MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8a9d9d3e4fd81614dd7895f09072520e7600b38c738293ce45321fec0fc43dc4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments

SHA256 hash: 8a9d9d3e4fd81614dd7895f09072520e7600b38c738293ce45321fec0fc43dc4
SHA3-384 hash: a8e1264ef59d678334a034ed4c460af41d051c26bab343f00362afadb76847457309be842fb9c278a17b57c00ce4747a
SHA1 hash: 1e1eac7d3964c63566829bec6e6b9c5e37857b72
MD5 hash: 58baae9122e1c82906840954a573f1c1
humanhash: carolina-low-uncle-queen
File name:lil
Download: download sample
File size:844 bytes
First seen:2026-07-02 18:36:40 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:kXCKysE2hi0ziQvZoha3u1AOfj36erRqj2+X:e9Qp+Mse1Tfj39dqj2+X
TLSH T1E70163CAC5005E1041ADDA5D26975568F861C3CF165B4FA8FF9C6D39EB58C04B066F88
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://129.121.114.124/KlqKn/an/aelf ua-wget
http://129.121.114.124/Bt7Gn/an/aelf ua-wget
http://129.121.114.124/N5rn/an/aelf ua-wget
http://129.121.114.124/giln/an/aelf ua-wget
http://129.121.114.124/UbMn/an/aelf ua-wget

Intelligence


File Origin
# of uploads :
1
# of downloads :
88
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
downloader evasive mirai
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-07-02T15:46:00Z UTC
Last seen:
2026-07-04T10:06:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.a
Status:
terminated
Behavior Graph:
%3 guuid=070f196e-1900-0000-8957-eb8030140000 pid=5168 /usr/bin/sudo guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169 /tmp/sample.bin write-file guuid=070f196e-1900-0000-8957-eb8030140000 pid=5168->guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169 execve guuid=8f2e8372-1900-0000-8957-eb8032140000 pid=5170 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=8f2e8372-1900-0000-8957-eb8032140000 pid=5170 execve guuid=cec11873-1900-0000-8957-eb8033140000 pid=5171 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=cec11873-1900-0000-8957-eb8033140000 pid=5171 execve guuid=a92c9c73-1900-0000-8957-eb8034140000 pid=5172 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=a92c9c73-1900-0000-8957-eb8034140000 pid=5172 execve guuid=aa291b74-1900-0000-8957-eb8035140000 pid=5173 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=aa291b74-1900-0000-8957-eb8035140000 pid=5173 execve guuid=37ed9c74-1900-0000-8957-eb8036140000 pid=5174 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=37ed9c74-1900-0000-8957-eb8036140000 pid=5174 execve guuid=0b4e2075-1900-0000-8957-eb8037140000 pid=5175 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=0b4e2075-1900-0000-8957-eb8037140000 pid=5175 execve guuid=89eaab75-1900-0000-8957-eb8038140000 pid=5176 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=89eaab75-1900-0000-8957-eb8038140000 pid=5176 execve guuid=30253d76-1900-0000-8957-eb8039140000 pid=5177 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=30253d76-1900-0000-8957-eb8039140000 pid=5177 execve guuid=4c97c576-1900-0000-8957-eb803a140000 pid=5178 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=4c97c576-1900-0000-8957-eb803a140000 pid=5178 execve guuid=2f934b77-1900-0000-8957-eb803b140000 pid=5179 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=2f934b77-1900-0000-8957-eb803b140000 pid=5179 execve guuid=372b0578-1900-0000-8957-eb803c140000 pid=5180 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=372b0578-1900-0000-8957-eb803c140000 pid=5180 execve guuid=f4674979-1900-0000-8957-eb803d140000 pid=5181 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=f4674979-1900-0000-8957-eb803d140000 pid=5181 execve guuid=0724fa79-1900-0000-8957-eb803e140000 pid=5182 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=0724fa79-1900-0000-8957-eb803e140000 pid=5182 execve guuid=2716c87a-1900-0000-8957-eb803f140000 pid=5183 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=2716c87a-1900-0000-8957-eb803f140000 pid=5183 execve guuid=03c4477b-1900-0000-8957-eb8040140000 pid=5184 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=03c4477b-1900-0000-8957-eb8040140000 pid=5184 execve guuid=cc8b127c-1900-0000-8957-eb8041140000 pid=5185 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=cc8b127c-1900-0000-8957-eb8041140000 pid=5185 execve guuid=ba6a8c7c-1900-0000-8957-eb8042140000 pid=5186 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=ba6a8c7c-1900-0000-8957-eb8042140000 pid=5186 execve guuid=0369547d-1900-0000-8957-eb8043140000 pid=5187 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=0369547d-1900-0000-8957-eb8043140000 pid=5187 execve guuid=7fbdd17d-1900-0000-8957-eb8044140000 pid=5188 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=7fbdd17d-1900-0000-8957-eb8044140000 pid=5188 execve guuid=924a507e-1900-0000-8957-eb8045140000 pid=5189 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=924a507e-1900-0000-8957-eb8045140000 pid=5189 execve guuid=214ac47e-1900-0000-8957-eb8046140000 pid=5190 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=214ac47e-1900-0000-8957-eb8046140000 pid=5190 execve guuid=4e6c457f-1900-0000-8957-eb8047140000 pid=5191 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=4e6c457f-1900-0000-8957-eb8047140000 pid=5191 execve guuid=b2eec77f-1900-0000-8957-eb8048140000 pid=5192 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=b2eec77f-1900-0000-8957-eb8048140000 pid=5192 execve guuid=7cca4280-1900-0000-8957-eb8049140000 pid=5193 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=7cca4280-1900-0000-8957-eb8049140000 pid=5193 execve guuid=897dbe80-1900-0000-8957-eb804a140000 pid=5194 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=897dbe80-1900-0000-8957-eb804a140000 pid=5194 execve guuid=bd493e81-1900-0000-8957-eb804b140000 pid=5195 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=bd493e81-1900-0000-8957-eb804b140000 pid=5195 execve guuid=bd56bd81-1900-0000-8957-eb804c140000 pid=5196 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=bd56bd81-1900-0000-8957-eb804c140000 pid=5196 execve guuid=19094382-1900-0000-8957-eb804d140000 pid=5197 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=19094382-1900-0000-8957-eb804d140000 pid=5197 execve guuid=5403be82-1900-0000-8957-eb804e140000 pid=5198 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=5403be82-1900-0000-8957-eb804e140000 pid=5198 execve guuid=7df75983-1900-0000-8957-eb804f140000 pid=5199 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=7df75983-1900-0000-8957-eb804f140000 pid=5199 execve guuid=36c61984-1900-0000-8957-eb8050140000 pid=5200 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=36c61984-1900-0000-8957-eb8050140000 pid=5200 execve guuid=0b9d9c84-1900-0000-8957-eb8051140000 pid=5201 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=0b9d9c84-1900-0000-8957-eb8051140000 pid=5201 execve guuid=5a5d7085-1900-0000-8957-eb8052140000 pid=5202 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=5a5d7085-1900-0000-8957-eb8052140000 pid=5202 execve guuid=ab8aef85-1900-0000-8957-eb8053140000 pid=5203 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=ab8aef85-1900-0000-8957-eb8053140000 pid=5203 execve guuid=aa3fb786-1900-0000-8957-eb8054140000 pid=5204 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=aa3fb786-1900-0000-8957-eb8054140000 pid=5204 execve guuid=6c404087-1900-0000-8957-eb8055140000 pid=5205 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=6c404087-1900-0000-8957-eb8055140000 pid=5205 execve guuid=b2a21688-1900-0000-8957-eb8056140000 pid=5206 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=b2a21688-1900-0000-8957-eb8056140000 pid=5206 execve guuid=a606a788-1900-0000-8957-eb8057140000 pid=5207 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=a606a788-1900-0000-8957-eb8057140000 pid=5207 execve guuid=7d186e89-1900-0000-8957-eb8058140000 pid=5208 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=7d186e89-1900-0000-8957-eb8058140000 pid=5208 execve guuid=f268ee89-1900-0000-8957-eb8059140000 pid=5209 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=f268ee89-1900-0000-8957-eb8059140000 pid=5209 execve guuid=62516d8a-1900-0000-8957-eb805a140000 pid=5210 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=62516d8a-1900-0000-8957-eb805a140000 pid=5210 execve guuid=1dfff18a-1900-0000-8957-eb805b140000 pid=5211 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=1dfff18a-1900-0000-8957-eb805b140000 pid=5211 execve guuid=6613758b-1900-0000-8957-eb805c140000 pid=5212 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=6613758b-1900-0000-8957-eb805c140000 pid=5212 execve guuid=9f79e98b-1900-0000-8957-eb805d140000 pid=5213 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=9f79e98b-1900-0000-8957-eb805d140000 pid=5213 execve guuid=50596b8c-1900-0000-8957-eb805e140000 pid=5214 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=50596b8c-1900-0000-8957-eb805e140000 pid=5214 execve guuid=7671e58c-1900-0000-8957-eb805f140000 pid=5215 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=7671e58c-1900-0000-8957-eb805f140000 pid=5215 execve guuid=2756678d-1900-0000-8957-eb8060140000 pid=5216 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=2756678d-1900-0000-8957-eb8060140000 pid=5216 execve guuid=99f4e28d-1900-0000-8957-eb8061140000 pid=5217 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=99f4e28d-1900-0000-8957-eb8061140000 pid=5217 execve guuid=865d628e-1900-0000-8957-eb8062140000 pid=5218 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=865d628e-1900-0000-8957-eb8062140000 pid=5218 execve guuid=d77be18e-1900-0000-8957-eb8063140000 pid=5219 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=d77be18e-1900-0000-8957-eb8063140000 pid=5219 execve guuid=c0396a8f-1900-0000-8957-eb8064140000 pid=5220 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=c0396a8f-1900-0000-8957-eb8064140000 pid=5220 execve guuid=5adaf78f-1900-0000-8957-eb8065140000 pid=5221 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=5adaf78f-1900-0000-8957-eb8065140000 pid=5221 execve guuid=858fc191-1900-0000-8957-eb8066140000 pid=5222 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=858fc191-1900-0000-8957-eb8066140000 pid=5222 execve guuid=6d7e4292-1900-0000-8957-eb8067140000 pid=5223 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=6d7e4292-1900-0000-8957-eb8067140000 pid=5223 execve guuid=2e55c992-1900-0000-8957-eb8068140000 pid=5224 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=2e55c992-1900-0000-8957-eb8068140000 pid=5224 execve guuid=7b023a93-1900-0000-8957-eb8069140000 pid=5225 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=7b023a93-1900-0000-8957-eb8069140000 pid=5225 execve guuid=0e6eb593-1900-0000-8957-eb806a140000 pid=5226 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=0e6eb593-1900-0000-8957-eb806a140000 pid=5226 execve guuid=2e143394-1900-0000-8957-eb806b140000 pid=5227 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=2e143394-1900-0000-8957-eb806b140000 pid=5227 execve guuid=7c060e95-1900-0000-8957-eb806c140000 pid=5228 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=7c060e95-1900-0000-8957-eb806c140000 pid=5228 execve guuid=766ace95-1900-0000-8957-eb806d140000 pid=5229 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=766ace95-1900-0000-8957-eb806d140000 pid=5229 execve guuid=1083a496-1900-0000-8957-eb806e140000 pid=5230 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=1083a496-1900-0000-8957-eb806e140000 pid=5230 execve guuid=05715b97-1900-0000-8957-eb8071140000 pid=5233 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=05715b97-1900-0000-8957-eb8071140000 pid=5233 execve guuid=8f921c98-1900-0000-8957-eb8076140000 pid=5238 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=8f921c98-1900-0000-8957-eb8076140000 pid=5238 execve guuid=e692bd98-1900-0000-8957-eb8077140000 pid=5239 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=e692bd98-1900-0000-8957-eb8077140000 pid=5239 execve guuid=19877899-1900-0000-8957-eb8078140000 pid=5240 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=19877899-1900-0000-8957-eb8078140000 pid=5240 execve guuid=441e019a-1900-0000-8957-eb8079140000 pid=5241 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=441e019a-1900-0000-8957-eb8079140000 pid=5241 execve guuid=a6fc819a-1900-0000-8957-eb807a140000 pid=5242 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=a6fc819a-1900-0000-8957-eb807a140000 pid=5242 execve guuid=15f0fe9a-1900-0000-8957-eb807b140000 pid=5243 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=15f0fe9a-1900-0000-8957-eb807b140000 pid=5243 execve guuid=24a8839b-1900-0000-8957-eb807c140000 pid=5244 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=24a8839b-1900-0000-8957-eb807c140000 pid=5244 execve guuid=7ab2fe9b-1900-0000-8957-eb807d140000 pid=5245 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=7ab2fe9b-1900-0000-8957-eb807d140000 pid=5245 execve guuid=38c3879c-1900-0000-8957-eb807e140000 pid=5246 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=38c3879c-1900-0000-8957-eb807e140000 pid=5246 execve guuid=02ac0f9d-1900-0000-8957-eb807f140000 pid=5247 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=02ac0f9d-1900-0000-8957-eb807f140000 pid=5247 execve guuid=a7608c9d-1900-0000-8957-eb8080140000 pid=5248 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=a7608c9d-1900-0000-8957-eb8080140000 pid=5248 execve guuid=4f630d9e-1900-0000-8957-eb8081140000 pid=5249 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=4f630d9e-1900-0000-8957-eb8081140000 pid=5249 execve guuid=6250889e-1900-0000-8957-eb8082140000 pid=5250 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=6250889e-1900-0000-8957-eb8082140000 pid=5250 execve guuid=7d6c029f-1900-0000-8957-eb8083140000 pid=5251 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=7d6c029f-1900-0000-8957-eb8083140000 pid=5251 execve guuid=3fa5859f-1900-0000-8957-eb8084140000 pid=5252 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=3fa5859f-1900-0000-8957-eb8084140000 pid=5252 execve guuid=d8300aa0-1900-0000-8957-eb8085140000 pid=5253 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=d8300aa0-1900-0000-8957-eb8085140000 pid=5253 execve guuid=8dcd86a0-1900-0000-8957-eb8086140000 pid=5254 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=8dcd86a0-1900-0000-8957-eb8086140000 pid=5254 execve guuid=fe4c16a1-1900-0000-8957-eb8087140000 pid=5255 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=fe4c16a1-1900-0000-8957-eb8087140000 pid=5255 execve guuid=0559a9a1-1900-0000-8957-eb8088140000 pid=5256 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=0559a9a1-1900-0000-8957-eb8088140000 pid=5256 execve guuid=6f1336a2-1900-0000-8957-eb8089140000 pid=5257 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=6f1336a2-1900-0000-8957-eb8089140000 pid=5257 execve guuid=27d6c1a2-1900-0000-8957-eb808a140000 pid=5258 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=27d6c1a2-1900-0000-8957-eb808a140000 pid=5258 execve guuid=945155a3-1900-0000-8957-eb808b140000 pid=5259 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=945155a3-1900-0000-8957-eb808b140000 pid=5259 execve guuid=6197eba3-1900-0000-8957-eb808c140000 pid=5260 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=6197eba3-1900-0000-8957-eb808c140000 pid=5260 execve guuid=fc595fa4-1900-0000-8957-eb808d140000 pid=5261 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=fc595fa4-1900-0000-8957-eb808d140000 pid=5261 execve guuid=40cdd1a4-1900-0000-8957-eb808e140000 pid=5262 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=40cdd1a4-1900-0000-8957-eb808e140000 pid=5262 execve guuid=5d3453a5-1900-0000-8957-eb808f140000 pid=5263 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=5d3453a5-1900-0000-8957-eb808f140000 pid=5263 execve guuid=e471cda5-1900-0000-8957-eb8090140000 pid=5264 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=e471cda5-1900-0000-8957-eb8090140000 pid=5264 execve guuid=14fb67a6-1900-0000-8957-eb8091140000 pid=5265 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=14fb67a6-1900-0000-8957-eb8091140000 pid=5265 execve guuid=4f0e52a7-1900-0000-8957-eb8092140000 pid=5266 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=4f0e52a7-1900-0000-8957-eb8092140000 pid=5266 execve guuid=7c6720a8-1900-0000-8957-eb8093140000 pid=5267 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=7c6720a8-1900-0000-8957-eb8093140000 pid=5267 execve guuid=72479fa8-1900-0000-8957-eb8094140000 pid=5268 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=72479fa8-1900-0000-8957-eb8094140000 pid=5268 execve guuid=d01225a9-1900-0000-8957-eb8095140000 pid=5269 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=d01225a9-1900-0000-8957-eb8095140000 pid=5269 execve guuid=d7679ea9-1900-0000-8957-eb8096140000 pid=5270 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=d7679ea9-1900-0000-8957-eb8096140000 pid=5270 execve guuid=a36e17aa-1900-0000-8957-eb8097140000 pid=5271 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=a36e17aa-1900-0000-8957-eb8097140000 pid=5271 execve guuid=b2908aaa-1900-0000-8957-eb8098140000 pid=5272 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=b2908aaa-1900-0000-8957-eb8098140000 pid=5272 execve guuid=dab805ab-1900-0000-8957-eb8099140000 pid=5273 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=dab805ab-1900-0000-8957-eb8099140000 pid=5273 execve guuid=a15f87ab-1900-0000-8957-eb809a140000 pid=5274 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=a15f87ab-1900-0000-8957-eb809a140000 pid=5274 execve guuid=e0af08ac-1900-0000-8957-eb809b140000 pid=5275 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=e0af08ac-1900-0000-8957-eb809b140000 pid=5275 execve guuid=113395ac-1900-0000-8957-eb809c140000 pid=5276 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=113395ac-1900-0000-8957-eb809c140000 pid=5276 execve guuid=09110aad-1900-0000-8957-eb809d140000 pid=5277 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=09110aad-1900-0000-8957-eb809d140000 pid=5277 execve guuid=60347cad-1900-0000-8957-eb809e140000 pid=5278 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=60347cad-1900-0000-8957-eb809e140000 pid=5278 execve guuid=4ad8fcad-1900-0000-8957-eb809f140000 pid=5279 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=4ad8fcad-1900-0000-8957-eb809f140000 pid=5279 execve guuid=dbd47aae-1900-0000-8957-eb80a0140000 pid=5280 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=dbd47aae-1900-0000-8957-eb80a0140000 pid=5280 execve guuid=ab1ff5ae-1900-0000-8957-eb80a1140000 pid=5281 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=ab1ff5ae-1900-0000-8957-eb80a1140000 pid=5281 execve guuid=cfca73af-1900-0000-8957-eb80a2140000 pid=5282 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=cfca73af-1900-0000-8957-eb80a2140000 pid=5282 execve guuid=75c1f5af-1900-0000-8957-eb80a3140000 pid=5283 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=75c1f5af-1900-0000-8957-eb80a3140000 pid=5283 execve guuid=2e8881b0-1900-0000-8957-eb80a4140000 pid=5284 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=2e8881b0-1900-0000-8957-eb80a4140000 pid=5284 execve guuid=8e62fcb0-1900-0000-8957-eb80a5140000 pid=5285 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=8e62fcb0-1900-0000-8957-eb80a5140000 pid=5285 execve guuid=a1c57bb1-1900-0000-8957-eb80a6140000 pid=5286 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=a1c57bb1-1900-0000-8957-eb80a6140000 pid=5286 execve guuid=e037eeb1-1900-0000-8957-eb80a7140000 pid=5287 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=e037eeb1-1900-0000-8957-eb80a7140000 pid=5287 execve guuid=5d676eb2-1900-0000-8957-eb80a8140000 pid=5288 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=5d676eb2-1900-0000-8957-eb80a8140000 pid=5288 execve guuid=a797e8b2-1900-0000-8957-eb80a9140000 pid=5289 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=a797e8b2-1900-0000-8957-eb80a9140000 pid=5289 execve guuid=ee6a5eb3-1900-0000-8957-eb80aa140000 pid=5290 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=ee6a5eb3-1900-0000-8957-eb80aa140000 pid=5290 execve guuid=3ee7d9b3-1900-0000-8957-eb80ab140000 pid=5291 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=3ee7d9b3-1900-0000-8957-eb80ab140000 pid=5291 execve guuid=bf505ab4-1900-0000-8957-eb80ac140000 pid=5292 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=bf505ab4-1900-0000-8957-eb80ac140000 pid=5292 execve guuid=d444e2b4-1900-0000-8957-eb80ad140000 pid=5293 /usr/bin/ls guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=d444e2b4-1900-0000-8957-eb80ad140000 pid=5293 execve guuid=df4673b5-1900-0000-8957-eb80ae140000 pid=5294 /usr/bin/rm guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=df4673b5-1900-0000-8957-eb80ae140000 pid=5294 execve guuid=6142cbb5-1900-0000-8957-eb80af140000 pid=5295 /usr/bin/wget net send-data write-file guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=6142cbb5-1900-0000-8957-eb80af140000 pid=5295 execve guuid=4d6f3ecf-1900-0000-8957-eb80b0140000 pid=5296 /usr/bin/chmod guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=4d6f3ecf-1900-0000-8957-eb80b0140000 pid=5296 execve guuid=236e9dcf-1900-0000-8957-eb80b1140000 pid=5297 /usr/bin/dash guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=236e9dcf-1900-0000-8957-eb80b1140000 pid=5297 clone guuid=7cc8a1d0-1900-0000-8957-eb80b3140000 pid=5299 /usr/bin/rm guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=7cc8a1d0-1900-0000-8957-eb80b3140000 pid=5299 execve guuid=0f99fad0-1900-0000-8957-eb80b4140000 pid=5300 /usr/bin/wget net send-data write-file guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=0f99fad0-1900-0000-8957-eb80b4140000 pid=5300 execve guuid=437deeea-1900-0000-8957-eb80b5140000 pid=5301 /usr/bin/chmod guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=437deeea-1900-0000-8957-eb80b5140000 pid=5301 execve guuid=8a554beb-1900-0000-8957-eb80b6140000 pid=5302 /usr/bin/dash guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=8a554beb-1900-0000-8957-eb80b6140000 pid=5302 clone guuid=85da40ec-1900-0000-8957-eb80b8140000 pid=5304 /usr/bin/rm guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=85da40ec-1900-0000-8957-eb80b8140000 pid=5304 execve guuid=d7cbacec-1900-0000-8957-eb80b9140000 pid=5305 /usr/bin/wget net send-data write-file guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=d7cbacec-1900-0000-8957-eb80b9140000 pid=5305 execve guuid=69d42a0e-1a00-0000-8957-eb80ba140000 pid=5306 /usr/bin/chmod guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=69d42a0e-1a00-0000-8957-eb80ba140000 pid=5306 execve guuid=54b79e0e-1a00-0000-8957-eb80bb140000 pid=5307 /usr/bin/dash guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=54b79e0e-1a00-0000-8957-eb80bb140000 pid=5307 clone guuid=165b6218-1a00-0000-8957-eb80bd140000 pid=5309 /usr/bin/rm guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=165b6218-1a00-0000-8957-eb80bd140000 pid=5309 execve guuid=0a26281d-1a00-0000-8957-eb80be140000 pid=5310 /usr/bin/wget net send-data write-file guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=0a26281d-1a00-0000-8957-eb80be140000 pid=5310 execve guuid=7c31563c-1a00-0000-8957-eb80bf140000 pid=5311 /usr/bin/chmod guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=7c31563c-1a00-0000-8957-eb80bf140000 pid=5311 execve guuid=f4545d3f-1a00-0000-8957-eb80c0140000 pid=5312 /usr/bin/dash guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=f4545d3f-1a00-0000-8957-eb80c0140000 pid=5312 clone guuid=26c75c40-1a00-0000-8957-eb80c2140000 pid=5314 /usr/bin/rm guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=26c75c40-1a00-0000-8957-eb80c2140000 pid=5314 execve guuid=4e4ecc40-1a00-0000-8957-eb80c3140000 pid=5315 /usr/bin/wget net send-data write-file guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=4e4ecc40-1a00-0000-8957-eb80c3140000 pid=5315 execve guuid=9a3aac5f-1a00-0000-8957-eb80c4140000 pid=5316 /usr/bin/chmod guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=9a3aac5f-1a00-0000-8957-eb80c4140000 pid=5316 execve guuid=a15afb5f-1a00-0000-8957-eb80c5140000 pid=5317 /usr/bin/dash guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=a15afb5f-1a00-0000-8957-eb80c5140000 pid=5317 clone guuid=6a3fe061-1a00-0000-8957-eb80c7140000 pid=5319 /usr/bin/rm delete-file guuid=78adee71-1900-0000-8957-eb8031140000 pid=5169->guuid=6a3fe061-1a00-0000-8957-eb80c7140000 pid=5319 execve 801186e6-5fe8-5959-a7b4-832d8d66e7aa 129.121.114.124:80 guuid=6142cbb5-1900-0000-8957-eb80af140000 pid=5295->801186e6-5fe8-5959-a7b4-832d8d66e7aa send: 134B guuid=0f99fad0-1900-0000-8957-eb80b4140000 pid=5300->801186e6-5fe8-5959-a7b4-832d8d66e7aa send: 134B guuid=d7cbacec-1900-0000-8957-eb80b9140000 pid=5305->801186e6-5fe8-5959-a7b4-832d8d66e7aa send: 133B guuid=0a26281d-1a00-0000-8957-eb80be140000 pid=5310->801186e6-5fe8-5959-a7b4-832d8d66e7aa send: 133B guuid=4e4ecc40-1a00-0000-8957-eb80c3140000 pid=5315->801186e6-5fe8-5959-a7b4-832d8d66e7aa send: 133B
Threat name:
Win32.Trojan.Vigorf
Status:
Malicious
First seen:
2026-07-02 18:37:43 UTC
File Type:
Text (Shell)
AV detection:
8 of 23 (34.78%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery linux
Behaviour
Reads runtime system information
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 8a9d9d3e4fd81614dd7895f09072520e7600b38c738293ce45321fec0fc43dc4

(this sample)

  
Delivery method
Distributed via web download

Comments