MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa8fdbdea3e110fd3e9d1255e2d7acbd5239175adb2db35a099391a4a988adb6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments 1

SHA256 hash:	aa8fdbdea3e110fd3e9d1255e2d7acbd5239175adb2db35a099391a4a988adb6
SHA3-384 hash:	f03b364c62ab606511542308b4f2b510fa6da0ad4da02f8eb0bd3044d021c6b06c98b80e5c85d5591e3b197a59b155c7
SHA1 hash:	85db10cdd4c6bac108db633d8f09e1dd09a6a270
MD5 hash:	76f21ed0577f7a1ed0bf28a543a623ec
humanhash:	mobile-saturn-echo-muppet
File name:	aa8fdbdea3e110fd3e9d1255e2d7acbd5239175adb2db35a099391a4a988adb6
Download:	download sample
File size:	27'367 bytes
First seen:	2026-02-21 06:05:45 UTC
Last seen:	Never
File type:
MIME type:	text/x-perl
ssdeep	384:4JjsevQ4rDp2q7wuGNqkQ2fy4U+07kL3lT:4lsevQ4rDp2q7hGNqzZo0oL3N
TLSH	T14FC2964929E3891272BBF0765BDEA019776F81C7470CCE147D6C829AAF90039D1F8AC8
TrID	50.0% (.) Unix-like shebang (var.1) (gen) (7000/1) 28.5% (.PL) Perl script (4000/1/1) 21.4% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	perl
Reporter	Skynet11
Tags:	pl

Intelligence

File Origin

# of uploads :

1

# of downloads :

91

Origin country :

AU

Vendor Threat Intelligence

No detections

Detection(s):

{HEX}perl.ircbot.UberCracker.152.UNOFFICIAL

{HEX}perl.ircbot.xdh.154.UNOFFICIAL

{HEX}perl.ircbot.putr4XtReme.127.UNOFFICIAL

{HEX}perl.ircbot.pitbull.124.UNOFFICIAL

{HEX}perl.ircbot.KcB.103.UNOFFICIAL

Sanesecurity.Malware.22767.Bot.UNOFFICIAL

Win.Trojan.Perl-35

Verdict:

Malicious

Score:

99.1%

Link:

https://cyber-fortress.com/docs/result/index.php?id=69994e2f8fffa866e3b00a8clinux22vpnfull_triage

Tags:

shellbot virus

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

perlbot shellbot shellshock

Link:

https://www.filescan.io/uploads/69994e2897feb4afd65043a3/reports/ae1ff919-5e33-4593-9fdb-e25db2d03325/overview

Verdict:

Malicious

Labled as:

Backdoor.Perl.Shellbot

Link:

https://www.hybrid-analysis.com/sample/aa8fdbdea3e110fd3e9d1255e2d7acbd5239175adb2db35a099391a4a988adb6

Result

Gathering data

Score:

99%

Verdict:

Malware

File Type:

SCRIPT

Link:

https://malprob.io/report/aa8fdbdea3e110fd3e9d1255e2d7acbd5239175adb2db35a099391a4a988adb6

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/aa8fdbdea3e110fd3e9d1255e2d7acbd5239175adb2db35a099391a4a988adb6/

Verdict:

Malicious

Threat:

Backdoor.Perl.IRCBot

Link:

https://tip.neiki.dev/file/aa8fdbdea3e110fd3e9d1255e2d7acbd5239175adb2db35a099391a4a988adb6

Gathering data

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=vkh5xxvd4eip2pu5cjk6fv5mxvjdsf223mw3gwqjsoi2jkmivw3a._file

Result

Malware family:

n/a

Score:

4/10

Tags:

discovery linux

Link:

https://tria.ge/reports/260221-g2p85sbw3e/

Behaviour

System Network Configuration Discovery

Changes its process name

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.95

Link:

https://yomi.yoroi.company/submissions/aa8fdbdea3e110fd3e9d1255e2d7acbd5239175adb2db35a099391a4a988adb6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

aa8fdbdea3e110fd3e9d1255e2d7acbd5239175adb2db35a099391a4a988adb6

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3782134/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

commented on 2026-02-21 06:08:40 UTC

wget -O /home/ubuntu/captured_binaries/elox3 http://80.94.92.89/elox3