MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bfbb97df182a601ebfd154ccb66b1c6340493fbb79dbe77897683580af23828d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


DDoSAgent


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bfbb97df182a601ebfd154ccb66b1c6340493fbb79dbe77897683580af23828d
SHA3-384 hash: 1938cb5bbb2093493dce9bf24b3c4483a58237a9f65294ae00565bf1519d7d8e9cb7195f230eb009148110d2d43b50a6
SHA1 hash: dcb8cded18e96abee545ac55eeb9261d1880ab18
MD5 hash: 11e140110804b5816d2f2de488224839
humanhash: ack-glucose-pizza-sixteen
File name:dl20
Download: download sample
Signature DDoSAgent
Create hunting rule
File size:3'654 bytes
First seen:2025-07-20 18:59:57 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:ylOED8QVwQlJSXf79tLiJAYtDG/5OlnGM1f1:SZ/
TLSH T1217194D902E203005001B74F3BF57B61AEB483E5AE7B0F8AFC99D97649B0A54F124F5A
Magika shell
Reporter abuse_ch
Tags:DDOSAgent sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.170.22.205/bins/whisper.armv555d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.armv62b4c87240aaf767982d676933e628f8bf2957c931d906a90c88ccf3a18dc55ce DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.armv7e97da696893a2a090ac962789c524119aacab5583df1f2074c081295a0f582e3 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.aarch6438b7cbe9ff53cec015d67d04da59bcced70fae6c7e1d15baf95abc34035cc862 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.aarch64be5b489dfd7395de9106468d7b92374c56d30af994b4ea06be6c77e98ba540cf6a DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.arcle750d6001350ab65adfd7a9e0fca7560c49fc5d8f6e96939f1bdb630599e5fb902a14 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.arclehs381a3c8f2dbd32b05b5dc1c7ebd3b5cdaaf24fb5296978e6061671edca802a41f4 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.mips3d0ff85391334a8130b92bf85bb1b760f7f060508a5bfaab3ff7eb9a2ca53b0a DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64b8c1191781c9feb322cfcacf40f4f1d207a09af4d786e26a7455e8a36afd4a1c DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64le527a822afceebc65d8926a1dd0c3c97862f3e114db26f104797c58f45a2e609c DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64len32c6a1cd7348531c4c0db50ecf21f64e444b33a3ff194ed55a467adb938ec22408 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.mips64n3290676d5a951bfb339c20472a0d3ff253767268f54be520eb6410522eeba9741e DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.mipslee479f82af03dd6087f688cd398fc792a6443e362c9a36348ab53a3f6ddc591a2 DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.riscv3245ca399bc539910e391f87bb398acac0f5c47410acb0d329ea3bf82406b3c189 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.riscv6484dbcc96a5ede7cb185d06f1116aee3bbe07e85ab020e86b5d4bfa9dcc6e60e1 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.m68kc304b1825bfe337bc1801440ca0bb1cda35aa96672d60952b852a5b2e3255f06 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.sh4n/an/aelf
http://31.170.22.205/bins/whisper.i6862ba541b4a6c62619d785852c86d67829118e70a52105ef37f32010aecb64784b DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.x6411742623bba0e1ca221814a36cd8239be94898c59fcc61c1328a6230a9981219 DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.powerpc440fp197455fb6ac704dea344ee392427a842c243f6919c6886965b9586424b65e00b DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64e55001033d5f5d215d7df4d05737606f8323406eaeb9c215e1308fe48e77aba6f00f4 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64e6500a97c72cdfb63586cf2bbf84c6839b38eaf7af1a474d6f5f27af0b11f7140f067 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64lepower84d5ef555aac80b752223c279e28e49de774e1a68309e426095c52690a105f313 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64power8e3ed9343357d6cb963060d7908aa2637165f89cf21a4eb8f7538bb2ddb79e54f DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpce300c395d23e5693047c429dcf68baf9141ee074a578d08d434f6e1ae520374d0c7928 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpce500mc189b5636d5a9a46a6ed38a7fdcd6b4f063fd7abc292363ff9ef7ac77852eae49 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.sparc25bf2d5845b6d3497bbceeeda40ba99a78e27f8ca88ec2efb690d919b4c5b8f6 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.sparc640e7338e304ae5c960e232d80d98edb0a281d03c974ab13c6de4b0596fd0557c9 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.armv4n/an/aelf

Intelligence

File Origin
# of uploads :
1
# of downloads :
27
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
URLhaus.3462419.UNOFFICIAL
Create hunting rule

URLhaus.3462413.UNOFFICIAL
Create hunting rule

URLhaus.3462403.UNOFFICIAL
Create hunting rule

URLhaus.3462409.UNOFFICIAL
Create hunting rule

URLhaus.3462416.UNOFFICIAL
Create hunting rule

URLhaus.3462399.UNOFFICIAL
Create hunting rule

URLhaus.3462402.UNOFFICIAL
Create hunting rule

URLhaus.3447675.UNOFFICIAL
Create hunting rule

URLhaus.3447676.UNOFFICIAL
Create hunting rule

URLhaus.3447679.UNOFFICIAL
Create hunting rule

URLhaus.3462417.UNOFFICIAL
Create hunting rule

URLhaus.3462395.UNOFFICIAL
Create hunting rule

URLhaus.3447674.UNOFFICIAL
Create hunting rule

URLhaus.3462404.UNOFFICIAL
Create hunting rule

URLhaus.3462410.UNOFFICIAL
Create hunting rule

URLhaus.3462418.UNOFFICIAL
Create hunting rule

URLhaus.3462407.UNOFFICIAL
Create hunting rule

URLhaus.3462397.UNOFFICIAL
Create hunting rule

URLhaus.3447677.UNOFFICIAL
Create hunting rule

URLhaus.3462398.UNOFFICIAL
Create hunting rule

URLhaus.3462400.UNOFFICIAL
Create hunting rule

URLhaus.3462415.UNOFFICIAL
Create hunting rule

URLhaus.3462406.UNOFFICIAL
Create hunting rule

URLhaus.3462405.UNOFFICIAL
Create hunting rule

URLhaus.3462401.UNOFFICIAL
Create hunting rule

URLhaus.3462396.UNOFFICIAL
Create hunting rule

URLhaus.3462412.UNOFFICIAL
Create hunting rule

URLhaus.3462408.UNOFFICIAL
Create hunting rule

URLhaus.3462414.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/687d3cd37bc45bdee1b26a3a/reports/e4e651c5-0976-4fea-b2db-6cbf856ea7fe/overview
Verdict:
Malicious
Labled as:
Bash.MiraiA.Generic
Link:
https://www.hybrid-analysis.com/sample/bfbb97df182a601ebfd154ccb66b1c6340493fbb79dbe77897683580af23828d
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/84da7523-4b12-40e6-9b31-d101fae6c9b2
Behavior Graph:
Download SVG
%3 guuid=45508f26-1800-0000-ef90-627cbb060000 pid=1723 /usr/bin/sudo guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726 /tmp/sample.bin guuid=45508f26-1800-0000-ef90-627cbb060000 pid=1723->guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726 execve guuid=db8a7029-1800-0000-ef90-627cc0060000 pid=1728 /usr/bin/rm guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=db8a7029-1800-0000-ef90-627cc0060000 pid=1728 execve guuid=b04cb429-1800-0000-ef90-627cc1060000 pid=1729 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=b04cb429-1800-0000-ef90-627cc1060000 pid=1729 execve guuid=57b3f936-1800-0000-ef90-627ce5060000 pid=1765 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=57b3f936-1800-0000-ef90-627ce5060000 pid=1765 execve guuid=130e4837-1800-0000-ef90-627ce7060000 pid=1767 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=130e4837-1800-0000-ef90-627ce7060000 pid=1767 clone guuid=6609e437-1800-0000-ef90-627cea060000 pid=1770 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=6609e437-1800-0000-ef90-627cea060000 pid=1770 execve guuid=b7993538-1800-0000-ef90-627cec060000 pid=1772 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=b7993538-1800-0000-ef90-627cec060000 pid=1772 execve guuid=f706b643-1800-0000-ef90-627c03070000 pid=1795 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=f706b643-1800-0000-ef90-627c03070000 pid=1795 execve guuid=5e750644-1800-0000-ef90-627c04070000 pid=1796 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=5e750644-1800-0000-ef90-627c04070000 pid=1796 clone guuid=cabdeb44-1800-0000-ef90-627c06070000 pid=1798 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=cabdeb44-1800-0000-ef90-627c06070000 pid=1798 execve guuid=e8384645-1800-0000-ef90-627c08070000 pid=1800 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=e8384645-1800-0000-ef90-627c08070000 pid=1800 execve guuid=acc24e51-1800-0000-ef90-627c23070000 pid=1827 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=acc24e51-1800-0000-ef90-627c23070000 pid=1827 execve guuid=f0ab8e51-1800-0000-ef90-627c25070000 pid=1829 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=f0ab8e51-1800-0000-ef90-627c25070000 pid=1829 clone guuid=2f7d0a52-1800-0000-ef90-627c27070000 pid=1831 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=2f7d0a52-1800-0000-ef90-627c27070000 pid=1831 execve guuid=778e4752-1800-0000-ef90-627c29070000 pid=1833 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=778e4752-1800-0000-ef90-627c29070000 pid=1833 execve guuid=646eaa60-1800-0000-ef90-627c47070000 pid=1863 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=646eaa60-1800-0000-ef90-627c47070000 pid=1863 execve guuid=d64aec60-1800-0000-ef90-627c49070000 pid=1865 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=d64aec60-1800-0000-ef90-627c49070000 pid=1865 clone guuid=e7b5d061-1800-0000-ef90-627c4e070000 pid=1870 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=e7b5d061-1800-0000-ef90-627c4e070000 pid=1870 execve guuid=aa151062-1800-0000-ef90-627c50070000 pid=1872 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=aa151062-1800-0000-ef90-627c50070000 pid=1872 execve guuid=e7a23570-1800-0000-ef90-627c6c070000 pid=1900 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=e7a23570-1800-0000-ef90-627c6c070000 pid=1900 execve guuid=a8c87270-1800-0000-ef90-627c6e070000 pid=1902 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=a8c87270-1800-0000-ef90-627c6e070000 pid=1902 clone guuid=5e59f670-1800-0000-ef90-627c71070000 pid=1905 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=5e59f670-1800-0000-ef90-627c71070000 pid=1905 execve guuid=6aba3371-1800-0000-ef90-627c72070000 pid=1906 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=6aba3371-1800-0000-ef90-627c72070000 pid=1906 execve guuid=c2821c7d-1800-0000-ef90-627c8e070000 pid=1934 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=c2821c7d-1800-0000-ef90-627c8e070000 pid=1934 execve guuid=30e7997d-1800-0000-ef90-627c90070000 pid=1936 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=30e7997d-1800-0000-ef90-627c90070000 pid=1936 clone guuid=682e597e-1800-0000-ef90-627c95070000 pid=1941 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=682e597e-1800-0000-ef90-627c95070000 pid=1941 execve guuid=ed759f7e-1800-0000-ef90-627c96070000 pid=1942 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=ed759f7e-1800-0000-ef90-627c96070000 pid=1942 execve guuid=16f0218a-1800-0000-ef90-627cab070000 pid=1963 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=16f0218a-1800-0000-ef90-627cab070000 pid=1963 execve guuid=b0545d8a-1800-0000-ef90-627cac070000 pid=1964 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=b0545d8a-1800-0000-ef90-627cac070000 pid=1964 clone guuid=b567d18a-1800-0000-ef90-627caf070000 pid=1967 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=b567d18a-1800-0000-ef90-627caf070000 pid=1967 execve guuid=bcaf248b-1800-0000-ef90-627cb2070000 pid=1970 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=bcaf248b-1800-0000-ef90-627cb2070000 pid=1970 execve guuid=6be0c79a-1800-0000-ef90-627cba070000 pid=1978 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=6be0c79a-1800-0000-ef90-627cba070000 pid=1978 execve guuid=f9a2379b-1800-0000-ef90-627cbb070000 pid=1979 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=f9a2379b-1800-0000-ef90-627cbb070000 pid=1979 clone guuid=907a219c-1800-0000-ef90-627cbe070000 pid=1982 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=907a219c-1800-0000-ef90-627cbe070000 pid=1982 execve guuid=46ea969c-1800-0000-ef90-627cbf070000 pid=1983 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=46ea969c-1800-0000-ef90-627cbf070000 pid=1983 execve guuid=a029a8b0-1800-0000-ef90-627cc8070000 pid=1992 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=a029a8b0-1800-0000-ef90-627cc8070000 pid=1992 execve guuid=5b3dffb0-1800-0000-ef90-627cc9070000 pid=1993 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=5b3dffb0-1800-0000-ef90-627cc9070000 pid=1993 clone guuid=c0b5b9b2-1800-0000-ef90-627ccb070000 pid=1995 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=c0b5b9b2-1800-0000-ef90-627ccb070000 pid=1995 execve guuid=3d530fb3-1800-0000-ef90-627ccc070000 pid=1996 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=3d530fb3-1800-0000-ef90-627ccc070000 pid=1996 execve guuid=c0d0f2cb-1800-0000-ef90-627ce6070000 pid=2022 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=c0d0f2cb-1800-0000-ef90-627ce6070000 pid=2022 execve guuid=2ed232cc-1800-0000-ef90-627ce8070000 pid=2024 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=2ed232cc-1800-0000-ef90-627ce8070000 pid=2024 clone guuid=0d22bbcc-1800-0000-ef90-627ceb070000 pid=2027 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=0d22bbcc-1800-0000-ef90-627ceb070000 pid=2027 execve guuid=47c56bcd-1800-0000-ef90-627cec070000 pid=2028 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=47c56bcd-1800-0000-ef90-627cec070000 pid=2028 execve guuid=de3c4add-1800-0000-ef90-627cf6070000 pid=2038 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=de3c4add-1800-0000-ef90-627cf6070000 pid=2038 execve guuid=8e2ea0dd-1800-0000-ef90-627cf8070000 pid=2040 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=8e2ea0dd-1800-0000-ef90-627cf8070000 pid=2040 clone guuid=32712ade-1800-0000-ef90-627cfb070000 pid=2043 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=32712ade-1800-0000-ef90-627cfb070000 pid=2043 execve guuid=63796ade-1800-0000-ef90-627cfd070000 pid=2045 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=63796ade-1800-0000-ef90-627cfd070000 pid=2045 execve guuid=3d1e70ec-1800-0000-ef90-627c0f080000 pid=2063 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=3d1e70ec-1800-0000-ef90-627c0f080000 pid=2063 execve guuid=211dccec-1800-0000-ef90-627c10080000 pid=2064 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=211dccec-1800-0000-ef90-627c10080000 pid=2064 clone guuid=5cabb8ed-1800-0000-ef90-627c13080000 pid=2067 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=5cabb8ed-1800-0000-ef90-627c13080000 pid=2067 execve guuid=a4d914ee-1800-0000-ef90-627c15080000 pid=2069 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=a4d914ee-1800-0000-ef90-627c15080000 pid=2069 execve guuid=a4623afc-1800-0000-ef90-627c32080000 pid=2098 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=a4623afc-1800-0000-ef90-627c32080000 pid=2098 execve guuid=80097dfc-1800-0000-ef90-627c34080000 pid=2100 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=80097dfc-1800-0000-ef90-627c34080000 pid=2100 clone guuid=3e2b2bfd-1800-0000-ef90-627c37080000 pid=2103 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=3e2b2bfd-1800-0000-ef90-627c37080000 pid=2103 execve guuid=7b74ecfd-1800-0000-ef90-627c38080000 pid=2104 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=7b74ecfd-1800-0000-ef90-627c38080000 pid=2104 execve guuid=cc07980c-1900-0000-ef90-627c50080000 pid=2128 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=cc07980c-1900-0000-ef90-627c50080000 pid=2128 execve guuid=32ec290d-1900-0000-ef90-627c51080000 pid=2129 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=32ec290d-1900-0000-ef90-627c51080000 pid=2129 clone guuid=2f3ac10d-1900-0000-ef90-627c53080000 pid=2131 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=2f3ac10d-1900-0000-ef90-627c53080000 pid=2131 execve guuid=b93e0b0e-1900-0000-ef90-627c55080000 pid=2133 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=b93e0b0e-1900-0000-ef90-627c55080000 pid=2133 execve guuid=9a46181c-1900-0000-ef90-627c73080000 pid=2163 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=9a46181c-1900-0000-ef90-627c73080000 pid=2163 execve guuid=69898b1c-1900-0000-ef90-627c74080000 pid=2164 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=69898b1c-1900-0000-ef90-627c74080000 pid=2164 clone guuid=236f221d-1900-0000-ef90-627c77080000 pid=2167 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=236f221d-1900-0000-ef90-627c77080000 pid=2167 execve guuid=d497611d-1900-0000-ef90-627c78080000 pid=2168 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=d497611d-1900-0000-ef90-627c78080000 pid=2168 execve guuid=ff497829-1900-0000-ef90-627c93080000 pid=2195 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=ff497829-1900-0000-ef90-627c93080000 pid=2195 execve guuid=23dbda29-1900-0000-ef90-627c95080000 pid=2197 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=23dbda29-1900-0000-ef90-627c95080000 pid=2197 clone guuid=65e3752a-1900-0000-ef90-627c99080000 pid=2201 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=65e3752a-1900-0000-ef90-627c99080000 pid=2201 execve guuid=0850cd2a-1900-0000-ef90-627c9b080000 pid=2203 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=0850cd2a-1900-0000-ef90-627c9b080000 pid=2203 execve guuid=fd0e603c-1900-0000-ef90-627ccb080000 pid=2251 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=fd0e603c-1900-0000-ef90-627ccb080000 pid=2251 execve guuid=a9a7c63c-1900-0000-ef90-627ccd080000 pid=2253 /usr/bin/dash guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=a9a7c63c-1900-0000-ef90-627ccd080000 pid=2253 clone guuid=1e67413e-1900-0000-ef90-627cd3080000 pid=2259 /usr/bin/rm delete-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=1e67413e-1900-0000-ef90-627cd3080000 pid=2259 execve guuid=a633b33e-1900-0000-ef90-627cd5080000 pid=2261 /usr/bin/wget net send-data write-file guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=a633b33e-1900-0000-ef90-627cd5080000 pid=2261 execve guuid=17256f4a-1900-0000-ef90-627cf4080000 pid=2292 /usr/bin/chmod guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=17256f4a-1900-0000-ef90-627cf4080000 pid=2292 execve guuid=899ed44a-1900-0000-ef90-627cf6080000 pid=2294 /tmp/whisper.i686 net send-data guuid=01711f29-1800-0000-ef90-627cbe060000 pid=1726->guuid=899ed44a-1900-0000-ef90-627cf6080000 pid=2294 execve 4466a7ec-d357-5dbd-9f7f-c7e61f48c387 31.170.22.205:80 guuid=b04cb429-1800-0000-ef90-627cc1060000 pid=1729->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 146B guuid=b7993538-1800-0000-ef90-627cec060000 pid=1772->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 146B guuid=e8384645-1800-0000-ef90-627c08070000 pid=1800->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 146B guuid=778e4752-1800-0000-ef90-627c29070000 pid=1833->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 148B guuid=aa151062-1800-0000-ef90-627c50070000 pid=1872->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=6aba3371-1800-0000-ef90-627c72070000 pid=1906->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=ed759f7e-1800-0000-ef90-627c96070000 pid=1942->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=bcaf248b-1800-0000-ef90-627cb2070000 pid=1970->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 145B guuid=46ea969c-1800-0000-ef90-627cbf070000 pid=1983->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 147B guuid=3d530fb3-1800-0000-ef90-627ccc070000 pid=1996->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 149B guuid=47c56bcd-1800-0000-ef90-627cec070000 pid=2028->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 152B guuid=63796ade-1800-0000-ef90-627cfd070000 pid=2045->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=a4d914ee-1800-0000-ef90-627c15080000 pid=2069->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 147B guuid=7b74ecfd-1800-0000-ef90-627c38080000 pid=2104->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 148B guuid=b93e0b0e-1900-0000-ef90-627c55080000 pid=2133->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 148B guuid=d497611d-1900-0000-ef90-627c78080000 pid=2168->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 145B guuid=0850cd2a-1900-0000-ef90-627c9b080000 pid=2203->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 144B guuid=a633b33e-1900-0000-ef90-627cd5080000 pid=2261->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 145B guuid=899ed44a-1900-0000-ef90-627cf6080000 pid=2294->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 139B
Score:
98%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/bfbb97df182a601ebfd154ccb66b1c6340493fbb79dbe77897683580af23828d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bfbb97df182a601ebfd154ccb66b1c6340493fbb79dbe77897683580af23828d/
Threat name:
Script-Shell.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2025-07-21 01:24:00 UTC
File Type:
Text (Shell)
AV detection:
10 of 23 (43.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x65zpxyyfjqb5p6rktglm2y4mnaesp53phn6o6exna2yblzdqkgq._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bfbb97df182a601ebfd154ccb66b1c6340493fbb79dbe77897683580af23828d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

DDoSAgent

sh bfbb97df182a601ebfd154ccb66b1c6340493fbb79dbe77897683580af23828d

(this sample)

DDoSAgent

elf 55d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527

  
URLhaus
https://urlhaus.abuse.ch/url/3494793/
  
Delivery method
Distributed via web download
  
Dropping
MD5 2f4c13a8e22bcca551ce49a5b20245af
  
Dropping
SHA256 55d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527

Comments