MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bccabc4c81f9fba1e816e1e2dc52dcf4c226c19716c28bf4a2efc73d04bd8a71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: bccabc4c81f9fba1e816e1e2dc52dcf4c226c19716c28bf4a2efc73d04bd8a71
SHA3-384 hash: 736cf3d8650049509cfc10b65cb500b1d21b8d94927062881ed79cd405c94c1f419dcb1259ed9bc92f545aa0603556a5
SHA1 hash: 0238f2f3d7650ce1b1e052cb8415d5ca5afa6f6c
MD5 hash: 63407025215894cbbf9a6a09c69672b9
humanhash: one-hawaii-bluebird-william
File name:WSW0
Download: download sample
File size:266 bytes
First seen:2026-07-02 14:11:52 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 6:hTWqKe7xdvGbxvjnk5AulNXYq9DG+NjVsNXYrkJ:VzKeTGBw5Piq9DGmKi2
TLSH T1FDD02E926223067020222840F0E76800B540576F8C58C11CBAC320200F0164AF98229C
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://216.107.139.197/n/an/an/a

Intelligence


File Origin
# of uploads :
1
# of downloads :
65
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
downloader
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Status:
terminated
Behavior Graph:
%3 guuid=e3af9e72-1900-0000-68c2-03b52e140000 pid=5166 /usr/bin/sudo guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167 /tmp/sample.bin guuid=e3af9e72-1900-0000-68c2-03b52e140000 pid=5166->guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167 execve guuid=24099075-1900-0000-68c2-03b530140000 pid=5168 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=24099075-1900-0000-68c2-03b530140000 pid=5168 execve guuid=f6f11276-1900-0000-68c2-03b531140000 pid=5169 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=f6f11276-1900-0000-68c2-03b531140000 pid=5169 execve guuid=6e715993-1900-0000-68c2-03b532140000 pid=5170 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=6e715993-1900-0000-68c2-03b532140000 pid=5170 execve guuid=af95a493-1900-0000-68c2-03b533140000 pid=5171 /usr/bin/dash guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=af95a493-1900-0000-68c2-03b533140000 pid=5171 clone guuid=7d8d4a94-1900-0000-68c2-03b535140000 pid=5173 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=7d8d4a94-1900-0000-68c2-03b535140000 pid=5173 execve guuid=60c99894-1900-0000-68c2-03b536140000 pid=5174 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=60c99894-1900-0000-68c2-03b536140000 pid=5174 execve guuid=8c0cd6b0-1900-0000-68c2-03b537140000 pid=5175 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=8c0cd6b0-1900-0000-68c2-03b537140000 pid=5175 execve guuid=76e394b1-1900-0000-68c2-03b538140000 pid=5176 /usr/bin/dash guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=76e394b1-1900-0000-68c2-03b538140000 pid=5176 clone guuid=d7ca84b3-1900-0000-68c2-03b53a140000 pid=5178 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=d7ca84b3-1900-0000-68c2-03b53a140000 pid=5178 execve guuid=133c3fb4-1900-0000-68c2-03b53b140000 pid=5179 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=133c3fb4-1900-0000-68c2-03b53b140000 pid=5179 execve guuid=c7256dd0-1900-0000-68c2-03b543140000 pid=5187 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=c7256dd0-1900-0000-68c2-03b543140000 pid=5187 execve guuid=0b2c6ad1-1900-0000-68c2-03b544140000 pid=5188 /tmp/MZXT guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=0b2c6ad1-1900-0000-68c2-03b544140000 pid=5188 execve guuid=75fcb3d1-1900-0000-68c2-03b546140000 pid=5190 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=75fcb3d1-1900-0000-68c2-03b546140000 pid=5190 execve guuid=2b01b3d2-1900-0000-68c2-03b547140000 pid=5191 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=2b01b3d2-1900-0000-68c2-03b547140000 pid=5191 execve guuid=07b7d8f0-1900-0000-68c2-03b548140000 pid=5192 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=07b7d8f0-1900-0000-68c2-03b548140000 pid=5192 execve guuid=176e4ef1-1900-0000-68c2-03b549140000 pid=5193 /usr/bin/dash guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=176e4ef1-1900-0000-68c2-03b549140000 pid=5193 clone guuid=642174f2-1900-0000-68c2-03b54b140000 pid=5195 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=642174f2-1900-0000-68c2-03b54b140000 pid=5195 execve guuid=36d235f3-1900-0000-68c2-03b54c140000 pid=5196 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=36d235f3-1900-0000-68c2-03b54c140000 pid=5196 execve guuid=25bbd910-1a00-0000-68c2-03b54d140000 pid=5197 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=25bbd910-1a00-0000-68c2-03b54d140000 pid=5197 execve guuid=93b93211-1a00-0000-68c2-03b54e140000 pid=5198 /tmp/MLKE guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=93b93211-1a00-0000-68c2-03b54e140000 pid=5198 execve guuid=3c7e4611-1a00-0000-68c2-03b550140000 pid=5200 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=3c7e4611-1a00-0000-68c2-03b550140000 pid=5200 execve guuid=5909bc11-1a00-0000-68c2-03b551140000 pid=5201 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=5909bc11-1a00-0000-68c2-03b551140000 pid=5201 execve guuid=f03d682d-1a00-0000-68c2-03b552140000 pid=5202 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=f03d682d-1a00-0000-68c2-03b552140000 pid=5202 execve guuid=8d26c22d-1a00-0000-68c2-03b553140000 pid=5203 /usr/bin/dash guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=8d26c22d-1a00-0000-68c2-03b553140000 pid=5203 clone guuid=6a6b052f-1a00-0000-68c2-03b555140000 pid=5205 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=6a6b052f-1a00-0000-68c2-03b555140000 pid=5205 execve guuid=41032231-1a00-0000-68c2-03b556140000 pid=5206 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=41032231-1a00-0000-68c2-03b556140000 pid=5206 execve guuid=b620e94f-1a00-0000-68c2-03b558140000 pid=5208 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=b620e94f-1a00-0000-68c2-03b558140000 pid=5208 execve guuid=d796b450-1a00-0000-68c2-03b559140000 pid=5209 /usr/bin/dash guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=d796b450-1a00-0000-68c2-03b559140000 pid=5209 clone guuid=ce4f7d55-1a00-0000-68c2-03b55b140000 pid=5211 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=ce4f7d55-1a00-0000-68c2-03b55b140000 pid=5211 execve guuid=0e0d1b56-1a00-0000-68c2-03b55c140000 pid=5212 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=0e0d1b56-1a00-0000-68c2-03b55c140000 pid=5212 execve guuid=dbb82774-1a00-0000-68c2-03b55d140000 pid=5213 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=dbb82774-1a00-0000-68c2-03b55d140000 pid=5213 execve guuid=bd946d74-1a00-0000-68c2-03b55e140000 pid=5214 /usr/bin/dash guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=bd946d74-1a00-0000-68c2-03b55e140000 pid=5214 clone guuid=4cffdf75-1a00-0000-68c2-03b560140000 pid=5216 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=4cffdf75-1a00-0000-68c2-03b560140000 pid=5216 execve guuid=87cbb076-1a00-0000-68c2-03b561140000 pid=5217 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=87cbb076-1a00-0000-68c2-03b561140000 pid=5217 execve guuid=dc0b1c90-1a00-0000-68c2-03b562140000 pid=5218 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=dc0b1c90-1a00-0000-68c2-03b562140000 pid=5218 execve guuid=90aaac90-1a00-0000-68c2-03b563140000 pid=5219 /usr/bin/dash guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=90aaac90-1a00-0000-68c2-03b563140000 pid=5219 clone guuid=97a5f792-1a00-0000-68c2-03b565140000 pid=5221 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=97a5f792-1a00-0000-68c2-03b565140000 pid=5221 execve guuid=9ff5ce93-1a00-0000-68c2-03b566140000 pid=5222 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=9ff5ce93-1a00-0000-68c2-03b566140000 pid=5222 execve guuid=d8ffefb0-1a00-0000-68c2-03b567140000 pid=5223 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=d8ffefb0-1a00-0000-68c2-03b567140000 pid=5223 execve guuid=ca7138b1-1a00-0000-68c2-03b568140000 pid=5224 /usr/bin/dash guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=ca7138b1-1a00-0000-68c2-03b568140000 pid=5224 clone guuid=a1d3d4b1-1a00-0000-68c2-03b56a140000 pid=5226 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=a1d3d4b1-1a00-0000-68c2-03b56a140000 pid=5226 execve guuid=bdac1cb2-1a00-0000-68c2-03b56b140000 pid=5227 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=bdac1cb2-1a00-0000-68c2-03b56b140000 pid=5227 execve guuid=2e6f2dcd-1a00-0000-68c2-03b572140000 pid=5234 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=2e6f2dcd-1a00-0000-68c2-03b572140000 pid=5234 execve guuid=f10572cd-1a00-0000-68c2-03b573140000 pid=5235 /usr/bin/dash guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=f10572cd-1a00-0000-68c2-03b573140000 pid=5235 clone guuid=f70e02ce-1a00-0000-68c2-03b575140000 pid=5237 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=f70e02ce-1a00-0000-68c2-03b575140000 pid=5237 execve guuid=3eb342ce-1a00-0000-68c2-03b576140000 pid=5238 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=3eb342ce-1a00-0000-68c2-03b576140000 pid=5238 execve guuid=f43d4ce9-1a00-0000-68c2-03b57f140000 pid=5247 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=f43d4ce9-1a00-0000-68c2-03b57f140000 pid=5247 execve guuid=d2108fe9-1a00-0000-68c2-03b580140000 pid=5248 /usr/bin/dash guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=d2108fe9-1a00-0000-68c2-03b580140000 pid=5248 clone guuid=f8791bea-1a00-0000-68c2-03b582140000 pid=5250 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=f8791bea-1a00-0000-68c2-03b582140000 pid=5250 execve guuid=948d67ea-1a00-0000-68c2-03b583140000 pid=5251 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=948d67ea-1a00-0000-68c2-03b583140000 pid=5251 execve guuid=d0e09d05-1b00-0000-68c2-03b58d140000 pid=5261 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=d0e09d05-1b00-0000-68c2-03b58d140000 pid=5261 execve guuid=15e8d905-1b00-0000-68c2-03b58f140000 pid=5263 /usr/bin/dash guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=15e8d905-1b00-0000-68c2-03b58f140000 pid=5263 clone guuid=586b6d06-1b00-0000-68c2-03b591140000 pid=5265 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=586b6d06-1b00-0000-68c2-03b591140000 pid=5265 execve guuid=e2bda906-1b00-0000-68c2-03b593140000 pid=5267 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=e2bda906-1b00-0000-68c2-03b593140000 pid=5267 execve guuid=0022ca21-1b00-0000-68c2-03b59b140000 pid=5275 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=0022ca21-1b00-0000-68c2-03b59b140000 pid=5275 execve guuid=1bab6122-1b00-0000-68c2-03b59c140000 pid=5276 /usr/bin/dash guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=1bab6122-1b00-0000-68c2-03b59c140000 pid=5276 clone guuid=379c6e23-1b00-0000-68c2-03b59e140000 pid=5278 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=379c6e23-1b00-0000-68c2-03b59e140000 pid=5278 execve guuid=2b97f523-1b00-0000-68c2-03b59f140000 pid=5279 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=2b97f523-1b00-0000-68c2-03b59f140000 pid=5279 execve guuid=2ebffa3f-1b00-0000-68c2-03b5a0140000 pid=5280 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=2ebffa3f-1b00-0000-68c2-03b5a0140000 pid=5280 execve guuid=2f073e40-1b00-0000-68c2-03b5a1140000 pid=5281 /usr/bin/dash guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=2f073e40-1b00-0000-68c2-03b5a1140000 pid=5281 clone guuid=f57af240-1b00-0000-68c2-03b5a3140000 pid=5283 /usr/bin/rm guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=f57af240-1b00-0000-68c2-03b5a3140000 pid=5283 execve guuid=cfb53841-1b00-0000-68c2-03b5a4140000 pid=5284 /usr/bin/wget net send-data write-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=cfb53841-1b00-0000-68c2-03b5a4140000 pid=5284 execve guuid=0255a65c-1b00-0000-68c2-03b5a5140000 pid=5285 /usr/bin/chmod guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=0255a65c-1b00-0000-68c2-03b5a5140000 pid=5285 execve guuid=0ad42b5d-1b00-0000-68c2-03b5a6140000 pid=5286 /usr/bin/dash guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=0ad42b5d-1b00-0000-68c2-03b5a6140000 pid=5286 clone guuid=a233375e-1b00-0000-68c2-03b5a8140000 pid=5288 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=a233375e-1b00-0000-68c2-03b5a8140000 pid=5288 execve guuid=486ab15e-1b00-0000-68c2-03b5a9140000 pid=5289 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=486ab15e-1b00-0000-68c2-03b5a9140000 pid=5289 execve guuid=01035b5f-1b00-0000-68c2-03b5aa140000 pid=5290 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=01035b5f-1b00-0000-68c2-03b5aa140000 pid=5290 execve guuid=f8550960-1b00-0000-68c2-03b5ab140000 pid=5291 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=f8550960-1b00-0000-68c2-03b5ab140000 pid=5291 execve guuid=bd787e60-1b00-0000-68c2-03b5ac140000 pid=5292 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=bd787e60-1b00-0000-68c2-03b5ac140000 pid=5292 execve guuid=ba1d3961-1b00-0000-68c2-03b5ad140000 pid=5293 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=ba1d3961-1b00-0000-68c2-03b5ad140000 pid=5293 execve guuid=9d3bad61-1b00-0000-68c2-03b5ae140000 pid=5294 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=9d3bad61-1b00-0000-68c2-03b5ae140000 pid=5294 execve guuid=5bce2d62-1b00-0000-68c2-03b5af140000 pid=5295 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=5bce2d62-1b00-0000-68c2-03b5af140000 pid=5295 execve guuid=cac3a162-1b00-0000-68c2-03b5b0140000 pid=5296 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=cac3a162-1b00-0000-68c2-03b5b0140000 pid=5296 execve guuid=b8032263-1b00-0000-68c2-03b5b1140000 pid=5297 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=b8032263-1b00-0000-68c2-03b5b1140000 pid=5297 execve guuid=34c3a263-1b00-0000-68c2-03b5b2140000 pid=5298 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=34c3a263-1b00-0000-68c2-03b5b2140000 pid=5298 execve guuid=a91d2a64-1b00-0000-68c2-03b5b3140000 pid=5299 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=a91d2a64-1b00-0000-68c2-03b5b3140000 pid=5299 execve guuid=8dcaa764-1b00-0000-68c2-03b5b4140000 pid=5300 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=8dcaa764-1b00-0000-68c2-03b5b4140000 pid=5300 execve guuid=cbf62e65-1b00-0000-68c2-03b5b5140000 pid=5301 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=cbf62e65-1b00-0000-68c2-03b5b5140000 pid=5301 execve guuid=b463aa65-1b00-0000-68c2-03b5b6140000 pid=5302 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=b463aa65-1b00-0000-68c2-03b5b6140000 pid=5302 execve guuid=5bed3366-1b00-0000-68c2-03b5b7140000 pid=5303 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=5bed3366-1b00-0000-68c2-03b5b7140000 pid=5303 execve guuid=7ef5b066-1b00-0000-68c2-03b5b8140000 pid=5304 /usr/bin/rm delete-file guuid=b0664075-1900-0000-68c2-03b52f140000 pid=5167->guuid=7ef5b066-1b00-0000-68c2-03b5b8140000 pid=5304 execve d7be7143-8a84-51ae-b4d7-8e2f14064a79 216.107.139.197:80 guuid=f6f11276-1900-0000-68c2-03b531140000 pid=5169->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=60c99894-1900-0000-68c2-03b536140000 pid=5174->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=133c3fb4-1900-0000-68c2-03b53b140000 pid=5179->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=dc1f9fd1-1900-0000-68c2-03b545140000 pid=5189 /tmp/MZXT net send-data write-file zombie guuid=0b2c6ad1-1900-0000-68c2-03b544140000 pid=5188->guuid=dc1f9fd1-1900-0000-68c2-03b545140000 pid=5189 clone aaf9c0a7-7302-5ede-b172-9a9351bb3b01 2000:::0 guuid=dc1f9fd1-1900-0000-68c2-03b545140000 pid=5189->aaf9c0a7-7302-5ede-b172-9a9351bb3b01 con 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=dc1f9fd1-1900-0000-68c2-03b545140000 pid=5189->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 495B e0ec34da-6728-5421-bf74-e67eb37a76fd 127.0.0.1:53 guuid=dc1f9fd1-1900-0000-68c2-03b545140000 pid=5189->e0ec34da-6728-5421-bf74-e67eb37a76fd send: 495B guuid=20b75a31-1a00-0000-68c2-03b557140000 pid=5207 /usr/bin/uname guuid=dc1f9fd1-1900-0000-68c2-03b545140000 pid=5189->guuid=20b75a31-1a00-0000-68c2-03b557140000 pid=5207 execve guuid=2b01b3d2-1900-0000-68c2-03b547140000 pid=5191->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=36d235f3-1900-0000-68c2-03b54c140000 pid=5196->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=1b714011-1a00-0000-68c2-03b54f140000 pid=5199 /tmp/MLKE zombie guuid=93b93211-1a00-0000-68c2-03b54e140000 pid=5198->guuid=1b714011-1a00-0000-68c2-03b54f140000 pid=5199 clone guuid=5909bc11-1a00-0000-68c2-03b551140000 pid=5201->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=41032231-1a00-0000-68c2-03b556140000 pid=5206->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=0e0d1b56-1a00-0000-68c2-03b55c140000 pid=5212->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=87cbb076-1a00-0000-68c2-03b561140000 pid=5217->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=9ff5ce93-1a00-0000-68c2-03b566140000 pid=5222->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=bdac1cb2-1a00-0000-68c2-03b56b140000 pid=5227->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=3eb342ce-1a00-0000-68c2-03b576140000 pid=5238->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=948d67ea-1a00-0000-68c2-03b583140000 pid=5251->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=e2bda906-1b00-0000-68c2-03b593140000 pid=5267->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=2b97f523-1b00-0000-68c2-03b59f140000 pid=5279->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=cfb53841-1b00-0000-68c2-03b5a4140000 pid=5284->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B
Threat name:
Script-Shell.Downloader.Bash
Status:
Malicious
First seen:
2026-07-02 14:12:46 UTC
File Type:
Text (Shell)
AV detection:
11 of 36 (30.56%)
Threat level:
  3/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm credential_access defense_evasion linux
Behaviour
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
OS Credential Dumping
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh bccabc4c81f9fba1e816e1e2dc52dcf4c226c19716c28bf4a2efc73d04bd8a71

(this sample)

  
Delivery method
Distributed via web download

Comments