MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b17eeecbaf37d56aaa2ea01f57a214cca6a42ccd8efc3c7cc8033418ce06b97f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 9


Intelligence 9 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b17eeecbaf37d56aaa2ea01f57a214cca6a42ccd8efc3c7cc8033418ce06b97f
SHA3-384 hash: daff6410c6f288a4ffa508d4371fb03055c79ec22ae2d7c6530bdb8f772e669c90e400b14166d0926bba49c9256ba259
SHA1 hash: 7de674fe81868f0d90e83adf4dd0adae988a48e3
MD5 hash: c87c29edca1a82e09b16604a8b157d7d
humanhash: sodium-black-speaker-utah
File name:dvr.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'392 bytes
First seen:2025-12-21 09:31:59 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:v0ks1ks7IjksQks7ksQkspksFBLksaksbksOkscfksTksHksZksR:v1sCsvs5sAs5sOsMsLsgsXszs4sEs+sR
TLSH T18D61848A1115E7392E67C72273B745D972E0E1EAA1C39E4760C878F3A44CD4364A1EDB
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://91.92.243.68/Fantazy/Fantazy.x86165e9ae4a6cb930e7560a3e88063642a1e5c356cbd6be7d6545ab1d50f7c1a0b Miraielf geofenced mirai ua-wget USA x86
http://91.92.243.68/Fantazy/Fantazy.mips0f6b0327fb3d814eab9fb2a7674195a381936da4e4c4dcad7f42553d37dc0b28 Miraielf geofenced mips mirai ua-wget USA
http://91.92.243.68/Fantazy/Fantazy.mpslf43e3602afc7424afe5aa04e34f5a6603a220696cf9954afc849bd16d17fe54a Miraielf geofenced mips mirai ua-wget USA
http://91.92.243.68/Fantazy/Fantazy.armn/an/aelf ua-wget
http://91.92.243.68/Fantazy/Fantazy.arm5ecc57dad5f28e2f8b0cb3182917d3e985894130c8ad4f640f28dad25a3dd8ccb Miraiarm elf geofenced mirai ua-wget USA
http://91.92.243.68/Fantazy/Fantazy.arm69b51caf8e94f32dab03ffef1c66022182ce2876bd1ce474721f52c3f336e03fc Miraiarm elf geofenced mirai ua-wget USA
http://91.92.243.68/Fantazy/Fantazy.arm7d0e69826172390416075ecef3feb17d339b41888896f3868f3d206da1a26bf85 Miraiarm elf geofenced mirai ua-wget USA
http://91.92.243.68/Fantazy/Fantazy.ppcdc9650fb46972e8461b462ed2e2c9ce6e90157c15743f63f1e977459a7b5bad9 Miraielf geofenced mirai PowerPC ua-wget USA
http://91.92.243.68/Fantazy/Fantazy.m68kde368b33b9e3f721e2f25faa827ab02ad9e834d8e79a5c032bc8230b9e1175a1 Miraielf geofenced m68k mirai ua-wget USA
http://91.92.243.68/Fantazy/Fantazy.sh49e794fdbae88d594f54e5b2c4d568e2d552e14063cb66963b21f78504a248434 Miraielf geofenced mirai SuperH ua-wget USA
http://91.92.243.68/Fantazy/Fantazy.spcaab2354eb4373b0b6ac3b4ffbd9fcace62ec787b473f231f55976594757cbdf5 Miraielf geofenced mirai sparc ua-wget USA
http://91.92.243.68/Fantazy/Fantazy.arcf77b502820be9ed053e789187999efaa986ea391fa4124e765c59f821b32fa7c Miraiarc elf geofenced mirai ua-wget USA
http://91.92.243.68/Fantazy/Fantazy.x86_648e40e40a596baaa7a901898832a4508f9b0f7ca527ce42fabd80ce01cf8452de Miraielf geofenced mirai ua-wget USA x86
http://91.92.243.68/Fantazy/Fantazy.i68698ad2cadc594e95381fb98f514b2fcd6d64f6c69e45567438e279cb19d295d8b Miraielf geofenced mirai ua-wget USA x86
http://91.92.243.68/Fantazy/Fantazy.i4861f2ef3d8b5617798a2edf449e1da32ebe50de3a9f5d72d092a790ffe97c4d983 Miraielf geofenced mirai ua-wget USA x86
http://91.92.243.68/Fantazy/Fantazy.i586n/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
42
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2025-12-21T07:14:00Z UTC
Last seen:
2025-12-22T17:07:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/b17eeecbaf37d56aaa2ea01f57a214cca6a42ccd8efc3c7cc8033418ce06b97f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b03469b6-e838-485f-9e3a-3d85516ecf88
Behavior Graph:
Download SVG
%3 guuid=f74dc9d1-1e00-0000-4d58-b105760b0000 pid=2934 /usr/bin/sudo guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939 /tmp/sample.bin guuid=f74dc9d1-1e00-0000-4d58-b105760b0000 pid=2934->guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939 execve guuid=3f0911d6-1e00-0000-4d58-b1057d0b0000 pid=2941 /usr/bin/wget net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=3f0911d6-1e00-0000-4d58-b1057d0b0000 pid=2941 execve guuid=d7cea2e6-1e00-0000-4d58-b105970b0000 pid=2967 /usr/bin/curl net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=d7cea2e6-1e00-0000-4d58-b105970b0000 pid=2967 execve guuid=0a9261f9-1e00-0000-4d58-b105c10b0000 pid=3009 /usr/bin/cat guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=0a9261f9-1e00-0000-4d58-b105c10b0000 pid=3009 execve guuid=c95103fa-1e00-0000-4d58-b105c20b0000 pid=3010 /usr/bin/chmod guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=c95103fa-1e00-0000-4d58-b105c20b0000 pid=3010 execve guuid=be197cfa-1e00-0000-4d58-b105c40b0000 pid=3012 /tmp/F2NT2ZY net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=be197cfa-1e00-0000-4d58-b105c40b0000 pid=3012 execve guuid=6116d1fa-1e00-0000-4d58-b105c80b0000 pid=3016 /usr/bin/wget net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=6116d1fa-1e00-0000-4d58-b105c80b0000 pid=3016 execve guuid=e8496a0b-1f00-0000-4d58-b105f30b0000 pid=3059 /usr/bin/curl net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=e8496a0b-1f00-0000-4d58-b105f30b0000 pid=3059 execve guuid=fd7bc81c-1f00-0000-4d58-b1051b0c0000 pid=3099 /usr/bin/bash guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=fd7bc81c-1f00-0000-4d58-b1051b0c0000 pid=3099 clone guuid=cca5f21c-1f00-0000-4d58-b1051d0c0000 pid=3101 /usr/bin/chmod guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=cca5f21c-1f00-0000-4d58-b1051d0c0000 pid=3101 execve guuid=0194441d-1f00-0000-4d58-b1051f0c0000 pid=3103 /tmp/F2NT2ZY net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=0194441d-1f00-0000-4d58-b1051f0c0000 pid=3103 execve guuid=a306864f-2000-0000-4d58-b105430e0000 pid=3651 /usr/bin/wget net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=a306864f-2000-0000-4d58-b105430e0000 pid=3651 execve guuid=01c91160-2000-0000-4d58-b105690e0000 pid=3689 /usr/bin/curl net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=01c91160-2000-0000-4d58-b105690e0000 pid=3689 execve guuid=b7322774-2000-0000-4d58-b1057d0e0000 pid=3709 /usr/bin/bash guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=b7322774-2000-0000-4d58-b1057d0e0000 pid=3709 clone guuid=da304d74-2000-0000-4d58-b1057e0e0000 pid=3710 /usr/bin/chmod guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=da304d74-2000-0000-4d58-b1057e0e0000 pid=3710 execve guuid=82749774-2000-0000-4d58-b105800e0000 pid=3712 /tmp/F2NT2ZY net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=82749774-2000-0000-4d58-b105800e0000 pid=3712 execve guuid=f88f1ea7-2100-0000-4d58-b10596120000 pid=4758 /usr/bin/wget net send-data guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=f88f1ea7-2100-0000-4d58-b10596120000 pid=4758 execve guuid=778288af-2100-0000-4d58-b105a3120000 pid=4771 /usr/bin/curl net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=778288af-2100-0000-4d58-b105a3120000 pid=4771 execve guuid=1de858bb-2100-0000-4d58-b105c0120000 pid=4800 /usr/bin/bash guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=1de858bb-2100-0000-4d58-b105c0120000 pid=4800 clone guuid=76f371bb-2100-0000-4d58-b105c1120000 pid=4801 /usr/bin/chmod guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=76f371bb-2100-0000-4d58-b105c1120000 pid=4801 execve guuid=d3d6bcbb-2100-0000-4d58-b105c3120000 pid=4803 /tmp/F2NT2ZY net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=d3d6bcbb-2100-0000-4d58-b105c3120000 pid=4803 execve guuid=92d651f4-2200-0000-4d58-b10597140000 pid=5271 /usr/bin/wget net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=92d651f4-2200-0000-4d58-b10597140000 pid=5271 execve guuid=fea23d04-2300-0000-4d58-b1059a140000 pid=5274 /usr/bin/curl net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=fea23d04-2300-0000-4d58-b1059a140000 pid=5274 execve guuid=d46a5414-2300-0000-4d58-b1059b140000 pid=5275 /usr/bin/bash guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=d46a5414-2300-0000-4d58-b1059b140000 pid=5275 clone guuid=f8627114-2300-0000-4d58-b1059c140000 pid=5276 /usr/bin/chmod guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=f8627114-2300-0000-4d58-b1059c140000 pid=5276 execve guuid=45eacb14-2300-0000-4d58-b1059d140000 pid=5277 /tmp/F2NT2ZY net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=45eacb14-2300-0000-4d58-b1059d140000 pid=5277 execve guuid=4294284b-2400-0000-4d58-b105a7140000 pid=5287 /usr/bin/wget net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=4294284b-2400-0000-4d58-b105a7140000 pid=5287 execve guuid=79a5b558-2400-0000-4d58-b105ab140000 pid=5291 /usr/bin/curl net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=79a5b558-2400-0000-4d58-b105ab140000 pid=5291 execve guuid=34100d68-2400-0000-4d58-b105ac140000 pid=5292 /usr/bin/bash guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=34100d68-2400-0000-4d58-b105ac140000 pid=5292 clone guuid=17262968-2400-0000-4d58-b105ad140000 pid=5293 /usr/bin/chmod guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=17262968-2400-0000-4d58-b105ad140000 pid=5293 execve guuid=39f36e68-2400-0000-4d58-b105ae140000 pid=5294 /tmp/F2NT2ZY net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=39f36e68-2400-0000-4d58-b105ae140000 pid=5294 execve guuid=51f2759f-2500-0000-4d58-b105d3140000 pid=5331 /usr/bin/wget net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=51f2759f-2500-0000-4d58-b105d3140000 pid=5331 execve guuid=13988baf-2500-0000-4d58-b105d5140000 pid=5333 /usr/bin/curl net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=13988baf-2500-0000-4d58-b105d5140000 pid=5333 execve guuid=ccb531c0-2500-0000-4d58-b105d6140000 pid=5334 /usr/bin/bash guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=ccb531c0-2500-0000-4d58-b105d6140000 pid=5334 clone guuid=233855c0-2500-0000-4d58-b105d7140000 pid=5335 /usr/bin/chmod guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=233855c0-2500-0000-4d58-b105d7140000 pid=5335 execve guuid=c8cd9cc0-2500-0000-4d58-b105d8140000 pid=5336 /tmp/F2NT2ZY net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=c8cd9cc0-2500-0000-4d58-b105d8140000 pid=5336 execve guuid=956165f9-2600-0000-4d58-b105dc140000 pid=5340 /usr/bin/wget net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=956165f9-2600-0000-4d58-b105dc140000 pid=5340 execve guuid=f8cc4007-2700-0000-4d58-b105df140000 pid=5343 /usr/bin/curl net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=f8cc4007-2700-0000-4d58-b105df140000 pid=5343 execve guuid=6e0e8816-2700-0000-4d58-b105e0140000 pid=5344 /usr/bin/bash guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=6e0e8816-2700-0000-4d58-b105e0140000 pid=5344 clone guuid=fbf0a416-2700-0000-4d58-b105e1140000 pid=5345 /usr/bin/chmod guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=fbf0a416-2700-0000-4d58-b105e1140000 pid=5345 execve guuid=ba02f016-2700-0000-4d58-b105e2140000 pid=5346 /tmp/F2NT2ZY net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=ba02f016-2700-0000-4d58-b105e2140000 pid=5346 execve guuid=08bcb651-2800-0000-4d58-b105e6140000 pid=5350 /usr/bin/wget net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=08bcb651-2800-0000-4d58-b105e6140000 pid=5350 execve guuid=8dc5c062-2800-0000-4d58-b105e9140000 pid=5353 /usr/bin/curl net send-data write-file guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=8dc5c062-2800-0000-4d58-b105e9140000 pid=5353 execve guuid=72906b72-2800-0000-4d58-b105ea140000 pid=5354 /usr/bin/bash guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=72906b72-2800-0000-4d58-b105ea140000 pid=5354 clone guuid=fad3ab72-2800-0000-4d58-b105eb140000 pid=5355 /usr/bin/chmod guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=fad3ab72-2800-0000-4d58-b105eb140000 pid=5355 execve guuid=772a5573-2800-0000-4d58-b105ec140000 pid=5356 /tmp/F2NT2ZY net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=772a5573-2800-0000-4d58-b105ec140000 pid=5356 execve guuid=117e96b0-2900-0000-4d58-b105ef140000 pid=5359 /usr/bin/wget net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=117e96b0-2900-0000-4d58-b105ef140000 pid=5359 execve guuid=69d082b1-2900-0000-4d58-b105f3140000 pid=5363 /usr/bin/curl net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=69d082b1-2900-0000-4d58-b105f3140000 pid=5363 execve guuid=b17b89b4-2900-0000-4d58-b105f4140000 pid=5364 /usr/bin/bash guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=b17b89b4-2900-0000-4d58-b105f4140000 pid=5364 clone guuid=fe12a6b4-2900-0000-4d58-b105f5140000 pid=5365 /usr/bin/chmod guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=fe12a6b4-2900-0000-4d58-b105f5140000 pid=5365 execve guuid=28ece5b4-2900-0000-4d58-b105f6140000 pid=5366 /tmp/F2NT2ZY net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=28ece5b4-2900-0000-4d58-b105f6140000 pid=5366 execve guuid=32f309f2-2a00-0000-4d58-b105fb140000 pid=5371 /usr/bin/wget net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=32f309f2-2a00-0000-4d58-b105fb140000 pid=5371 execve guuid=32d0e6f2-2a00-0000-4d58-b105fd140000 pid=5373 /usr/bin/curl net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=32d0e6f2-2a00-0000-4d58-b105fd140000 pid=5373 execve guuid=d4f1caf4-2a00-0000-4d58-b105fe140000 pid=5374 /usr/bin/bash guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=d4f1caf4-2a00-0000-4d58-b105fe140000 pid=5374 clone guuid=8aa9e8f4-2a00-0000-4d58-b105ff140000 pid=5375 /usr/bin/chmod guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=8aa9e8f4-2a00-0000-4d58-b105ff140000 pid=5375 execve guuid=21c654f5-2a00-0000-4d58-b10500150000 pid=5376 /tmp/F2NT2ZY net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=21c654f5-2a00-0000-4d58-b10500150000 pid=5376 execve guuid=27566232-2c00-0000-4d58-b10506150000 pid=5382 /usr/bin/wget net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=27566232-2c00-0000-4d58-b10506150000 pid=5382 execve guuid=014bcc33-2c00-0000-4d58-b10507150000 pid=5383 /usr/bin/curl net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=014bcc33-2c00-0000-4d58-b10507150000 pid=5383 execve guuid=52812b36-2c00-0000-4d58-b10508150000 pid=5384 /usr/bin/bash guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=52812b36-2c00-0000-4d58-b10508150000 pid=5384 clone guuid=f8b64536-2c00-0000-4d58-b10509150000 pid=5385 /usr/bin/chmod guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=f8b64536-2c00-0000-4d58-b10509150000 pid=5385 execve guuid=b0353a59-2c00-0000-4d58-b1050a150000 pid=5386 /tmp/F2NT2ZY net guuid=9b6da8d5-1e00-0000-4d58-b1057b0b0000 pid=2939->guuid=b0353a59-2c00-0000-4d58-b1050a150000 pid=5386 execve 0019fe1c-758c-5273-830a-1cc9dac5b043 91.92.243.68:80 guuid=3f0911d6-1e00-0000-4d58-b1057d0b0000 pid=2941->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 146B guuid=d7cea2e6-1e00-0000-4d58-b105970b0000 pid=2967->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 95B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=be197cfa-1e00-0000-4d58-b105c40b0000 pid=3012->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8f6eb8fa-1e00-0000-4d58-b105c60b0000 pid=3014 /tmp/F2NT2ZY guuid=be197cfa-1e00-0000-4d58-b105c40b0000 pid=3012->guuid=8f6eb8fa-1e00-0000-4d58-b105c60b0000 pid=3014 clone guuid=ccfebdfa-1e00-0000-4d58-b105c70b0000 pid=3015 /tmp/F2NT2ZY net send-data zombie guuid=be197cfa-1e00-0000-4d58-b105c40b0000 pid=3012->guuid=ccfebdfa-1e00-0000-4d58-b105c70b0000 pid=3015 clone guuid=ccfebdfa-1e00-0000-4d58-b105c70b0000 pid=3015->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 78e3738d-7262-5540-8dc6-5596f84d4d72 91.92.243.68:63645 guuid=ccfebdfa-1e00-0000-4d58-b105c70b0000 pid=3015->78e3738d-7262-5540-8dc6-5596f84d4d72 send: 14B guuid=fc57d5fa-1e00-0000-4d58-b105c90b0000 pid=3017 /tmp/F2NT2ZY guuid=ccfebdfa-1e00-0000-4d58-b105c70b0000 pid=3015->guuid=fc57d5fa-1e00-0000-4d58-b105c90b0000 pid=3017 clone guuid=d1bddbfa-1e00-0000-4d58-b105ca0b0000 pid=3018 /tmp/F2NT2ZY guuid=ccfebdfa-1e00-0000-4d58-b105c70b0000 pid=3015->guuid=d1bddbfa-1e00-0000-4d58-b105ca0b0000 pid=3018 clone guuid=5fd7e0fa-1e00-0000-4d58-b105cb0b0000 pid=3019 /tmp/F2NT2ZY net net-scan send-data guuid=ccfebdfa-1e00-0000-4d58-b105c70b0000 pid=3015->guuid=5fd7e0fa-1e00-0000-4d58-b105cb0b0000 pid=3019 clone guuid=6116d1fa-1e00-0000-4d58-b105c80b0000 pid=3016->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 147B guuid=5fd7e0fa-1e00-0000-4d58-b105cb0b0000 pid=3019->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5fd7e0fa-1e00-0000-4d58-b105cb0b0000 pid=3019|send-data send-data to 160 IP addresses review logs to see them all guuid=5fd7e0fa-1e00-0000-4d58-b105cb0b0000 pid=3019->guuid=5fd7e0fa-1e00-0000-4d58-b105cb0b0000 pid=3019|send-data send guuid=e8496a0b-1f00-0000-4d58-b105f30b0000 pid=3059->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 96B guuid=0194441d-1f00-0000-4d58-b1051f0c0000 pid=3103->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 349af0aa-1d52-5b54-ab86-2f426b84e968 0.0.0.0:59025 guuid=0194441d-1f00-0000-4d58-b1051f0c0000 pid=3103->349af0aa-1d52-5b54-ab86-2f426b84e968 con guuid=59966d4f-2000-0000-4d58-b1053e0e0000 pid=3646 /tmp/F2NT2ZY guuid=0194441d-1f00-0000-4d58-b1051f0c0000 pid=3103->guuid=59966d4f-2000-0000-4d58-b1053e0e0000 pid=3646 clone guuid=fa1f724f-2000-0000-4d58-b105400e0000 pid=3648 /tmp/F2NT2ZY net send-data zombie guuid=0194441d-1f00-0000-4d58-b1051f0c0000 pid=3103->guuid=fa1f724f-2000-0000-4d58-b105400e0000 pid=3648 clone guuid=fa1f724f-2000-0000-4d58-b105400e0000 pid=3648->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=fa1f724f-2000-0000-4d58-b105400e0000 pid=3648->78e3738d-7262-5540-8dc6-5596f84d4d72 send: 14B guuid=03d77f4f-2000-0000-4d58-b105410e0000 pid=3649 /tmp/F2NT2ZY guuid=fa1f724f-2000-0000-4d58-b105400e0000 pid=3648->guuid=03d77f4f-2000-0000-4d58-b105410e0000 pid=3649 clone guuid=c6f2834f-2000-0000-4d58-b105420e0000 pid=3650 /tmp/F2NT2ZY guuid=fa1f724f-2000-0000-4d58-b105400e0000 pid=3648->guuid=c6f2834f-2000-0000-4d58-b105420e0000 pid=3650 clone guuid=faec874f-2000-0000-4d58-b105440e0000 pid=3652 /tmp/F2NT2ZY net net-scan send-data guuid=fa1f724f-2000-0000-4d58-b105400e0000 pid=3648->guuid=faec874f-2000-0000-4d58-b105440e0000 pid=3652 clone guuid=a306864f-2000-0000-4d58-b105430e0000 pid=3651->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 147B guuid=faec874f-2000-0000-4d58-b105440e0000 pid=3652->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=faec874f-2000-0000-4d58-b105440e0000 pid=3652|send-data send-data to 160 IP addresses review logs to see them all guuid=faec874f-2000-0000-4d58-b105440e0000 pid=3652->guuid=faec874f-2000-0000-4d58-b105440e0000 pid=3652|send-data send guuid=01c91160-2000-0000-4d58-b105690e0000 pid=3689->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 96B guuid=82749774-2000-0000-4d58-b105800e0000 pid=3712->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=82749774-2000-0000-4d58-b105800e0000 pid=3712->349af0aa-1d52-5b54-ab86-2f426b84e968 con guuid=eca103a7-2100-0000-4d58-b10592120000 pid=4754 /tmp/F2NT2ZY guuid=82749774-2000-0000-4d58-b105800e0000 pid=3712->guuid=eca103a7-2100-0000-4d58-b10592120000 pid=4754 clone guuid=2c880aa7-2100-0000-4d58-b10594120000 pid=4756 /tmp/F2NT2ZY net send-data zombie guuid=82749774-2000-0000-4d58-b105800e0000 pid=3712->guuid=2c880aa7-2100-0000-4d58-b10594120000 pid=4756 clone guuid=2c880aa7-2100-0000-4d58-b10594120000 pid=4756->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2c880aa7-2100-0000-4d58-b10594120000 pid=4756->78e3738d-7262-5540-8dc6-5596f84d4d72 send: 14B guuid=976a1aa7-2100-0000-4d58-b10595120000 pid=4757 /tmp/F2NT2ZY guuid=2c880aa7-2100-0000-4d58-b10594120000 pid=4756->guuid=976a1aa7-2100-0000-4d58-b10595120000 pid=4757 clone guuid=4ec021a7-2100-0000-4d58-b10597120000 pid=4759 /tmp/F2NT2ZY guuid=2c880aa7-2100-0000-4d58-b10594120000 pid=4756->guuid=4ec021a7-2100-0000-4d58-b10597120000 pid=4759 clone guuid=6c0926a7-2100-0000-4d58-b10598120000 pid=4760 /tmp/F2NT2ZY net net-scan send-data guuid=2c880aa7-2100-0000-4d58-b10594120000 pid=4756->guuid=6c0926a7-2100-0000-4d58-b10598120000 pid=4760 clone guuid=f88f1ea7-2100-0000-4d58-b10596120000 pid=4758->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 146B guuid=6c0926a7-2100-0000-4d58-b10598120000 pid=4760->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6c0926a7-2100-0000-4d58-b10598120000 pid=4760|send-data send-data to 160 IP addresses review logs to see them all guuid=6c0926a7-2100-0000-4d58-b10598120000 pid=4760->guuid=6c0926a7-2100-0000-4d58-b10598120000 pid=4760|send-data send guuid=778288af-2100-0000-4d58-b105a3120000 pid=4771->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 95B guuid=d3d6bcbb-2100-0000-4d58-b105c3120000 pid=4803->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d3d6bcbb-2100-0000-4d58-b105c3120000 pid=4803->349af0aa-1d52-5b54-ab86-2f426b84e968 con guuid=299e34f4-2200-0000-4d58-b10594140000 pid=5268 /tmp/F2NT2ZY guuid=d3d6bcbb-2100-0000-4d58-b105c3120000 pid=4803->guuid=299e34f4-2200-0000-4d58-b10594140000 pid=5268 clone guuid=93ff3cf4-2200-0000-4d58-b10595140000 pid=5269 /tmp/F2NT2ZY net send-data zombie guuid=d3d6bcbb-2100-0000-4d58-b105c3120000 pid=4803->guuid=93ff3cf4-2200-0000-4d58-b10595140000 pid=5269 clone guuid=93ff3cf4-2200-0000-4d58-b10595140000 pid=5269->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=93ff3cf4-2200-0000-4d58-b10595140000 pid=5269->78e3738d-7262-5540-8dc6-5596f84d4d72 send: 14B guuid=018a4bf4-2200-0000-4d58-b10596140000 pid=5270 /tmp/F2NT2ZY guuid=93ff3cf4-2200-0000-4d58-b10595140000 pid=5269->guuid=018a4bf4-2200-0000-4d58-b10596140000 pid=5270 clone guuid=fd6056f4-2200-0000-4d58-b10598140000 pid=5272 /tmp/F2NT2ZY guuid=93ff3cf4-2200-0000-4d58-b10595140000 pid=5269->guuid=fd6056f4-2200-0000-4d58-b10598140000 pid=5272 clone guuid=cb395af4-2200-0000-4d58-b10599140000 pid=5273 /tmp/F2NT2ZY net net-scan send-data guuid=93ff3cf4-2200-0000-4d58-b10595140000 pid=5269->guuid=cb395af4-2200-0000-4d58-b10599140000 pid=5273 clone guuid=92d651f4-2200-0000-4d58-b10597140000 pid=5271->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 147B guuid=cb395af4-2200-0000-4d58-b10599140000 pid=5273->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=cb395af4-2200-0000-4d58-b10599140000 pid=5273|send-data send-data to 160 IP addresses review logs to see them all guuid=cb395af4-2200-0000-4d58-b10599140000 pid=5273->guuid=cb395af4-2200-0000-4d58-b10599140000 pid=5273|send-data send guuid=fea23d04-2300-0000-4d58-b1059a140000 pid=5274->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 96B guuid=45eacb14-2300-0000-4d58-b1059d140000 pid=5277->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=45eacb14-2300-0000-4d58-b1059d140000 pid=5277->349af0aa-1d52-5b54-ab86-2f426b84e968 con guuid=e549184b-2400-0000-4d58-b105a5140000 pid=5285 /tmp/F2NT2ZY guuid=45eacb14-2300-0000-4d58-b1059d140000 pid=5277->guuid=e549184b-2400-0000-4d58-b105a5140000 pid=5285 clone guuid=fad11d4b-2400-0000-4d58-b105a6140000 pid=5286 /tmp/F2NT2ZY net send-data zombie guuid=45eacb14-2300-0000-4d58-b1059d140000 pid=5277->guuid=fad11d4b-2400-0000-4d58-b105a6140000 pid=5286 clone guuid=fad11d4b-2400-0000-4d58-b105a6140000 pid=5286->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=fad11d4b-2400-0000-4d58-b105a6140000 pid=5286->78e3738d-7262-5540-8dc6-5596f84d4d72 send: 14B guuid=58be724b-2400-0000-4d58-b105a8140000 pid=5288 /tmp/F2NT2ZY guuid=fad11d4b-2400-0000-4d58-b105a6140000 pid=5286->guuid=58be724b-2400-0000-4d58-b105a8140000 pid=5288 clone guuid=c3b8774b-2400-0000-4d58-b105a9140000 pid=5289 /tmp/F2NT2ZY guuid=fad11d4b-2400-0000-4d58-b105a6140000 pid=5286->guuid=c3b8774b-2400-0000-4d58-b105a9140000 pid=5289 clone guuid=45597b4b-2400-0000-4d58-b105aa140000 pid=5290 /tmp/F2NT2ZY net net-scan send-data guuid=fad11d4b-2400-0000-4d58-b105a6140000 pid=5286->guuid=45597b4b-2400-0000-4d58-b105aa140000 pid=5290 clone guuid=4294284b-2400-0000-4d58-b105a7140000 pid=5287->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 147B guuid=45597b4b-2400-0000-4d58-b105aa140000 pid=5290->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=45597b4b-2400-0000-4d58-b105aa140000 pid=5290|send-data send-data to 160 IP addresses review logs to see them all guuid=45597b4b-2400-0000-4d58-b105aa140000 pid=5290->guuid=45597b4b-2400-0000-4d58-b105aa140000 pid=5290|send-data send guuid=79a5b558-2400-0000-4d58-b105ab140000 pid=5291->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 96B guuid=39f36e68-2400-0000-4d58-b105ae140000 pid=5294->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=39f36e68-2400-0000-4d58-b105ae140000 pid=5294->349af0aa-1d52-5b54-ab86-2f426b84e968 con guuid=4dc8589f-2500-0000-4d58-b105cf140000 pid=5327 /tmp/F2NT2ZY guuid=39f36e68-2400-0000-4d58-b105ae140000 pid=5294->guuid=4dc8589f-2500-0000-4d58-b105cf140000 pid=5327 clone guuid=e934609f-2500-0000-4d58-b105d0140000 pid=5328 /tmp/F2NT2ZY net send-data zombie guuid=39f36e68-2400-0000-4d58-b105ae140000 pid=5294->guuid=e934609f-2500-0000-4d58-b105d0140000 pid=5328 clone guuid=e934609f-2500-0000-4d58-b105d0140000 pid=5328->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e934609f-2500-0000-4d58-b105d0140000 pid=5328->78e3738d-7262-5540-8dc6-5596f84d4d72 send: 28B guuid=22b46e9f-2500-0000-4d58-b105d1140000 pid=5329 /tmp/F2NT2ZY guuid=e934609f-2500-0000-4d58-b105d0140000 pid=5328->guuid=22b46e9f-2500-0000-4d58-b105d1140000 pid=5329 clone guuid=d0b0739f-2500-0000-4d58-b105d2140000 pid=5330 /tmp/F2NT2ZY guuid=e934609f-2500-0000-4d58-b105d0140000 pid=5328->guuid=d0b0739f-2500-0000-4d58-b105d2140000 pid=5330 clone guuid=1e08779f-2500-0000-4d58-b105d4140000 pid=5332 /tmp/F2NT2ZY net net-scan send-data guuid=e934609f-2500-0000-4d58-b105d0140000 pid=5328->guuid=1e08779f-2500-0000-4d58-b105d4140000 pid=5332 clone guuid=51f2759f-2500-0000-4d58-b105d3140000 pid=5331->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 147B guuid=1e08779f-2500-0000-4d58-b105d4140000 pid=5332->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=1e08779f-2500-0000-4d58-b105d4140000 pid=5332|send-data send-data to 160 IP addresses review logs to see them all guuid=1e08779f-2500-0000-4d58-b105d4140000 pid=5332->guuid=1e08779f-2500-0000-4d58-b105d4140000 pid=5332|send-data send guuid=13988baf-2500-0000-4d58-b105d5140000 pid=5333->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 96B guuid=c8cd9cc0-2500-0000-4d58-b105d8140000 pid=5336->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c8cd9cc0-2500-0000-4d58-b105d8140000 pid=5336->349af0aa-1d52-5b54-ab86-2f426b84e968 con guuid=6a0150f9-2600-0000-4d58-b105d9140000 pid=5337 /tmp/F2NT2ZY guuid=c8cd9cc0-2500-0000-4d58-b105d8140000 pid=5336->guuid=6a0150f9-2600-0000-4d58-b105d9140000 pid=5337 clone guuid=fc3f55f9-2600-0000-4d58-b105da140000 pid=5338 /tmp/F2NT2ZY net send-data zombie guuid=c8cd9cc0-2500-0000-4d58-b105d8140000 pid=5336->guuid=fc3f55f9-2600-0000-4d58-b105da140000 pid=5338 clone guuid=fc3f55f9-2600-0000-4d58-b105da140000 pid=5338->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=fc3f55f9-2600-0000-4d58-b105da140000 pid=5338->78e3738d-7262-5540-8dc6-5596f84d4d72 send: 14B guuid=10fd61f9-2600-0000-4d58-b105db140000 pid=5339 /tmp/F2NT2ZY guuid=fc3f55f9-2600-0000-4d58-b105da140000 pid=5338->guuid=10fd61f9-2600-0000-4d58-b105db140000 pid=5339 clone guuid=838167f9-2600-0000-4d58-b105dd140000 pid=5341 /tmp/F2NT2ZY guuid=fc3f55f9-2600-0000-4d58-b105da140000 pid=5338->guuid=838167f9-2600-0000-4d58-b105dd140000 pid=5341 clone guuid=00256bf9-2600-0000-4d58-b105de140000 pid=5342 /tmp/F2NT2ZY net net-scan send-data guuid=fc3f55f9-2600-0000-4d58-b105da140000 pid=5338->guuid=00256bf9-2600-0000-4d58-b105de140000 pid=5342 clone guuid=956165f9-2600-0000-4d58-b105dc140000 pid=5340->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 146B guuid=00256bf9-2600-0000-4d58-b105de140000 pid=5342->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=00256bf9-2600-0000-4d58-b105de140000 pid=5342|send-data send-data to 160 IP addresses review logs to see them all guuid=00256bf9-2600-0000-4d58-b105de140000 pid=5342->guuid=00256bf9-2600-0000-4d58-b105de140000 pid=5342|send-data send guuid=f8cc4007-2700-0000-4d58-b105df140000 pid=5343->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 95B guuid=ba02f016-2700-0000-4d58-b105e2140000 pid=5346->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ba02f016-2700-0000-4d58-b105e2140000 pid=5346->349af0aa-1d52-5b54-ab86-2f426b84e968 con guuid=8bcca651-2800-0000-4d58-b105e3140000 pid=5347 /tmp/F2NT2ZY guuid=ba02f016-2700-0000-4d58-b105e2140000 pid=5346->guuid=8bcca651-2800-0000-4d58-b105e3140000 pid=5347 clone guuid=cd9eab51-2800-0000-4d58-b105e4140000 pid=5348 /tmp/F2NT2ZY net send-data zombie guuid=ba02f016-2700-0000-4d58-b105e2140000 pid=5346->guuid=cd9eab51-2800-0000-4d58-b105e4140000 pid=5348 clone guuid=cd9eab51-2800-0000-4d58-b105e4140000 pid=5348->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=cd9eab51-2800-0000-4d58-b105e4140000 pid=5348->78e3738d-7262-5540-8dc6-5596f84d4d72 send: 14B guuid=c07eb451-2800-0000-4d58-b105e5140000 pid=5349 /tmp/F2NT2ZY guuid=cd9eab51-2800-0000-4d58-b105e4140000 pid=5348->guuid=c07eb451-2800-0000-4d58-b105e5140000 pid=5349 clone guuid=d946b951-2800-0000-4d58-b105e7140000 pid=5351 /tmp/F2NT2ZY guuid=cd9eab51-2800-0000-4d58-b105e4140000 pid=5348->guuid=d946b951-2800-0000-4d58-b105e7140000 pid=5351 clone guuid=cba5bc51-2800-0000-4d58-b105e8140000 pid=5352 /tmp/F2NT2ZY net net-scan send-data guuid=cd9eab51-2800-0000-4d58-b105e4140000 pid=5348->guuid=cba5bc51-2800-0000-4d58-b105e8140000 pid=5352 clone guuid=08bcb651-2800-0000-4d58-b105e6140000 pid=5350->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 147B guuid=cba5bc51-2800-0000-4d58-b105e8140000 pid=5352->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=cba5bc51-2800-0000-4d58-b105e8140000 pid=5352|send-data send-data to 160 IP addresses review logs to see them all guuid=cba5bc51-2800-0000-4d58-b105e8140000 pid=5352->guuid=cba5bc51-2800-0000-4d58-b105e8140000 pid=5352|send-data send guuid=8dc5c062-2800-0000-4d58-b105e9140000 pid=5353->0019fe1c-758c-5273-830a-1cc9dac5b043 send: 96B guuid=772a5573-2800-0000-4d58-b105ec140000 pid=5356->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=772a5573-2800-0000-4d58-b105ec140000 pid=5356->349af0aa-1d52-5b54-ab86-2f426b84e968 con guuid=a6677bb0-2900-0000-4d58-b105ed140000 pid=5357 /tmp/F2NT2ZY guuid=772a5573-2800-0000-4d58-b105ec140000 pid=5356->guuid=a6677bb0-2900-0000-4d58-b105ed140000 pid=5357 clone guuid=200e81b0-2900-0000-4d58-b105ee140000 pid=5358 /tmp/F2NT2ZY net send-data zombie guuid=772a5573-2800-0000-4d58-b105ec140000 pid=5356->guuid=200e81b0-2900-0000-4d58-b105ee140000 pid=5358 clone guuid=200e81b0-2900-0000-4d58-b105ee140000 pid=5358->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=200e81b0-2900-0000-4d58-b105ee140000 pid=5358->78e3738d-7262-5540-8dc6-5596f84d4d72 send: 14B guuid=46e296b0-2900-0000-4d58-b105f0140000 pid=5360 /tmp/F2NT2ZY guuid=200e81b0-2900-0000-4d58-b105ee140000 pid=5358->guuid=46e296b0-2900-0000-4d58-b105f0140000 pid=5360 clone guuid=9e2d9eb0-2900-0000-4d58-b105f1140000 pid=5361 /tmp/F2NT2ZY guuid=200e81b0-2900-0000-4d58-b105ee140000 pid=5358->guuid=9e2d9eb0-2900-0000-4d58-b105f1140000 pid=5361 clone guuid=7543a5b0-2900-0000-4d58-b105f2140000 pid=5362 /tmp/F2NT2ZY net net-scan send-data guuid=200e81b0-2900-0000-4d58-b105ee140000 pid=5358->guuid=7543a5b0-2900-0000-4d58-b105f2140000 pid=5362 clone guuid=117e96b0-2900-0000-4d58-b105ef140000 pid=5359->0019fe1c-758c-5273-830a-1cc9dac5b043 con guuid=7543a5b0-2900-0000-4d58-b105f2140000 pid=5362->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7543a5b0-2900-0000-4d58-b105f2140000 pid=5362|send-data send-data to 160 IP addresses review logs to see them all guuid=7543a5b0-2900-0000-4d58-b105f2140000 pid=5362->guuid=7543a5b0-2900-0000-4d58-b105f2140000 pid=5362|send-data send guuid=69d082b1-2900-0000-4d58-b105f3140000 pid=5363->0019fe1c-758c-5273-830a-1cc9dac5b043 con guuid=28ece5b4-2900-0000-4d58-b105f6140000 pid=5366->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=28ece5b4-2900-0000-4d58-b105f6140000 pid=5366->349af0aa-1d52-5b54-ab86-2f426b84e968 con guuid=8168f1f1-2a00-0000-4d58-b105f7140000 pid=5367 /tmp/F2NT2ZY guuid=28ece5b4-2900-0000-4d58-b105f6140000 pid=5366->guuid=8168f1f1-2a00-0000-4d58-b105f7140000 pid=5367 clone guuid=58d6f7f1-2a00-0000-4d58-b105f8140000 pid=5368 /tmp/F2NT2ZY net send-data zombie guuid=28ece5b4-2900-0000-4d58-b105f6140000 pid=5366->guuid=58d6f7f1-2a00-0000-4d58-b105f8140000 pid=5368 clone guuid=58d6f7f1-2a00-0000-4d58-b105f8140000 pid=5368->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=58d6f7f1-2a00-0000-4d58-b105f8140000 pid=5368->78e3738d-7262-5540-8dc6-5596f84d4d72 send: 14B guuid=f45404f2-2a00-0000-4d58-b105f9140000 pid=5369 /tmp/F2NT2ZY guuid=58d6f7f1-2a00-0000-4d58-b105f8140000 pid=5368->guuid=f45404f2-2a00-0000-4d58-b105f9140000 pid=5369 clone guuid=c0b108f2-2a00-0000-4d58-b105fa140000 pid=5370 /tmp/F2NT2ZY guuid=58d6f7f1-2a00-0000-4d58-b105f8140000 pid=5368->guuid=c0b108f2-2a00-0000-4d58-b105fa140000 pid=5370 clone guuid=0eee0cf2-2a00-0000-4d58-b105fc140000 pid=5372 /tmp/F2NT2ZY net net-scan send-data guuid=58d6f7f1-2a00-0000-4d58-b105f8140000 pid=5368->guuid=0eee0cf2-2a00-0000-4d58-b105fc140000 pid=5372 clone guuid=32f309f2-2a00-0000-4d58-b105fb140000 pid=5371->0019fe1c-758c-5273-830a-1cc9dac5b043 con guuid=0eee0cf2-2a00-0000-4d58-b105fc140000 pid=5372->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=0eee0cf2-2a00-0000-4d58-b105fc140000 pid=5372|send-data send-data to 160 IP addresses review logs to see them all guuid=0eee0cf2-2a00-0000-4d58-b105fc140000 pid=5372->guuid=0eee0cf2-2a00-0000-4d58-b105fc140000 pid=5372|send-data send guuid=32d0e6f2-2a00-0000-4d58-b105fd140000 pid=5373->0019fe1c-758c-5273-830a-1cc9dac5b043 con guuid=21c654f5-2a00-0000-4d58-b10500150000 pid=5376->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=21c654f5-2a00-0000-4d58-b10500150000 pid=5376->349af0aa-1d52-5b54-ab86-2f426b84e968 con guuid=4e8f4732-2c00-0000-4d58-b10501150000 pid=5377 /tmp/F2NT2ZY guuid=21c654f5-2a00-0000-4d58-b10500150000 pid=5376->guuid=4e8f4732-2c00-0000-4d58-b10501150000 pid=5377 clone guuid=8c9e4d32-2c00-0000-4d58-b10502150000 pid=5378 /tmp/F2NT2ZY net send-data zombie guuid=21c654f5-2a00-0000-4d58-b10500150000 pid=5376->guuid=8c9e4d32-2c00-0000-4d58-b10502150000 pid=5378 clone guuid=8c9e4d32-2c00-0000-4d58-b10502150000 pid=5378->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8c9e4d32-2c00-0000-4d58-b10502150000 pid=5378->78e3738d-7262-5540-8dc6-5596f84d4d72 send: 28B guuid=58975932-2c00-0000-4d58-b10503150000 pid=5379 /tmp/F2NT2ZY guuid=8c9e4d32-2c00-0000-4d58-b10502150000 pid=5378->guuid=58975932-2c00-0000-4d58-b10503150000 pid=5379 clone guuid=09425d32-2c00-0000-4d58-b10504150000 pid=5380 /tmp/F2NT2ZY guuid=8c9e4d32-2c00-0000-4d58-b10502150000 pid=5378->guuid=09425d32-2c00-0000-4d58-b10504150000 pid=5380 clone guuid=04216132-2c00-0000-4d58-b10505150000 pid=5381 /tmp/F2NT2ZY net net-scan send-data guuid=8c9e4d32-2c00-0000-4d58-b10502150000 pid=5378->guuid=04216132-2c00-0000-4d58-b10505150000 pid=5381 clone guuid=04216132-2c00-0000-4d58-b10505150000 pid=5381->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=04216132-2c00-0000-4d58-b10505150000 pid=5381|send-data send-data to 160 IP addresses review logs to see them all guuid=04216132-2c00-0000-4d58-b10505150000 pid=5381->guuid=04216132-2c00-0000-4d58-b10505150000 pid=5381|send-data send guuid=27566232-2c00-0000-4d58-b10506150000 pid=5382->0019fe1c-758c-5273-830a-1cc9dac5b043 con guuid=014bcc33-2c00-0000-4d58-b10507150000 pid=5383->0019fe1c-758c-5273-830a-1cc9dac5b043 con guuid=b0353a59-2c00-0000-4d58-b1050a150000 pid=5386->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b0353a59-2c00-0000-4d58-b1050a150000 pid=5386->349af0aa-1d52-5b54-ab86-2f426b84e968 con
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b17eeecbaf37d56aaa2ea01f57a214cca6a42ccd8efc3c7cc8033418ce06b97f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b17eeecbaf37d56aaa2ea01f57a214cca6a42ccd8efc3c7cc8033418ce06b97f/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/b17eeecbaf37d56aaa2ea01f57a214cca6a42ccd8efc3c7cc8033418ce06b97f
Threat name:
Linux.Downloader.Morila
Create hunting rule
Status:
Malicious
First seen:
2025-12-21 09:33:26 UTC
File Type:
Text (Shell)
AV detection:
17 of 24 (70.83%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wf7o5s5pg7kwvkrouapvpiquzstkilgnr36dy7giam2brtqgxf7q._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai antivm botnet credential_access defense_evasion discovery linux
Link:
https://tria.ge/reports/251221-lhzexstjer/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Checks CPU configuration
Reads system network configuration
Reads process memory
Creates a large amount of network flows
Enumerates active TCP sockets
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (12510) amount of remote hosts
Mirai
Mirai family
Malware Config
C2 Extraction:
katana.chernobyl.network
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/b17eeecbaf37/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.59
Link:
https://yomi.yoroi.company/submissions/b17eeecbaf37d56aaa2ea01f57a214cca6a42ccd8efc3c7cc8033418ce06b97f

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh b17eeecbaf37d56aaa2ea01f57a214cca6a42ccd8efc3c7cc8033418ce06b97f

(this sample)

Mirai

elf 165e9ae4a6cb930e7560a3e88063642a1e5c356cbd6be7d6545ab1d50f7c1a0b

  
URLhaus
https://urlhaus.abuse.ch/url/3738809/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e85137beb2e1635cc1342029ce40df1d
  
Dropping
SHA256 165e9ae4a6cb930e7560a3e88063642a1e5c356cbd6be7d6545ab1d50f7c1a0b

Comments