MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8b5d5b7d29590f6700afe2300561b4d62466038a000c5f328b93ce2129a21a82. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8b5d5b7d29590f6700afe2300561b4d62466038a000c5f328b93ce2129a21a82
SHA3-384 hash: 618aecb107f13fa69b10177316b6a922a1eb030ddd23d149ed19343cb4e04fbd5d861b0fb116230e884f1945bfbfb03e
SHA1 hash: c310f9c5cfa97f306e154b39e1693e4c8e3b2063
MD5 hash: ae0eb577e5d6551d153d35257fa88bdd
humanhash: uranus-lithium-oxygen-two
File name:ohshit.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'940 bytes
First seen:2026-01-31 16:27:11 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:vn/7K/7N7hn/t/6Gn/gV/zPn/d/KWn/r/oUn/7r/7o7Un/fc/3bn/a/9Rn/P/cg3:vn/7K/7N7hn/t/6Gn/gV/zPn/d/KWn/h
TLSH T1A1518989A1444C303CAB6E13E7F6813C388195676CF5FF99DEE4B5E4494EE1871847A3
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://130.193.34.57/hiddenbin/boatnet.x869b3ac5f7f52633479bcc2d5d853ab38bb326ed52a7b9acca47a80cfb403909bd Miraielf mirai ua-wget
http://130.193.34.57/hiddenbin/boatnet.mips3406a744f369fa8743761b568a5904853eeb12ba732bda92478330b280fa3283 Miraielf mirai ua-wget
http://130.193.34.57/hiddenbin/boatnet.arc93a20b4053f77a503602816a0c36cd7e44eb2c66c50ffcf688dadecd0596d1d7 Miraielf mirai ua-wget
http://130.193.34.57/hiddenbin/boatnet.i468n/an/aelf ua-wget
http://130.193.34.57/hiddenbin/boatnet.i686n/an/aelf ua-wget
http://130.193.34.57/hiddenbin/boatnet.x86_64n/an/aelf ua-wget
http://130.193.34.57/hiddenbin/boatnet.mpsl49980dbb7cd975261b6e19b49fd2f6c6f780e7831624ec5e8b728a14ab928336 Miraielf mirai ua-wget
http://130.193.34.57/hiddenbin/boatnet.arm54dee15b51ebe5e6e132de9b5090b5f1abc2638f953bc082ff071ddd216eec9e Mirai32-bit elf mirai Mozi
http://130.193.34.57/hiddenbin/boatnet.arm59b026b8f0b5e85aec2143e4688b8e6bef572605dfed562af0acd35d160a8b2ab Miraielf mirai ua-wget
http://130.193.34.57/hiddenbin/boatnet.arm68fbfa523a9ea5d080c945ed43bbacbdc9a3846a55d6cd0e3c1b3f2fb0a00e074 Miraielf mirai ua-wget
http://130.193.34.57/hiddenbin/boatnet.arm735f42e78296f3e8635799d75a697e44a0b3a2d1d53dd9507d29f05fcc54922eb Miraielf mirai ua-wget
http://130.193.34.57/hiddenbin/boatnet.ppc3cacdf6058f10e1040c1e4a72c71bfe06d5d54ebec0aa5063933d62362b3e11c Miraielf mirai ua-wget
http://130.193.34.57/hiddenbin/boatnet.spcn/an/aelf ua-wget
http://130.193.34.57/hiddenbin/boatnet.m68k2faf6730d2a2f1d41b62763050900e9b82fb7e62df352624645b9064abc847ac Miraielf mirai ua-wget
http://130.193.34.57/hiddenbin/boatnet.sh494456a74ff20f531e6fc9b8c43086e5af0198f550edf699415bda40c6a7f9f18 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
43
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2026-01-28T22:20:00Z UTC
Last seen:
2026-02-01T04:02:00Z UTC
Hits:
~100
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/8b5d5b7d29590f6700afe2300561b4d62466038a000c5f328b93ce2129a21a82/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f4976803-9e91-416b-b6b6-9e8365a8b243
Behavior Graph:
Download SVG
%3 guuid=e1633614-1900-0000-c364-dd8327120000 pid=4647 /usr/bin/sudo guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657 /tmp/sample.bin guuid=e1633614-1900-0000-c364-dd8327120000 pid=4647->guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657 execve guuid=ac618316-1900-0000-c364-dd8333120000 pid=4659 /usr/bin/wget net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=ac618316-1900-0000-c364-dd8333120000 pid=4659 execve guuid=32f7a94b-1900-0000-c364-dd83db120000 pid=4827 /usr/bin/curl net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=32f7a94b-1900-0000-c364-dd83db120000 pid=4827 execve guuid=c9996e82-1900-0000-c364-dd8350130000 pid=4944 /usr/bin/cat guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=c9996e82-1900-0000-c364-dd8350130000 pid=4944 execve guuid=1f6f1183-1900-0000-c364-dd8354130000 pid=4948 /usr/bin/chmod guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=1f6f1183-1900-0000-c364-dd8354130000 pid=4948 execve guuid=cd0acf83-1900-0000-c364-dd8355130000 pid=4949 /tmp/WTF net guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=cd0acf83-1900-0000-c364-dd8355130000 pid=4949 execve guuid=577ab984-1900-0000-c364-dd8359130000 pid=4953 /usr/bin/wget net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=577ab984-1900-0000-c364-dd8359130000 pid=4953 execve guuid=1fd882b8-1900-0000-c364-dd83cd130000 pid=5069 /usr/bin/curl net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=1fd882b8-1900-0000-c364-dd83cd130000 pid=5069 execve guuid=1b3562fb-1900-0000-c364-dd8328140000 pid=5160 /usr/bin/bash guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=1b3562fb-1900-0000-c364-dd8328140000 pid=5160 clone guuid=d6c586fb-1900-0000-c364-dd8329140000 pid=5161 /usr/bin/chmod guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=d6c586fb-1900-0000-c364-dd8329140000 pid=5161 execve guuid=81838500-1a00-0000-c364-dd832a140000 pid=5162 /tmp/WTF net guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=81838500-1a00-0000-c364-dd832a140000 pid=5162 execve guuid=cfa93f01-1a00-0000-c364-dd832e140000 pid=5166 /usr/bin/wget net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=cfa93f01-1a00-0000-c364-dd832e140000 pid=5166 execve guuid=5960a351-1a00-0000-c364-dd8337140000 pid=5175 /usr/bin/curl net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=5960a351-1a00-0000-c364-dd8337140000 pid=5175 execve guuid=e7adcf67-1a00-0000-c364-dd8338140000 pid=5176 /usr/bin/bash guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=e7adcf67-1a00-0000-c364-dd8338140000 pid=5176 clone guuid=6f080868-1a00-0000-c364-dd8339140000 pid=5177 /usr/bin/chmod guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=6f080868-1a00-0000-c364-dd8339140000 pid=5177 execve guuid=6c02bf68-1a00-0000-c364-dd833a140000 pid=5178 /tmp/WTF net guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=6c02bf68-1a00-0000-c364-dd833a140000 pid=5178 execve guuid=c93eae69-1a00-0000-c364-dd833e140000 pid=5182 /usr/bin/wget net send-data guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=c93eae69-1a00-0000-c364-dd833e140000 pid=5182 execve guuid=935d3e88-1a00-0000-c364-dd833f140000 pid=5183 /usr/bin/curl net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=935d3e88-1a00-0000-c364-dd833f140000 pid=5183 execve guuid=9b77a4a2-1a00-0000-c364-dd8340140000 pid=5184 /usr/bin/bash guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=9b77a4a2-1a00-0000-c364-dd8340140000 pid=5184 clone guuid=585fe0a2-1a00-0000-c364-dd8341140000 pid=5185 /usr/bin/chmod guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=585fe0a2-1a00-0000-c364-dd8341140000 pid=5185 execve guuid=b7f596a3-1a00-0000-c364-dd8342140000 pid=5186 /tmp/WTF net guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=b7f596a3-1a00-0000-c364-dd8342140000 pid=5186 execve guuid=fad87aa4-1a00-0000-c364-dd8346140000 pid=5190 /usr/bin/wget net send-data guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=fad87aa4-1a00-0000-c364-dd8346140000 pid=5190 execve guuid=b29a5eb8-1a00-0000-c364-dd8347140000 pid=5191 /usr/bin/curl net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=b29a5eb8-1a00-0000-c364-dd8347140000 pid=5191 execve guuid=8be848d0-1a00-0000-c364-dd834e140000 pid=5198 /usr/bin/bash guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=8be848d0-1a00-0000-c364-dd834e140000 pid=5198 clone guuid=6b2c6ad0-1a00-0000-c364-dd834f140000 pid=5199 /usr/bin/chmod guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=6b2c6ad0-1a00-0000-c364-dd834f140000 pid=5199 execve guuid=b761ced0-1a00-0000-c364-dd8350140000 pid=5200 /tmp/WTF net guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=b761ced0-1a00-0000-c364-dd8350140000 pid=5200 execve guuid=d1183cd1-1a00-0000-c364-dd8354140000 pid=5204 /usr/bin/wget net send-data guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=d1183cd1-1a00-0000-c364-dd8354140000 pid=5204 execve guuid=c5e646e6-1a00-0000-c364-dd8356140000 pid=5206 /usr/bin/curl net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=c5e646e6-1a00-0000-c364-dd8356140000 pid=5206 execve guuid=e189e2fc-1a00-0000-c364-dd8357140000 pid=5207 /usr/bin/bash guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=e189e2fc-1a00-0000-c364-dd8357140000 pid=5207 clone guuid=89fb09fd-1a00-0000-c364-dd8358140000 pid=5208 /usr/bin/chmod guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=89fb09fd-1a00-0000-c364-dd8358140000 pid=5208 execve guuid=a93c5efd-1a00-0000-c364-dd8359140000 pid=5209 /tmp/WTF net guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=a93c5efd-1a00-0000-c364-dd8359140000 pid=5209 execve guuid=5162c5fd-1a00-0000-c364-dd835d140000 pid=5213 /usr/bin/wget net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=5162c5fd-1a00-0000-c364-dd835d140000 pid=5213 execve guuid=f07d7f0c-1b00-0000-c364-dd835e140000 pid=5214 /usr/bin/curl net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=f07d7f0c-1b00-0000-c364-dd835e140000 pid=5214 execve guuid=7b57fe42-1b00-0000-c364-dd835f140000 pid=5215 /usr/bin/bash guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=7b57fe42-1b00-0000-c364-dd835f140000 pid=5215 clone guuid=baa36243-1b00-0000-c364-dd8360140000 pid=5216 /usr/bin/chmod guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=baa36243-1b00-0000-c364-dd8360140000 pid=5216 execve guuid=69952f48-1b00-0000-c364-dd8361140000 pid=5217 /tmp/WTF net guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=69952f48-1b00-0000-c364-dd8361140000 pid=5217 execve guuid=6dc29a49-1b00-0000-c364-dd8365140000 pid=5221 /usr/bin/wget net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=6dc29a49-1b00-0000-c364-dd8365140000 pid=5221 execve guuid=110a8b59-1b00-0000-c364-dd8366140000 pid=5222 /usr/bin/curl net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=110a8b59-1b00-0000-c364-dd8366140000 pid=5222 execve guuid=a03fc196-1b00-0000-c364-dd8367140000 pid=5223 /usr/bin/bash guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=a03fc196-1b00-0000-c364-dd8367140000 pid=5223 clone guuid=6a94e296-1b00-0000-c364-dd8368140000 pid=5224 /usr/bin/chmod guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=6a94e296-1b00-0000-c364-dd8368140000 pid=5224 execve guuid=c7982497-1b00-0000-c364-dd8369140000 pid=5225 /tmp/WTF net guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=c7982497-1b00-0000-c364-dd8369140000 pid=5225 execve guuid=9d7a8897-1b00-0000-c364-dd836d140000 pid=5229 /usr/bin/wget net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=9d7a8897-1b00-0000-c364-dd836d140000 pid=5229 execve guuid=786b78cc-1b00-0000-c364-dd8375140000 pid=5237 /usr/bin/curl net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=786b78cc-1b00-0000-c364-dd8375140000 pid=5237 execve guuid=b2310e07-1c00-0000-c364-dd838f140000 pid=5263 /usr/bin/bash guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=b2310e07-1c00-0000-c364-dd838f140000 pid=5263 clone guuid=d7c14107-1c00-0000-c364-dd8390140000 pid=5264 /usr/bin/chmod guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=d7c14107-1c00-0000-c364-dd8390140000 pid=5264 execve guuid=efc5c507-1c00-0000-c364-dd8391140000 pid=5265 /tmp/WTF net guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=efc5c507-1c00-0000-c364-dd8391140000 pid=5265 execve guuid=4ce35f08-1c00-0000-c364-dd8395140000 pid=5269 /usr/bin/wget net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=4ce35f08-1c00-0000-c364-dd8395140000 pid=5269 execve guuid=431fd615-1c00-0000-c364-dd8396140000 pid=5270 /usr/bin/curl net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=431fd615-1c00-0000-c364-dd8396140000 pid=5270 execve guuid=5701aa48-1c00-0000-c364-dd8397140000 pid=5271 /usr/bin/bash guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=5701aa48-1c00-0000-c364-dd8397140000 pid=5271 clone guuid=46a0ec48-1c00-0000-c364-dd8398140000 pid=5272 /usr/bin/chmod guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=46a0ec48-1c00-0000-c364-dd8398140000 pid=5272 execve guuid=38c68449-1c00-0000-c364-dd8399140000 pid=5273 /tmp/WTF net guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=38c68449-1c00-0000-c364-dd8399140000 pid=5273 execve guuid=bc9e5c4a-1c00-0000-c364-dd839d140000 pid=5277 /usr/bin/wget net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=bc9e5c4a-1c00-0000-c364-dd839d140000 pid=5277 execve guuid=8d996b8f-1c00-0000-c364-dd839e140000 pid=5278 /usr/bin/curl net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=8d996b8f-1c00-0000-c364-dd839e140000 pid=5278 execve guuid=68d3dbd4-1c00-0000-c364-dd839f140000 pid=5279 /usr/bin/bash guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=68d3dbd4-1c00-0000-c364-dd839f140000 pid=5279 clone guuid=dce232d5-1c00-0000-c364-dd83a0140000 pid=5280 /usr/bin/chmod guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=dce232d5-1c00-0000-c364-dd83a0140000 pid=5280 execve guuid=d633f2d5-1c00-0000-c364-dd83a1140000 pid=5281 /tmp/WTF net guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=d633f2d5-1c00-0000-c364-dd83a1140000 pid=5281 execve guuid=3c0bb6d6-1c00-0000-c364-dd83a5140000 pid=5285 /usr/bin/wget net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=3c0bb6d6-1c00-0000-c364-dd83a5140000 pid=5285 execve guuid=015a130c-1d00-0000-c364-dd83a6140000 pid=5286 /usr/bin/curl net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=015a130c-1d00-0000-c364-dd83a6140000 pid=5286 execve guuid=055ff247-1d00-0000-c364-dd83a7140000 pid=5287 /usr/bin/bash guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=055ff247-1d00-0000-c364-dd83a7140000 pid=5287 clone guuid=42962748-1d00-0000-c364-dd83a8140000 pid=5288 /usr/bin/chmod guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=42962748-1d00-0000-c364-dd83a8140000 pid=5288 execve guuid=6545b848-1d00-0000-c364-dd83a9140000 pid=5289 /tmp/WTF net guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=6545b848-1d00-0000-c364-dd83a9140000 pid=5289 execve guuid=746a6f49-1d00-0000-c364-dd83ad140000 pid=5293 /usr/bin/wget net send-data guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=746a6f49-1d00-0000-c364-dd83ad140000 pid=5293 execve guuid=dfa3545f-1d00-0000-c364-dd83ae140000 pid=5294 /usr/bin/curl net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=dfa3545f-1d00-0000-c364-dd83ae140000 pid=5294 execve guuid=578b1369-1d00-0000-c364-dd83af140000 pid=5295 /usr/bin/bash guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=578b1369-1d00-0000-c364-dd83af140000 pid=5295 clone guuid=8be84b69-1d00-0000-c364-dd83b0140000 pid=5296 /usr/bin/chmod guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=8be84b69-1d00-0000-c364-dd83b0140000 pid=5296 execve guuid=1807db69-1d00-0000-c364-dd83b1140000 pid=5297 /tmp/WTF net guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=1807db69-1d00-0000-c364-dd83b1140000 pid=5297 execve guuid=46dd986a-1d00-0000-c364-dd83b5140000 pid=5301 /usr/bin/wget net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=46dd986a-1d00-0000-c364-dd83b5140000 pid=5301 execve guuid=762716ac-1d00-0000-c364-dd83b6140000 pid=5302 /usr/bin/curl net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=762716ac-1d00-0000-c364-dd83b6140000 pid=5302 execve guuid=240de4ec-1d00-0000-c364-dd83b7140000 pid=5303 /usr/bin/bash guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=240de4ec-1d00-0000-c364-dd83b7140000 pid=5303 clone guuid=ba001aed-1d00-0000-c364-dd83b8140000 pid=5304 /usr/bin/chmod guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=ba001aed-1d00-0000-c364-dd83b8140000 pid=5304 execve guuid=4859afed-1d00-0000-c364-dd83b9140000 pid=5305 /tmp/WTF net guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=4859afed-1d00-0000-c364-dd83b9140000 pid=5305 execve guuid=fb726cee-1d00-0000-c364-dd83bd140000 pid=5309 /usr/bin/wget net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=fb726cee-1d00-0000-c364-dd83bd140000 pid=5309 execve guuid=8d5b30ff-1d00-0000-c364-dd83be140000 pid=5310 /usr/bin/curl net send-data write-file guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=8d5b30ff-1d00-0000-c364-dd83be140000 pid=5310 execve guuid=f2a91e4f-1e00-0000-c364-dd83bf140000 pid=5311 /usr/bin/bash guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=f2a91e4f-1e00-0000-c364-dd83bf140000 pid=5311 clone guuid=ae78544f-1e00-0000-c364-dd83c0140000 pid=5312 /usr/bin/chmod guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=ae78544f-1e00-0000-c364-dd83c0140000 pid=5312 execve guuid=769be94f-1e00-0000-c364-dd83c1140000 pid=5313 /tmp/WTF net guuid=375e2516-1900-0000-c364-dd8331120000 pid=4657->guuid=769be94f-1e00-0000-c364-dd83c1140000 pid=5313 execve c73f62fe-9844-579e-9c14-aef4cd9df492 130.193.34.57:80 guuid=ac618316-1900-0000-c364-dd8333120000 pid=4659->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 149B guuid=32f7a94b-1900-0000-c364-dd83db120000 pid=4827->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 98B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=cd0acf83-1900-0000-c364-dd8355130000 pid=4949->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=3a8f6684-1900-0000-c364-dd8356130000 pid=4950 /tmp/WTF guuid=cd0acf83-1900-0000-c364-dd8355130000 pid=4949->guuid=3a8f6684-1900-0000-c364-dd8356130000 pid=4950 clone guuid=f3947784-1900-0000-c364-dd8357130000 pid=4951 /tmp/WTF guuid=cd0acf83-1900-0000-c364-dd8355130000 pid=4949->guuid=f3947784-1900-0000-c364-dd8357130000 pid=4951 clone guuid=36b48584-1900-0000-c364-dd8358130000 pid=4952 /tmp/WTF net send-data zombie guuid=cd0acf83-1900-0000-c364-dd8355130000 pid=4949->guuid=36b48584-1900-0000-c364-dd8358130000 pid=4952 clone guuid=36b48584-1900-0000-c364-dd8358130000 pid=4952->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 857dd2fa-206e-5f5c-bf2e-6feceafcf231 130.193.34.57:3778 guuid=36b48584-1900-0000-c364-dd8358130000 pid=4952->857dd2fa-206e-5f5c-bf2e-6feceafcf231 send: 7B guuid=577ab984-1900-0000-c364-dd8359130000 pid=4953->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 150B guuid=1fd882b8-1900-0000-c364-dd83cd130000 pid=5069->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 99B guuid=81838500-1a00-0000-c364-dd832a140000 pid=5162->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a1260c01-1a00-0000-c364-dd832b140000 pid=5163 /tmp/WTF guuid=81838500-1a00-0000-c364-dd832a140000 pid=5162->guuid=a1260c01-1a00-0000-c364-dd832b140000 pid=5163 clone guuid=08de1601-1a00-0000-c364-dd832c140000 pid=5164 /tmp/WTF guuid=81838500-1a00-0000-c364-dd832a140000 pid=5162->guuid=08de1601-1a00-0000-c364-dd832c140000 pid=5164 clone guuid=0bc52501-1a00-0000-c364-dd832d140000 pid=5165 /tmp/WTF net send-data zombie guuid=81838500-1a00-0000-c364-dd832a140000 pid=5162->guuid=0bc52501-1a00-0000-c364-dd832d140000 pid=5165 clone guuid=0bc52501-1a00-0000-c364-dd832d140000 pid=5165->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=0bc52501-1a00-0000-c364-dd832d140000 pid=5165->857dd2fa-206e-5f5c-bf2e-6feceafcf231 send: 7B guuid=cfa93f01-1a00-0000-c364-dd832e140000 pid=5166->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 149B guuid=5960a351-1a00-0000-c364-dd8337140000 pid=5175->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 98B guuid=6c02bf68-1a00-0000-c364-dd833a140000 pid=5178->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2c077969-1a00-0000-c364-dd833b140000 pid=5179 /tmp/WTF guuid=6c02bf68-1a00-0000-c364-dd833a140000 pid=5178->guuid=2c077969-1a00-0000-c364-dd833b140000 pid=5179 clone guuid=f6308669-1a00-0000-c364-dd833c140000 pid=5180 /tmp/WTF guuid=6c02bf68-1a00-0000-c364-dd833a140000 pid=5178->guuid=f6308669-1a00-0000-c364-dd833c140000 pid=5180 clone guuid=fd629869-1a00-0000-c364-dd833d140000 pid=5181 /tmp/WTF net send-data zombie guuid=6c02bf68-1a00-0000-c364-dd833a140000 pid=5178->guuid=fd629869-1a00-0000-c364-dd833d140000 pid=5181 clone guuid=fd629869-1a00-0000-c364-dd833d140000 pid=5181->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=fd629869-1a00-0000-c364-dd833d140000 pid=5181->857dd2fa-206e-5f5c-bf2e-6feceafcf231 send: 12B guuid=c93eae69-1a00-0000-c364-dd833e140000 pid=5182->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 150B guuid=935d3e88-1a00-0000-c364-dd833f140000 pid=5183->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 99B guuid=b7f596a3-1a00-0000-c364-dd8342140000 pid=5186->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b6034aa4-1a00-0000-c364-dd8343140000 pid=5187 /tmp/WTF guuid=b7f596a3-1a00-0000-c364-dd8342140000 pid=5186->guuid=b6034aa4-1a00-0000-c364-dd8343140000 pid=5187 clone guuid=8b905ba4-1a00-0000-c364-dd8344140000 pid=5188 /tmp/WTF guuid=b7f596a3-1a00-0000-c364-dd8342140000 pid=5186->guuid=8b905ba4-1a00-0000-c364-dd8344140000 pid=5188 clone guuid=ad7467a4-1a00-0000-c364-dd8345140000 pid=5189 /tmp/WTF net send-data zombie guuid=b7f596a3-1a00-0000-c364-dd8342140000 pid=5186->guuid=ad7467a4-1a00-0000-c364-dd8345140000 pid=5189 clone guuid=ad7467a4-1a00-0000-c364-dd8345140000 pid=5189->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ad7467a4-1a00-0000-c364-dd8345140000 pid=5189->857dd2fa-206e-5f5c-bf2e-6feceafcf231 send: 7B guuid=fad87aa4-1a00-0000-c364-dd8346140000 pid=5190->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 150B guuid=b29a5eb8-1a00-0000-c364-dd8347140000 pid=5191->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 99B guuid=b761ced0-1a00-0000-c364-dd8350140000 pid=5200->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4a9b28d1-1a00-0000-c364-dd8351140000 pid=5201 /tmp/WTF guuid=b761ced0-1a00-0000-c364-dd8350140000 pid=5200->guuid=4a9b28d1-1a00-0000-c364-dd8351140000 pid=5201 clone guuid=abb62cd1-1a00-0000-c364-dd8352140000 pid=5202 /tmp/WTF guuid=b761ced0-1a00-0000-c364-dd8350140000 pid=5200->guuid=abb62cd1-1a00-0000-c364-dd8352140000 pid=5202 clone guuid=6e4430d1-1a00-0000-c364-dd8353140000 pid=5203 /tmp/WTF net send-data zombie guuid=b761ced0-1a00-0000-c364-dd8350140000 pid=5200->guuid=6e4430d1-1a00-0000-c364-dd8353140000 pid=5203 clone guuid=6e4430d1-1a00-0000-c364-dd8353140000 pid=5203->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6e4430d1-1a00-0000-c364-dd8353140000 pid=5203->857dd2fa-206e-5f5c-bf2e-6feceafcf231 send: 7B guuid=d1183cd1-1a00-0000-c364-dd8354140000 pid=5204->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 152B guuid=c5e646e6-1a00-0000-c364-dd8356140000 pid=5206->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 101B guuid=a93c5efd-1a00-0000-c364-dd8359140000 pid=5209->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=005eb2fd-1a00-0000-c364-dd835a140000 pid=5210 /tmp/WTF guuid=a93c5efd-1a00-0000-c364-dd8359140000 pid=5209->guuid=005eb2fd-1a00-0000-c364-dd835a140000 pid=5210 clone guuid=6c21b6fd-1a00-0000-c364-dd835b140000 pid=5211 /tmp/WTF guuid=a93c5efd-1a00-0000-c364-dd8359140000 pid=5209->guuid=6c21b6fd-1a00-0000-c364-dd835b140000 pid=5211 clone guuid=a3cfb9fd-1a00-0000-c364-dd835c140000 pid=5212 /tmp/WTF net send-data zombie guuid=a93c5efd-1a00-0000-c364-dd8359140000 pid=5209->guuid=a3cfb9fd-1a00-0000-c364-dd835c140000 pid=5212 clone guuid=a3cfb9fd-1a00-0000-c364-dd835c140000 pid=5212->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a3cfb9fd-1a00-0000-c364-dd835c140000 pid=5212->857dd2fa-206e-5f5c-bf2e-6feceafcf231 send: 7B guuid=5162c5fd-1a00-0000-c364-dd835d140000 pid=5213->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 150B guuid=f07d7f0c-1b00-0000-c364-dd835e140000 pid=5214->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 99B guuid=69952f48-1b00-0000-c364-dd8361140000 pid=5217->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=3f846049-1b00-0000-c364-dd8362140000 pid=5218 /tmp/WTF guuid=69952f48-1b00-0000-c364-dd8361140000 pid=5217->guuid=3f846049-1b00-0000-c364-dd8362140000 pid=5218 clone guuid=33c47549-1b00-0000-c364-dd8363140000 pid=5219 /tmp/WTF guuid=69952f48-1b00-0000-c364-dd8361140000 pid=5217->guuid=33c47549-1b00-0000-c364-dd8363140000 pid=5219 clone guuid=be3e8249-1b00-0000-c364-dd8364140000 pid=5220 /tmp/WTF net send-data zombie guuid=69952f48-1b00-0000-c364-dd8361140000 pid=5217->guuid=be3e8249-1b00-0000-c364-dd8364140000 pid=5220 clone guuid=be3e8249-1b00-0000-c364-dd8364140000 pid=5220->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=be3e8249-1b00-0000-c364-dd8364140000 pid=5220->857dd2fa-206e-5f5c-bf2e-6feceafcf231 send: 7B guuid=6dc29a49-1b00-0000-c364-dd8365140000 pid=5221->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 149B guuid=110a8b59-1b00-0000-c364-dd8366140000 pid=5222->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 98B guuid=c7982497-1b00-0000-c364-dd8369140000 pid=5225->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2ae47197-1b00-0000-c364-dd836a140000 pid=5226 /tmp/WTF guuid=c7982497-1b00-0000-c364-dd8369140000 pid=5225->guuid=2ae47197-1b00-0000-c364-dd836a140000 pid=5226 clone guuid=23e27797-1b00-0000-c364-dd836b140000 pid=5227 /tmp/WTF guuid=c7982497-1b00-0000-c364-dd8369140000 pid=5225->guuid=23e27797-1b00-0000-c364-dd836b140000 pid=5227 clone guuid=51567d97-1b00-0000-c364-dd836c140000 pid=5228 /tmp/WTF net send-data zombie guuid=c7982497-1b00-0000-c364-dd8369140000 pid=5225->guuid=51567d97-1b00-0000-c364-dd836c140000 pid=5228 clone guuid=51567d97-1b00-0000-c364-dd836c140000 pid=5228->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=51567d97-1b00-0000-c364-dd836c140000 pid=5228->857dd2fa-206e-5f5c-bf2e-6feceafcf231 send: 7B guuid=9d7a8897-1b00-0000-c364-dd836d140000 pid=5229->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 150B guuid=786b78cc-1b00-0000-c364-dd8375140000 pid=5237->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 99B guuid=efc5c507-1c00-0000-c364-dd8391140000 pid=5265->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=02e03b08-1c00-0000-c364-dd8392140000 pid=5266 /tmp/WTF guuid=efc5c507-1c00-0000-c364-dd8391140000 pid=5265->guuid=02e03b08-1c00-0000-c364-dd8392140000 pid=5266 clone guuid=0d2e4108-1c00-0000-c364-dd8393140000 pid=5267 /tmp/WTF guuid=efc5c507-1c00-0000-c364-dd8391140000 pid=5265->guuid=0d2e4108-1c00-0000-c364-dd8393140000 pid=5267 clone guuid=59124808-1c00-0000-c364-dd8394140000 pid=5268 /tmp/WTF net send-data zombie guuid=efc5c507-1c00-0000-c364-dd8391140000 pid=5265->guuid=59124808-1c00-0000-c364-dd8394140000 pid=5268 clone guuid=59124808-1c00-0000-c364-dd8394140000 pid=5268->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=59124808-1c00-0000-c364-dd8394140000 pid=5268->857dd2fa-206e-5f5c-bf2e-6feceafcf231 send: 7B guuid=4ce35f08-1c00-0000-c364-dd8395140000 pid=5269->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 150B guuid=431fd615-1c00-0000-c364-dd8396140000 pid=5270->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 99B guuid=38c68449-1c00-0000-c364-dd8399140000 pid=5273->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=eae3194a-1c00-0000-c364-dd839a140000 pid=5274 /tmp/WTF guuid=38c68449-1c00-0000-c364-dd8399140000 pid=5273->guuid=eae3194a-1c00-0000-c364-dd839a140000 pid=5274 clone guuid=3b57264a-1c00-0000-c364-dd839b140000 pid=5275 /tmp/WTF guuid=38c68449-1c00-0000-c364-dd8399140000 pid=5273->guuid=3b57264a-1c00-0000-c364-dd839b140000 pid=5275 clone guuid=571f3d4a-1c00-0000-c364-dd839c140000 pid=5276 /tmp/WTF net send-data zombie guuid=38c68449-1c00-0000-c364-dd8399140000 pid=5273->guuid=571f3d4a-1c00-0000-c364-dd839c140000 pid=5276 clone guuid=571f3d4a-1c00-0000-c364-dd839c140000 pid=5276->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=571f3d4a-1c00-0000-c364-dd839c140000 pid=5276->857dd2fa-206e-5f5c-bf2e-6feceafcf231 send: 7B guuid=bc9e5c4a-1c00-0000-c364-dd839d140000 pid=5277->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 150B guuid=8d996b8f-1c00-0000-c364-dd839e140000 pid=5278->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 99B guuid=d633f2d5-1c00-0000-c364-dd83a1140000 pid=5281->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4b267cd6-1c00-0000-c364-dd83a2140000 pid=5282 /tmp/WTF guuid=d633f2d5-1c00-0000-c364-dd83a1140000 pid=5281->guuid=4b267cd6-1c00-0000-c364-dd83a2140000 pid=5282 clone guuid=126a87d6-1c00-0000-c364-dd83a3140000 pid=5283 /tmp/WTF guuid=d633f2d5-1c00-0000-c364-dd83a1140000 pid=5281->guuid=126a87d6-1c00-0000-c364-dd83a3140000 pid=5283 clone guuid=7e8793d6-1c00-0000-c364-dd83a4140000 pid=5284 /tmp/WTF net send-data zombie guuid=d633f2d5-1c00-0000-c364-dd83a1140000 pid=5281->guuid=7e8793d6-1c00-0000-c364-dd83a4140000 pid=5284 clone guuid=7e8793d6-1c00-0000-c364-dd83a4140000 pid=5284->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7e8793d6-1c00-0000-c364-dd83a4140000 pid=5284->857dd2fa-206e-5f5c-bf2e-6feceafcf231 send: 7B guuid=3c0bb6d6-1c00-0000-c364-dd83a5140000 pid=5285->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 149B guuid=015a130c-1d00-0000-c364-dd83a6140000 pid=5286->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 98B guuid=6545b848-1d00-0000-c364-dd83a9140000 pid=5289->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b4404549-1d00-0000-c364-dd83aa140000 pid=5290 /tmp/WTF guuid=6545b848-1d00-0000-c364-dd83a9140000 pid=5289->guuid=b4404549-1d00-0000-c364-dd83aa140000 pid=5290 clone guuid=ac094e49-1d00-0000-c364-dd83ab140000 pid=5291 /tmp/WTF guuid=6545b848-1d00-0000-c364-dd83a9140000 pid=5289->guuid=ac094e49-1d00-0000-c364-dd83ab140000 pid=5291 clone guuid=fc375c49-1d00-0000-c364-dd83ac140000 pid=5292 /tmp/WTF net send-data zombie guuid=6545b848-1d00-0000-c364-dd83a9140000 pid=5289->guuid=fc375c49-1d00-0000-c364-dd83ac140000 pid=5292 clone guuid=fc375c49-1d00-0000-c364-dd83ac140000 pid=5292->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=fc375c49-1d00-0000-c364-dd83ac140000 pid=5292->857dd2fa-206e-5f5c-bf2e-6feceafcf231 send: 7B guuid=746a6f49-1d00-0000-c364-dd83ad140000 pid=5293->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 149B guuid=dfa3545f-1d00-0000-c364-dd83ae140000 pid=5294->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 98B guuid=1807db69-1d00-0000-c364-dd83b1140000 pid=5297->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c936636a-1d00-0000-c364-dd83b2140000 pid=5298 /tmp/WTF guuid=1807db69-1d00-0000-c364-dd83b1140000 pid=5297->guuid=c936636a-1d00-0000-c364-dd83b2140000 pid=5298 clone guuid=e2046c6a-1d00-0000-c364-dd83b3140000 pid=5299 /tmp/WTF guuid=1807db69-1d00-0000-c364-dd83b1140000 pid=5297->guuid=e2046c6a-1d00-0000-c364-dd83b3140000 pid=5299 clone guuid=6709806a-1d00-0000-c364-dd83b4140000 pid=5300 /tmp/WTF net send-data zombie guuid=1807db69-1d00-0000-c364-dd83b1140000 pid=5297->guuid=6709806a-1d00-0000-c364-dd83b4140000 pid=5300 clone guuid=6709806a-1d00-0000-c364-dd83b4140000 pid=5300->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6709806a-1d00-0000-c364-dd83b4140000 pid=5300->857dd2fa-206e-5f5c-bf2e-6feceafcf231 send: 7B guuid=46dd986a-1d00-0000-c364-dd83b5140000 pid=5301->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 150B guuid=762716ac-1d00-0000-c364-dd83b6140000 pid=5302->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 99B guuid=4859afed-1d00-0000-c364-dd83b9140000 pid=5305->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e9ab39ee-1d00-0000-c364-dd83ba140000 pid=5306 /tmp/WTF guuid=4859afed-1d00-0000-c364-dd83b9140000 pid=5305->guuid=e9ab39ee-1d00-0000-c364-dd83ba140000 pid=5306 clone guuid=d55547ee-1d00-0000-c364-dd83bb140000 pid=5307 /tmp/WTF guuid=4859afed-1d00-0000-c364-dd83b9140000 pid=5305->guuid=d55547ee-1d00-0000-c364-dd83bb140000 pid=5307 clone guuid=b7c957ee-1d00-0000-c364-dd83bc140000 pid=5308 /tmp/WTF net send-data zombie guuid=4859afed-1d00-0000-c364-dd83b9140000 pid=5305->guuid=b7c957ee-1d00-0000-c364-dd83bc140000 pid=5308 clone guuid=b7c957ee-1d00-0000-c364-dd83bc140000 pid=5308->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b7c957ee-1d00-0000-c364-dd83bc140000 pid=5308->857dd2fa-206e-5f5c-bf2e-6feceafcf231 send: 7B guuid=fb726cee-1d00-0000-c364-dd83bd140000 pid=5309->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 149B guuid=8d5b30ff-1d00-0000-c364-dd83be140000 pid=5310->c73f62fe-9844-579e-9c14-aef4cd9df492 send: 98B guuid=769be94f-1e00-0000-c364-dd83c1140000 pid=5313->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=49ff7350-1e00-0000-c364-dd83c2140000 pid=5314 /tmp/WTF guuid=769be94f-1e00-0000-c364-dd83c1140000 pid=5313->guuid=49ff7350-1e00-0000-c364-dd83c2140000 pid=5314 clone guuid=37cc7b50-1e00-0000-c364-dd83c3140000 pid=5315 /tmp/WTF guuid=769be94f-1e00-0000-c364-dd83c1140000 pid=5313->guuid=37cc7b50-1e00-0000-c364-dd83c3140000 pid=5315 clone guuid=34ba8550-1e00-0000-c364-dd83c4140000 pid=5316 /tmp/WTF net send-data zombie guuid=769be94f-1e00-0000-c364-dd83c1140000 pid=5313->guuid=34ba8550-1e00-0000-c364-dd83c4140000 pid=5316 clone guuid=34ba8550-1e00-0000-c364-dd83c4140000 pid=5316->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=34ba8550-1e00-0000-c364-dd83c4140000 pid=5316->857dd2fa-206e-5f5c-bf2e-6feceafcf231 send: 7B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8b5d5b7d29590f6700afe2300561b4d62466038a000c5f328b93ce2129a21a82
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8b5d5b7d29590f6700afe2300561b4d62466038a000c5f328b93ce2129a21a82/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/8b5d5b7d29590f6700afe2300561b4d62466038a000c5f328b93ce2129a21a82
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-01-29 02:15:54 UTC
File Type:
Text (Shell)
AV detection:
24 of 37 (64.86%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rnovw7jjlehwoafp4iyakynu2ysgma4kaagf6mulsphcckncdkba._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm defense_evasion discovery linux upx
Link:
https://tria.ge/reports/260131-tyaeqscx5h/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/8b5d5b7d2959/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.39
Link:
https://yomi.yoroi.company/submissions/8b5d5b7d29590f6700afe2300561b4d62466038a000c5f328b93ce2129a21a82

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 95e905566ec8556ffbb9b909719ae505d66a53c33513434366d354f7248462a1

Mirai

sh 8b5d5b7d29590f6700afe2300561b4d62466038a000c5f328b93ce2129a21a82

(this sample)

Mirai

elf 73f5c177a94f7ab29d11bdb1562bc7e7d8285866e55abd8c5f3488118880bc37

Mirai

elf 9b3ac5f7f52633479bcc2d5d853ab38bb326ed52a7b9acca47a80cfb403909bd

  
URLhaus
https://urlhaus.abuse.ch/url/3766658/
  
Delivery method
Distributed via web download
  
Dropping
MD5 bfc9d36d12119201be8feb0861f2bc0b
  
Dropping
SHA256 9b3ac5f7f52633479bcc2d5d853ab38bb326ed52a7b9acca47a80cfb403909bd
  
Dropped by
SHA256 95e905566ec8556ffbb9b909719ae505d66a53c33513434366d354f7248462a1
  
Dropped by
MD5 460f8977ba38f0fda215022ca77d081a
  
URLhaus
https://urlhaus.abuse.ch/url/3766657/

Comments