MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 acf3ee3fd34bb1c8d29664a35ea7cfc9d39bd5b678e980c57872e09ef0df0da1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: acf3ee3fd34bb1c8d29664a35ea7cfc9d39bd5b678e980c57872e09ef0df0da1
SHA3-384 hash: 22a3896549b42f81bfb03519497fa459e22358ca4d5aca354387e38bf04a0c2534e3a4c131151171a1025fdaf1d24591
SHA1 hash: 2dbdbdec4a59a18146819c0d9fe0d09e76e06e27
MD5 hash: a617d3cf354d4d2c7ea2295e11dcb127
humanhash: kansas-london-zulu-winter
File name:ccl
Download: download sample
File size:307 bytes
First seen:2026-05-22 23:28:10 UTC
Last seen:2026-05-23 01:35:40 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 6:h2K6PqhwQLy4IHphUOzNXsmIqwX5TCXD7m+bg6KNXYaF:4Psy4sphD1wX5GXDqiKiaF
TLSH T15DE0CD564973C0F64C194C60E0B33D14E21F643AEF3080246A0395736A8F10AB9694B4
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
2
# of downloads :
63
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.1801.24274.22419.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/6a10e69f861ee596e64780b3/reports/a939910c-c8b8-4eab-8032-bcbfc7222697/overview
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-05-22T20:36:00Z UTC
Last seen:
2026-05-23T19:00:00Z UTC
Hits:
~10
Detections:
Trojan-Downloader.Shell.Agent.bi
Link:
https://opentip.kaspersky.com/acf3ee3fd34bb1c8d29664a35ea7cfc9d39bd5b678e980c57872e09ef0df0da1/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/c472e916-2372-4321-b561-f6326cde7522
Behavior Graph:
Download SVG
%3 guuid=da5c5ed3-1600-0000-5921-b70ec10d0000 pid=3521 /usr/bin/sudo guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522 /tmp/sample.bin guuid=da5c5ed3-1600-0000-5921-b70ec10d0000 pid=3521->guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522 execve guuid=4f7a93d6-1600-0000-5921-b70ec40d0000 pid=3524 /usr/bin/cp guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=4f7a93d6-1600-0000-5921-b70ec40d0000 pid=3524 execve guuid=1355e9d7-1600-0000-5921-b70ec50d0000 pid=3525 /usr/bin/curl net send-data write-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=1355e9d7-1600-0000-5921-b70ec50d0000 pid=3525 execve guuid=ad10afed-1600-0000-5921-b70e080e0000 pid=3592 /usr/bin/chmod guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=ad10afed-1600-0000-5921-b70e080e0000 pid=3592 execve guuid=9870f4ed-1600-0000-5921-b70e090e0000 pid=3593 /usr/bin/dash guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=9870f4ed-1600-0000-5921-b70e090e0000 pid=3593 clone guuid=9e268eee-1600-0000-5921-b70e0d0e0000 pid=3597 /usr/bin/cp guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=9e268eee-1600-0000-5921-b70e0d0e0000 pid=3597 execve guuid=f3bceaee-1600-0000-5921-b70e0f0e0000 pid=3599 /usr/bin/curl net send-data write-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=f3bceaee-1600-0000-5921-b70e0f0e0000 pid=3599 execve guuid=019f9202-1700-0000-5921-b70e3c0e0000 pid=3644 /usr/bin/chmod guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=019f9202-1700-0000-5921-b70e3c0e0000 pid=3644 execve guuid=a245ea02-1700-0000-5921-b70e3e0e0000 pid=3646 /usr/bin/dash guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=a245ea02-1700-0000-5921-b70e3e0e0000 pid=3646 clone guuid=268bb003-1700-0000-5921-b70e420e0000 pid=3650 /usr/bin/cp guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=268bb003-1700-0000-5921-b70e420e0000 pid=3650 execve guuid=7be15b04-1700-0000-5921-b70e450e0000 pid=3653 /usr/bin/curl net send-data write-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=7be15b04-1700-0000-5921-b70e450e0000 pid=3653 execve guuid=a73e311b-1700-0000-5921-b70e780e0000 pid=3704 /usr/bin/chmod guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=a73e311b-1700-0000-5921-b70e780e0000 pid=3704 execve guuid=2640a21b-1700-0000-5921-b70e790e0000 pid=3705 /usr/bin/dash guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=2640a21b-1700-0000-5921-b70e790e0000 pid=3705 clone guuid=d665871c-1700-0000-5921-b70e7d0e0000 pid=3709 /usr/bin/cp guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=d665871c-1700-0000-5921-b70e7d0e0000 pid=3709 execve guuid=3b8f2d1d-1700-0000-5921-b70e820e0000 pid=3714 /usr/bin/curl net send-data write-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=3b8f2d1d-1700-0000-5921-b70e820e0000 pid=3714 execve guuid=b038a133-1700-0000-5921-b70ebc0e0000 pid=3772 /usr/bin/chmod guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=b038a133-1700-0000-5921-b70ebc0e0000 pid=3772 execve guuid=09c51234-1700-0000-5921-b70ebe0e0000 pid=3774 /usr/bin/dash guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=09c51234-1700-0000-5921-b70ebe0e0000 pid=3774 clone guuid=49990335-1700-0000-5921-b70ec10e0000 pid=3777 /usr/bin/cp guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=49990335-1700-0000-5921-b70ec10e0000 pid=3777 execve guuid=79fa8c35-1700-0000-5921-b70ec40e0000 pid=3780 /usr/bin/curl net send-data write-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=79fa8c35-1700-0000-5921-b70ec40e0000 pid=3780 execve guuid=06466a46-1700-0000-5921-b70e0c0f0000 pid=3852 /usr/bin/chmod guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=06466a46-1700-0000-5921-b70e0c0f0000 pid=3852 execve guuid=33fcb146-1700-0000-5921-b70e0e0f0000 pid=3854 /usr/bin/dash guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=33fcb146-1700-0000-5921-b70e0e0f0000 pid=3854 clone guuid=6cb43d47-1700-0000-5921-b70e130f0000 pid=3859 /usr/bin/cp guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=6cb43d47-1700-0000-5921-b70e130f0000 pid=3859 execve guuid=a084a347-1700-0000-5921-b70e170f0000 pid=3863 /usr/bin/curl net send-data write-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=a084a347-1700-0000-5921-b70e170f0000 pid=3863 execve guuid=8752605d-1700-0000-5921-b70e720f0000 pid=3954 /usr/bin/chmod guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=8752605d-1700-0000-5921-b70e720f0000 pid=3954 execve guuid=91e4b65d-1700-0000-5921-b70e760f0000 pid=3958 /usr/bin/dash guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=91e4b65d-1700-0000-5921-b70e760f0000 pid=3958 clone guuid=7aa9455e-1700-0000-5921-b70e790f0000 pid=3961 /usr/bin/cp guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=7aa9455e-1700-0000-5921-b70e790f0000 pid=3961 execve guuid=4429aa5e-1700-0000-5921-b70e7b0f0000 pid=3963 /usr/bin/curl net send-data write-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=4429aa5e-1700-0000-5921-b70e7b0f0000 pid=3963 execve guuid=75a7c876-1700-0000-5921-b70ebe0f0000 pid=4030 /usr/bin/chmod guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=75a7c876-1700-0000-5921-b70ebe0f0000 pid=4030 execve guuid=a3942e77-1700-0000-5921-b70ec00f0000 pid=4032 /usr/bin/dash guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=a3942e77-1700-0000-5921-b70ec00f0000 pid=4032 clone guuid=a56df977-1700-0000-5921-b70ec30f0000 pid=4035 /usr/bin/cp guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=a56df977-1700-0000-5921-b70ec30f0000 pid=4035 execve guuid=6de6ba78-1700-0000-5921-b70ec90f0000 pid=4041 /usr/bin/curl net send-data write-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=6de6ba78-1700-0000-5921-b70ec90f0000 pid=4041 execve guuid=6193128a-1700-0000-5921-b70efb0f0000 pid=4091 /usr/bin/chmod guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=6193128a-1700-0000-5921-b70efb0f0000 pid=4091 execve guuid=04167a8a-1700-0000-5921-b70efe0f0000 pid=4094 /usr/bin/dash guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=04167a8a-1700-0000-5921-b70efe0f0000 pid=4094 clone guuid=24a4448b-1700-0000-5921-b70e03100000 pid=4099 /usr/bin/cp guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=24a4448b-1700-0000-5921-b70e03100000 pid=4099 execve guuid=2aeac08b-1700-0000-5921-b70e05100000 pid=4101 /usr/bin/curl net send-data write-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=2aeac08b-1700-0000-5921-b70e05100000 pid=4101 execve guuid=4ddd6e9c-1700-0000-5921-b70e38100000 pid=4152 /usr/bin/chmod guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=4ddd6e9c-1700-0000-5921-b70e38100000 pid=4152 execve guuid=81e3be9c-1700-0000-5921-b70e3c100000 pid=4156 /usr/bin/dash guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=81e3be9c-1700-0000-5921-b70e3c100000 pid=4156 clone guuid=6d83669d-1700-0000-5921-b70e41100000 pid=4161 /usr/bin/cp guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=6d83669d-1700-0000-5921-b70e41100000 pid=4161 execve guuid=b013c99d-1700-0000-5921-b70e43100000 pid=4163 /usr/bin/curl net send-data write-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=b013c99d-1700-0000-5921-b70e43100000 pid=4163 execve guuid=13e4c1a9-1700-0000-5921-b70e70100000 pid=4208 /usr/bin/chmod guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=13e4c1a9-1700-0000-5921-b70e70100000 pid=4208 execve guuid=2842ffa9-1700-0000-5921-b70e73100000 pid=4211 /home/sandbox/gbhnj.x86_64 guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=2842ffa9-1700-0000-5921-b70e73100000 pid=4211 execve guuid=52372daa-1700-0000-5921-b70e74100000 pid=4212 /usr/bin/rm delete-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=52372daa-1700-0000-5921-b70e74100000 pid=4212 execve guuid=107265aa-1700-0000-5921-b70e78100000 pid=4216 /usr/bin/rm delete-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=107265aa-1700-0000-5921-b70e78100000 pid=4216 execve guuid=e6e99eaa-1700-0000-5921-b70e7a100000 pid=4218 /usr/bin/rm delete-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=e6e99eaa-1700-0000-5921-b70e7a100000 pid=4218 execve guuid=ec42d9aa-1700-0000-5921-b70e7c100000 pid=4220 /usr/bin/rm delete-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=ec42d9aa-1700-0000-5921-b70e7c100000 pid=4220 execve guuid=62f01bab-1700-0000-5921-b70e7e100000 pid=4222 /usr/bin/rm delete-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=62f01bab-1700-0000-5921-b70e7e100000 pid=4222 execve guuid=62b55bab-1700-0000-5921-b70e80100000 pid=4224 /usr/bin/rm delete-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=62b55bab-1700-0000-5921-b70e80100000 pid=4224 execve guuid=90eb9cab-1700-0000-5921-b70e82100000 pid=4226 /usr/bin/rm delete-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=90eb9cab-1700-0000-5921-b70e82100000 pid=4226 execve guuid=84f9dbab-1700-0000-5921-b70e84100000 pid=4228 /usr/bin/rm delete-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=84f9dbab-1700-0000-5921-b70e84100000 pid=4228 execve guuid=c9b042ac-1700-0000-5921-b70e86100000 pid=4230 /usr/bin/rm delete-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=c9b042ac-1700-0000-5921-b70e86100000 pid=4230 execve guuid=eb5eddac-1700-0000-5921-b70e8b100000 pid=4235 /usr/bin/rm delete-file guuid=bec353d6-1600-0000-5921-b70ec20d0000 pid=3522->guuid=eb5eddac-1700-0000-5921-b70e8b100000 pid=4235 execve 7f9d5d61-c39d-58fe-965b-ede1f12734e8 85.239.151.41:80 guuid=1355e9d7-1600-0000-5921-b70ec50d0000 pid=3525->7f9d5d61-c39d-58fe-965b-ede1f12734e8 send: 86B guuid=f3bceaee-1600-0000-5921-b70e0f0e0000 pid=3599->7f9d5d61-c39d-58fe-965b-ede1f12734e8 send: 87B guuid=7be15b04-1700-0000-5921-b70e450e0000 pid=3653->7f9d5d61-c39d-58fe-965b-ede1f12734e8 send: 87B guuid=3b8f2d1d-1700-0000-5921-b70e820e0000 pid=3714->7f9d5d61-c39d-58fe-965b-ede1f12734e8 send: 87B guuid=79fa8c35-1700-0000-5921-b70ec40e0000 pid=3780->7f9d5d61-c39d-58fe-965b-ede1f12734e8 send: 87B guuid=a084a347-1700-0000-5921-b70e170f0000 pid=3863->7f9d5d61-c39d-58fe-965b-ede1f12734e8 send: 87B guuid=4429aa5e-1700-0000-5921-b70e7b0f0000 pid=3963->7f9d5d61-c39d-58fe-965b-ede1f12734e8 send: 87B guuid=6de6ba78-1700-0000-5921-b70ec90f0000 pid=4041->7f9d5d61-c39d-58fe-965b-ede1f12734e8 send: 86B guuid=2aeac08b-1700-0000-5921-b70e05100000 pid=4101->7f9d5d61-c39d-58fe-965b-ede1f12734e8 send: 86B guuid=b013c99d-1700-0000-5921-b70e43100000 pid=4163->7f9d5d61-c39d-58fe-965b-ede1f12734e8 send: 89B
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/acf3ee3fd34bb1c8d29664a35ea7cfc9d39bd5b678e980c57872e09ef0df0da1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/acf3ee3fd34bb1c8d29664a35ea7cfc9d39bd5b678e980c57872e09ef0df0da1/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/acf3ee3fd34bb1c8d29664a35ea7cfc9d39bd5b678e980c57872e09ef0df0da1
Threat name:
Linux.Downloader.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2026-05-22 23:28:35 UTC
File Type:
Text (Shell)
AV detection:
12 of 38 (31.58%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vtz64p6tjoy4ruuwmsrv5j6pzhjzxvnwpduybrlyolqj54g7bwqq._file
Result
Malware family:
n/a
Score:
  9/10
Tags:
antivm credential_access defense_evasion discovery linux
Link:
https://tria.ge/reports/260522-3f8dgsgs9j/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads process memory
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (112999) amount of remote hosts
Creates a large amount of network flows
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/acf3ee3fd34b/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.11
Link:
https://yomi.yoroi.company/submissions/acf3ee3fd34bb1c8d29664a35ea7cfc9d39bd5b678e980c57872e09ef0df0da1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh acf3ee3fd34bb1c8d29664a35ea7cfc9d39bd5b678e980c57872e09ef0df0da1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3842285/
  
Delivery method
Distributed via web download

Comments