MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9cadf4dcc03be8d8dd7d1aef31b4ceeafba92e7977886ee62b06d73c332bb432. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9cadf4dcc03be8d8dd7d1aef31b4ceeafba92e7977886ee62b06d73c332bb432
SHA3-384 hash: 102d3dafa643f1061b0f1bf199265649e9126698398dd8b79ae07e547238d7192089cb21d677fc6fb90c183167046adf
SHA1 hash: c8c064442f4c3ad68ce03ec458cb668645ef84d8
MD5 hash: ca843e6f9995e0079f63768f4cc7d89d
humanhash: spring-white-king-hamper
File name:huh.sh
Download: download sample
File size:3'066 bytes
First seen:2025-11-07 06:26:20 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:U1yIyn02Bs1yaMyazvf2Bs1y9NKy9z4f2Bs1ycyjM2Bs1y9ySl2Bs1yjMyjzqf2G:UiJWpQzv+Wyjz4+WixWYAWAdzq+WwqWU
TLSH T1BE5185C6033288796CA7DE57FDB5EE1632DA419199E15F01A4FC74FC60CEE287888653
Magika csv
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.66.212/bins/Space.x86n/an/aelf ua-wget
http://196.251.66.212/bins/Space.mipsa3106e32fbe7536457b5f9c38efc523c03c7d7c3e4fc8b5f9c3f0782bd710efd Miraielf mirai ua-wget
http://196.251.66.212/bins/Space.mpsl9a98431aacda3b17614bc5bca0224d3d7e95952641f1dc5e1cea035486234555 Miraielf mirai ua-wget
http://196.251.66.212/bins/Space.arm65b6395ede5201450d4f5c904ae5406a29da2f33a353aa5d88c80faa80c1a8f7 Miraielf mirai ua-wget
http://196.251.66.212/bins/Space.arm557ab4c77e029f0b705c39b7f75829028b7863f53730e533f6f6c0ad3dedb8239 Miraielf mirai ua-wget
http://196.251.66.212/bins/Space.arm6f69d70dd473e3cef4143bb72173afb4fdadbd9359edd8977e8695543317352bc Miraielf mirai ua-wget
http://196.251.66.212/bins/Space.arm721d48f7250aa82a8d5193e91d876ecca12a24d56fb0068f5e7f1aee45b4a8d03 Miraielf mirai ua-wget
http://196.251.66.212/bins/Space.ppcd689a412fcb12a734c24d6e09c5d2361d5362d1cc839f86f2d8481b874b7bfc5 Miraielf mirai ua-wget
http://196.251.66.212/bins/Space.m68k9a10b9aaa8a479e6737799440c63e6c1f83b9c50bc7832029a3ac6a82c51a636 Miraielf mirai ua-wget
http://196.251.66.212/bins/Space.sh48f036bd143b3c433acc24062c7a3429f97cf6be40455497fff55953e80c3df5c Miraielf mirai ua-wget
http://196.251.66.212/bins/Space.spc331d7b9c54db2a3ec62bac8633180b0b9d92ebf8a89398ab06943876890070ce Miraielf mirai ua-wget
http://196.251.66.212/bins/Space.arc556bcc609044951c83d39f1a94b215727a33b0ac531775ee07d38e653dd77f7b Miraielf mirai ua-wget
http://196.251.66.212/bins/Space.x86_64914c69e8ffdfb259a24780a145355e50120c8e974e021d4cfe3405c69f69d348 Miraielf mirai ua-wget
http://196.251.66.212/bins/Space.i686936afca5ba3cf719ffb69e874c7a9e6267689da3bc6d66cd0b54b1bef6103766 Miraielf mirai ua-wget
http://196.251.66.212/bins/Space.i486n/an/aelf ua-wget
http://196.251.66.212/bins/Space.mips64n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
32
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-11-07T11:11:00Z UTC
Last seen:
2025-11-08T10:35:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/9cadf4dcc03be8d8dd7d1aef31b4ceeafba92e7977886ee62b06d73c332bb432/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2c89fc3a-a495-470a-9952-47413377262d
Behavior Graph:
Download SVG
%3 guuid=d81e5675-1900-0000-30d3-78761e110000 pid=4382 /usr/bin/sudo guuid=b6303477-1900-0000-30d3-787625110000 pid=4389 /tmp/sample.bin guuid=d81e5675-1900-0000-30d3-78761e110000 pid=4382->guuid=b6303477-1900-0000-30d3-787625110000 pid=4389 execve guuid=535c7f77-1900-0000-30d3-787627110000 pid=4391 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=535c7f77-1900-0000-30d3-787627110000 pid=4391 execve guuid=bf27f67b-1900-0000-30d3-78763c110000 pid=4412 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=bf27f67b-1900-0000-30d3-78763c110000 pid=4412 execve guuid=80c01185-1900-0000-30d3-787665110000 pid=4453 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=80c01185-1900-0000-30d3-787665110000 pid=4453 execve guuid=20485b85-1900-0000-30d3-787666110000 pid=4454 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=20485b85-1900-0000-30d3-787666110000 pid=4454 execve guuid=2ae0aa85-1900-0000-30d3-78766a110000 pid=4458 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=2ae0aa85-1900-0000-30d3-78766a110000 pid=4458 execve guuid=2208db85-1900-0000-30d3-78766c110000 pid=4460 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=2208db85-1900-0000-30d3-78766c110000 pid=4460 execve guuid=7785ad88-1900-0000-30d3-787679110000 pid=4473 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=7785ad88-1900-0000-30d3-787679110000 pid=4473 execve guuid=98e7878c-1900-0000-30d3-787685110000 pid=4485 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=98e7878c-1900-0000-30d3-787685110000 pid=4485 execve guuid=7f0ec58c-1900-0000-30d3-787687110000 pid=4487 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=7f0ec58c-1900-0000-30d3-787687110000 pid=4487 execve guuid=b270008d-1900-0000-30d3-787688110000 pid=4488 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=b270008d-1900-0000-30d3-787688110000 pid=4488 execve guuid=39f12d8d-1900-0000-30d3-78768c110000 pid=4492 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=39f12d8d-1900-0000-30d3-78768c110000 pid=4492 execve guuid=2abb2890-1900-0000-30d3-787693110000 pid=4499 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=2abb2890-1900-0000-30d3-787693110000 pid=4499 execve guuid=e322f09c-1900-0000-30d3-7876a4110000 pid=4516 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=e322f09c-1900-0000-30d3-7876a4110000 pid=4516 execve guuid=e131af9d-1900-0000-30d3-7876a5110000 pid=4517 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=e131af9d-1900-0000-30d3-7876a5110000 pid=4517 execve guuid=b626279e-1900-0000-30d3-7876a6110000 pid=4518 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=b626279e-1900-0000-30d3-7876a6110000 pid=4518 execve guuid=f0fc789e-1900-0000-30d3-7876a7110000 pid=4519 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=f0fc789e-1900-0000-30d3-7876a7110000 pid=4519 execve guuid=b60e6da1-1900-0000-30d3-7876ab110000 pid=4523 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=b60e6da1-1900-0000-30d3-7876ab110000 pid=4523 execve guuid=7c9b29a8-1900-0000-30d3-7876c9110000 pid=4553 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=7c9b29a8-1900-0000-30d3-7876c9110000 pid=4553 execve guuid=59a16ca8-1900-0000-30d3-7876cb110000 pid=4555 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=59a16ca8-1900-0000-30d3-7876cb110000 pid=4555 execve guuid=73e1a2a8-1900-0000-30d3-7876cf110000 pid=4559 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=73e1a2a8-1900-0000-30d3-7876cf110000 pid=4559 execve guuid=32fbd7a8-1900-0000-30d3-7876d0110000 pid=4560 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=32fbd7a8-1900-0000-30d3-7876d0110000 pid=4560 execve guuid=92bb74ab-1900-0000-30d3-7876de110000 pid=4574 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=92bb74ab-1900-0000-30d3-7876de110000 pid=4574 execve guuid=5bf82faf-1900-0000-30d3-7876f2110000 pid=4594 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=5bf82faf-1900-0000-30d3-7876f2110000 pid=4594 execve guuid=372a6aaf-1900-0000-30d3-7876f3110000 pid=4595 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=372a6aaf-1900-0000-30d3-7876f3110000 pid=4595 execve guuid=3d37a2af-1900-0000-30d3-7876f7110000 pid=4599 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=3d37a2af-1900-0000-30d3-7876f7110000 pid=4599 execve guuid=cafddeaf-1900-0000-30d3-7876f8110000 pid=4600 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=cafddeaf-1900-0000-30d3-7876f8110000 pid=4600 execve guuid=4733b9b2-1900-0000-30d3-78760a120000 pid=4618 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=4733b9b2-1900-0000-30d3-78760a120000 pid=4618 execve guuid=5c0f36b6-1900-0000-30d3-78761b120000 pid=4635 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=5c0f36b6-1900-0000-30d3-78761b120000 pid=4635 execve guuid=333f76b6-1900-0000-30d3-78761c120000 pid=4636 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=333f76b6-1900-0000-30d3-78761c120000 pid=4636 execve guuid=4d4eadb6-1900-0000-30d3-78761e120000 pid=4638 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=4d4eadb6-1900-0000-30d3-78761e120000 pid=4638 execve guuid=d267d9b6-1900-0000-30d3-78761f120000 pid=4639 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=d267d9b6-1900-0000-30d3-78761f120000 pid=4639 execve guuid=6c3dbdb9-1900-0000-30d3-787628120000 pid=4648 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=6c3dbdb9-1900-0000-30d3-787628120000 pid=4648 execve guuid=7afbdcbd-1900-0000-30d3-787634120000 pid=4660 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=7afbdcbd-1900-0000-30d3-787634120000 pid=4660 execve guuid=83cd34be-1900-0000-30d3-787635120000 pid=4661 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=83cd34be-1900-0000-30d3-787635120000 pid=4661 execve guuid=f124c1be-1900-0000-30d3-787639120000 pid=4665 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=f124c1be-1900-0000-30d3-787639120000 pid=4665 execve guuid=b61321bf-1900-0000-30d3-78763d120000 pid=4669 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=b61321bf-1900-0000-30d3-78763d120000 pid=4669 execve guuid=5888c9c2-1900-0000-30d3-78764c120000 pid=4684 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=5888c9c2-1900-0000-30d3-78764c120000 pid=4684 execve guuid=e91873c7-1900-0000-30d3-78765b120000 pid=4699 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=e91873c7-1900-0000-30d3-78765b120000 pid=4699 execve guuid=8eb8cec7-1900-0000-30d3-78765f120000 pid=4703 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=8eb8cec7-1900-0000-30d3-78765f120000 pid=4703 execve guuid=e13a0fc8-1900-0000-30d3-787660120000 pid=4704 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=e13a0fc8-1900-0000-30d3-787660120000 pid=4704 execve guuid=096a40c8-1900-0000-30d3-787664120000 pid=4708 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=096a40c8-1900-0000-30d3-787664120000 pid=4708 execve guuid=911b14cb-1900-0000-30d3-787673120000 pid=4723 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=911b14cb-1900-0000-30d3-787673120000 pid=4723 execve guuid=7ebce5cf-1900-0000-30d3-78768a120000 pid=4746 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=7ebce5cf-1900-0000-30d3-78768a120000 pid=4746 execve guuid=7d2149d0-1900-0000-30d3-78768e120000 pid=4750 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=7d2149d0-1900-0000-30d3-78768e120000 pid=4750 execve guuid=ed90a5d0-1900-0000-30d3-787692120000 pid=4754 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=ed90a5d0-1900-0000-30d3-787692120000 pid=4754 execve guuid=cf5bf4d0-1900-0000-30d3-787693120000 pid=4755 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=cf5bf4d0-1900-0000-30d3-787693120000 pid=4755 execve guuid=1a922ad4-1900-0000-30d3-78769f120000 pid=4767 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=1a922ad4-1900-0000-30d3-78769f120000 pid=4767 execve guuid=e4e73fd8-1900-0000-30d3-7876aa120000 pid=4778 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=e4e73fd8-1900-0000-30d3-7876aa120000 pid=4778 execve guuid=4a658dd8-1900-0000-30d3-7876ac120000 pid=4780 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=4a658dd8-1900-0000-30d3-7876ac120000 pid=4780 execve guuid=aefecfd8-1900-0000-30d3-7876ae120000 pid=4782 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=aefecfd8-1900-0000-30d3-7876ae120000 pid=4782 execve guuid=f37763d9-1900-0000-30d3-7876b1120000 pid=4785 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=f37763d9-1900-0000-30d3-7876b1120000 pid=4785 execve guuid=c84ca3dd-1900-0000-30d3-7876be120000 pid=4798 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=c84ca3dd-1900-0000-30d3-7876be120000 pid=4798 execve guuid=35d609e3-1900-0000-30d3-7876d3120000 pid=4819 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=35d609e3-1900-0000-30d3-7876d3120000 pid=4819 execve guuid=37015ae3-1900-0000-30d3-7876d5120000 pid=4821 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=37015ae3-1900-0000-30d3-7876d5120000 pid=4821 execve guuid=bfa5bfe3-1900-0000-30d3-7876d7120000 pid=4823 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=bfa5bfe3-1900-0000-30d3-7876d7120000 pid=4823 execve guuid=a5bb13e4-1900-0000-30d3-7876d9120000 pid=4825 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=a5bb13e4-1900-0000-30d3-7876d9120000 pid=4825 execve guuid=994592e7-1900-0000-30d3-7876e8120000 pid=4840 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=994592e7-1900-0000-30d3-7876e8120000 pid=4840 execve guuid=0b9f9deb-1900-0000-30d3-7876f6120000 pid=4854 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=0b9f9deb-1900-0000-30d3-7876f6120000 pid=4854 execve guuid=bdd000ec-1900-0000-30d3-7876f8120000 pid=4856 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=bdd000ec-1900-0000-30d3-7876f8120000 pid=4856 execve guuid=297066ec-1900-0000-30d3-7876fa120000 pid=4858 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=297066ec-1900-0000-30d3-7876fa120000 pid=4858 execve guuid=8087afec-1900-0000-30d3-7876fc120000 pid=4860 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=8087afec-1900-0000-30d3-7876fc120000 pid=4860 execve guuid=96f844ef-1900-0000-30d3-787607130000 pid=4871 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=96f844ef-1900-0000-30d3-787607130000 pid=4871 execve guuid=4374c5f4-1900-0000-30d3-78761a130000 pid=4890 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=4374c5f4-1900-0000-30d3-78761a130000 pid=4890 execve guuid=1cc71cf5-1900-0000-30d3-78761c130000 pid=4892 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=1cc71cf5-1900-0000-30d3-78761c130000 pid=4892 execve guuid=f6697bf5-1900-0000-30d3-78761f130000 pid=4895 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=f6697bf5-1900-0000-30d3-78761f130000 pid=4895 execve guuid=eb0ec4f5-1900-0000-30d3-787621130000 pid=4897 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=eb0ec4f5-1900-0000-30d3-787621130000 pid=4897 execve guuid=eb0c21f8-1900-0000-30d3-78762d130000 pid=4909 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=eb0c21f8-1900-0000-30d3-78762d130000 pid=4909 execve guuid=27b4d8fb-1900-0000-30d3-78763d130000 pid=4925 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=27b4d8fb-1900-0000-30d3-78763d130000 pid=4925 execve guuid=afcd15fc-1900-0000-30d3-78763f130000 pid=4927 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=afcd15fc-1900-0000-30d3-78763f130000 pid=4927 execve guuid=ecc360fc-1900-0000-30d3-787641130000 pid=4929 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=ecc360fc-1900-0000-30d3-787641130000 pid=4929 execve guuid=eaec93fc-1900-0000-30d3-787643130000 pid=4931 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=eaec93fc-1900-0000-30d3-787643130000 pid=4931 execve guuid=44692aff-1900-0000-30d3-78764f130000 pid=4943 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=44692aff-1900-0000-30d3-78764f130000 pid=4943 execve guuid=89460403-1a00-0000-30d3-78765f130000 pid=4959 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=89460403-1a00-0000-30d3-78765f130000 pid=4959 execve guuid=33c45b03-1a00-0000-30d3-787661130000 pid=4961 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=33c45b03-1a00-0000-30d3-787661130000 pid=4961 execve guuid=40b8a203-1a00-0000-30d3-787663130000 pid=4963 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=40b8a203-1a00-0000-30d3-787663130000 pid=4963 execve guuid=0a9de603-1a00-0000-30d3-787666130000 pid=4966 /usr/bin/wget net send-data guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=0a9de603-1a00-0000-30d3-787666130000 pid=4966 execve guuid=26ccd106-1a00-0000-30d3-787672130000 pid=4978 /usr/bin/curl net send-data write-file guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=26ccd106-1a00-0000-30d3-787672130000 pid=4978 execve guuid=a3fa4d0a-1a00-0000-30d3-787682130000 pid=4994 /usr/bin/cat guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=a3fa4d0a-1a00-0000-30d3-787682130000 pid=4994 execve guuid=70c48e0a-1a00-0000-30d3-787684130000 pid=4996 /usr/bin/chmod guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=70c48e0a-1a00-0000-30d3-787684130000 pid=4996 execve guuid=29b2cd0a-1a00-0000-30d3-787686130000 pid=4998 /tmp/jailshit guuid=b6303477-1900-0000-30d3-787625110000 pid=4389->guuid=29b2cd0a-1a00-0000-30d3-787686130000 pid=4998 execve 8f5e0d56-3de0-5009-ab89-aa27594995ec 196.251.66.212:80 guuid=535c7f77-1900-0000-30d3-787627110000 pid=4391->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 143B guuid=bf27f67b-1900-0000-30d3-78763c110000 pid=4412->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 92B guuid=2208db85-1900-0000-30d3-78766c110000 pid=4460->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 144B guuid=7785ad88-1900-0000-30d3-787679110000 pid=4473->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 93B guuid=39f12d8d-1900-0000-30d3-78768c110000 pid=4492->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 144B guuid=2abb2890-1900-0000-30d3-787693110000 pid=4499->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 93B guuid=f0fc789e-1900-0000-30d3-7876a7110000 pid=4519->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 143B guuid=b60e6da1-1900-0000-30d3-7876ab110000 pid=4523->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 92B guuid=32fbd7a8-1900-0000-30d3-7876d0110000 pid=4560->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 144B guuid=92bb74ab-1900-0000-30d3-7876de110000 pid=4574->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 93B guuid=cafddeaf-1900-0000-30d3-7876f8110000 pid=4600->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 144B guuid=4733b9b2-1900-0000-30d3-78760a120000 pid=4618->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 93B guuid=d267d9b6-1900-0000-30d3-78761f120000 pid=4639->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 144B guuid=6c3dbdb9-1900-0000-30d3-787628120000 pid=4648->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 93B guuid=b61321bf-1900-0000-30d3-78763d120000 pid=4669->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 143B guuid=5888c9c2-1900-0000-30d3-78764c120000 pid=4684->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 92B guuid=096a40c8-1900-0000-30d3-787664120000 pid=4708->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 144B guuid=911b14cb-1900-0000-30d3-787673120000 pid=4723->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 93B guuid=cf5bf4d0-1900-0000-30d3-787693120000 pid=4755->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 143B guuid=1a922ad4-1900-0000-30d3-78769f120000 pid=4767->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 92B guuid=f37763d9-1900-0000-30d3-7876b1120000 pid=4785->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 143B guuid=c84ca3dd-1900-0000-30d3-7876be120000 pid=4798->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 92B guuid=a5bb13e4-1900-0000-30d3-7876d9120000 pid=4825->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 143B guuid=994592e7-1900-0000-30d3-7876e8120000 pid=4840->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 92B guuid=8087afec-1900-0000-30d3-7876fc120000 pid=4860->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 146B guuid=96f844ef-1900-0000-30d3-787607130000 pid=4871->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 95B guuid=eb0ec4f5-1900-0000-30d3-787621130000 pid=4897->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 144B guuid=eb0c21f8-1900-0000-30d3-78762d130000 pid=4909->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 93B guuid=eaec93fc-1900-0000-30d3-787643130000 pid=4931->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 144B guuid=44692aff-1900-0000-30d3-78764f130000 pid=4943->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 93B guuid=0a9de603-1a00-0000-30d3-787666130000 pid=4966->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 146B guuid=26ccd106-1a00-0000-30d3-787672130000 pid=4978->8f5e0d56-3de0-5009-ab89-aa27594995ec send: 95B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/9cadf4dcc03be8d8dd7d1aef31b4ceeafba92e7977886ee62b06d73c332bb432
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9cadf4dcc03be8d8dd7d1aef31b4ceeafba92e7977886ee62b06d73c332bb432/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-11-07 06:01:39 UTC
File Type:
Text (Shell)
AV detection:
19 of 38 (50.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tsw7jxgahpunrxl5dlxtdngo5l52sltzo6eg5zrla3ltymzlwqza._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251107-g7ve2ssjeq/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9cadf4dcc03be8d8dd7d1aef31b4ceeafba92e7977886ee62b06d73c332bb432

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 984bbe16d9d844722d748a482625ac7aee356c7be1ece9152ed6ec4c7ab5086f

sh 9cadf4dcc03be8d8dd7d1aef31b4ceeafba92e7977886ee62b06d73c332bb432

(this sample)

Mirai

elf 77286c34140dadff5747235e371dc228e94485476a0fd779ea1c05519e3d4649

Mirai

elf a3106e32fbe7536457b5f9c38efc523c03c7d7c3e4fc8b5f9c3f0782bd710efd

  
URLhaus
https://urlhaus.abuse.ch/url/3698628/
  
Delivery method
Distributed via web download
  
Dropped by
SHA256 984bbe16d9d844722d748a482625ac7aee356c7be1ece9152ed6ec4c7ab5086f
  
Dropped by
MD5 4d2f5070b14c20638c77a931da2be710
  
URLhaus
https://urlhaus.abuse.ch/url/3698627/
  
Dropping
MD5 f4c47a6f9ed2a9a6f615edaa7607137a
  
Dropping
SHA256 a3106e32fbe7536457b5f9c38efc523c03c7d7c3e4fc8b5f9c3f0782bd710efd

Comments