000 pid=4873 execve guuid=dbe8714f-1a00-0000-b8eb-e6430c130000 pid=4876 /usr/bin/chmod guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=dbe8714f-1a00-0000-b8eb-e6430c130000 pid=4876 execve guuid=44d6fd4f-1a00-0000-b8eb-e6430e130000 pid=4878 /usr/bin/bash guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=44d6fd4f-1a00-0000-b8eb-e6430e130000 pid=4878 clone guuid=575c5150-1a00-0000-b8eb-e64310130000 pid=4880 /usr/bin/wget net send-data guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=575c5150-1a00-0000-b8eb-e64310130000 pid=4880 execve guuid=eb41d457-1a00-0000-b8eb-e64322130000 pid=4898 /usr/bin/curl net send-data write-file guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=eb41d457-1a00-0000-b8eb-e64322130000 pid=4898 execve guuid=e7881a61-1a00-0000-b8eb-e64337130000 pid=4919 /usr/bin/cat guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=e7881a61-1a00-0000-b8eb-e64337130000 pid=4919 execve guuid=8cd5ba61-1a00-0000-b8eb-e64339130000 pid=4921 /usr/bin/chmod guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=8cd5ba61-1a00-0000-b8eb-e64339130000 pid=4921 execve guuid=4d695762-1a00-0000-b8eb-e6433c130000 pid=4924 /usr/bin/bash guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=4d695762-1a00-0000-b8eb-e6433c130000 pid=4924 clone guuid=2d6c9d62-1a00-0000-b8eb-e6433d130000 pid=4925 /usr/bin/wget net send-data guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=2d6c9d62-1a00-0000-b8eb-e6433d130000 pid=4925 execve guuid=a6086a6a-1a00-0000-b8eb-e64351130000 pid=4945 /usr/bin/curl net send-data write-file guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=a6086a6a-1a00-0000-b8eb-e64351130000 pid=4945 execve guuid=55337f72-1a00-0000-b8eb-e64366130000 pid=4966 /usr/bin/cat guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=55337f72-1a00-0000-b8eb-e64366130000 pid=4966 execve guuid=192a0073-1a00-0000-b8eb-e64368130000 pid=4968 /usr/bin/chmod guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=192a0073-1a00-0000-b8eb-e64368130000 pid=4968 execve guuid=20757b73-1a00-0000-b8eb-e6436a130000 pid=4970 /usr/bin/bash guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=20757b73-1a00-0000-b8eb-e6436a130000 pid=4970 clone guuid=3325bb73-1a00-0000-b8eb-e6436c130000 pid=4972 /usr/bin/wget net send-data guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=3325bb73-1a00-0000-b8eb-e6436c130000 pid=4972 execve guuid=aaef677f-1a00-0000-b8eb-e64387130000 pid=4999 /usr/bin/curl net send-data write-file guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=aaef677f-1a00-0000-b8eb-e64387130000 pid=4999 execve guuid=f4792888-1a00-0000-b8eb-e6439b130000 pid=5019 /usr/bin/cat guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=f4792888-1a00-0000-b8eb-e6439b130000 pid=5019 execve guuid=01fbad88-1a00-0000-b8eb-e6439e130000 pid=5022 /usr/bin/chmod guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=01fbad88-1a00-0000-b8eb-e6439e130000 pid=5022 execve guuid=de9a3689-1a00-0000-b8eb-e643a0130000 pid=5024 /usr/bin/bash guuid=ba7b145a-1900-0000-b8eb-e6430c100000 pid=4108->guuid=de9a3689-1a00-0000-b8eb-e643a0130000 pid=5024 clone d4397235-db59-5ea7-bbe2-8e3d89efa460 45.125.66.90:80 guuid=11e17a5a-1900-0000-b8eb-e6430e100000 pid=4110->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 142B guuid=78cfa763-1900-0000-b8eb-e6432d100000 pid=4141->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 91B guuid=6163a974-1900-0000-b8eb-e64361100000 pid=4193->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 143B guuid=babe7b7e-1900-0000-b8eb-e64384100000 pid=4228->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 92B guuid=23efbc88-1900-0000-b8eb-e643a4100000 pid=4260->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 143B guuid=c51d9390-1900-0000-b8eb-e643bb100000 pid=4283->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 92B guuid=8f95629b-1900-0000-b8eb-e643e4100000 pid=4324->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 142B guuid=e306b4a2-1900-0000-b8eb-e64303110000 pid=4355->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 91B guuid=82ae0fac-1900-0000-b8eb-e6432f110000 pid=4399->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 143B guuid=75dcd1b3-1900-0000-b8eb-e6434e110000 pid=4430->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 92B guuid=1dc91cbf-1900-0000-b8eb-e64380110000 pid=4480->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 143B guuid=27250ac6-1900-0000-b8eb-e6439b110000 pid=4507->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 92B guuid=430387ce-1900-0000-b8eb-e643b4110000 pid=4532->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 143B guuid=4efcb1d5-1900-0000-b8eb-e643d5110000 pid=4565->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 92B guuid=49878816-1a00-0000-b8eb-e64361120000 pid=4705->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 142B guuid=78ab1c1e-1a00-0000-b8eb-e64375120000 pid=4725->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 91B guuid=37469528-1a00-0000-b8eb-e6439c120000 pid=4764->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 143B guuid=8c913030-1a00-0000-b8eb-e643ae120000 pid=4782->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 92B guuid=41f7b63a-1a00-0000-b8eb-e643d0120000 pid=4816->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 142B guuid=127ba942-1a00-0000-b8eb-e643e9120000 pid=4841->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 91B guuid=575c5150-1a00-0000-b8eb-e64310130000 pid=4880->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 142B guuid=eb41d457-1a00-0000-b8eb-e64322130000 pid=4898->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 91B guuid=2d6c9d62-1a00-0000-b8eb-e6433d130000 pid=4925->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 142B guuid=a6086a6a-1a00-0000-b8eb-e64351130000 pid=4945->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 91B guuid=3325bb73-1a00-0000-b8eb-e6436c130000 pid=4972->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 145B guuid=aaef677f-1a00-0000-b8eb-e64387130000 pid=4999->d4397235-db59-5ea7-bbe2-8e3d89efa460 send: 94B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/862983e55f8be580463b19aed7c0bb24a846c127376e01965f4a2e93c18ae235
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/862983e55f8be580463b19aed7c0bb24a846c127376e01965f4a2e93c18ae235/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/862983e55f8be580463b19aed7c0bb24a846c127376e01965f4a2e93c18ae235
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-06-28 08:54:26 UTC
File Type:
Text (Shell)
AV detection:
23 of 37 (62.16%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qyuyhzk7rpsyarr3dgxnpqf3esuenqjhg5xadfs7jixjhqmk4i2q._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux
Link:
https://tria.ge/reports/250628-kt3faa1zdw/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/862983e55f8b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/862983e55f8be580463b19aed7c0bb24a846c127376e01965f4a2e93c18ae235

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 86cb8249ca6048013d76543c3dae4a16b0519dc96491de344fdf363ab05bb623

sh 862983e55f8be580463b19aed7c0bb24a846c127376e01965f4a2e93c18ae235

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3570977/
  
Delivery method
Distributed via web download
  
Dropped by
SHA256 86cb8249ca6048013d76543c3dae4a16b0519dc96491de344fdf363ab05bb623
  
Dropped by
MD5 3c931b0372a3ce0d8125e5d8bb425224
  
URLhaus
https://urlhaus.abuse.ch/url/3570982/

Comments