MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cd8854cd185ccd37c4b95c87bf33f8bd687b841fa4d29893f9f7a747703cdcea. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cd8854cd185ccd37c4b95c87bf33f8bd687b841fa4d29893f9f7a747703cdcea
SHA3-384 hash: 9a50cdbc41a4efa31ef61af37ad5a80786e297aebbe26ff99c1e4f47784ebbc5c032073e925e89fb9228a83b9500b014
SHA1 hash: 444eba5fc448ec81184a524d0b309261342ada5d
MD5 hash: 3a2691b3189da909613bb837e94734b6
humanhash: illinois-kansas-william-mountain
File name:bins.sh
Download: download sample
File size:290 bytes
First seen:2026-05-30 19:01:46 UTC
Last seen:2026-05-31 05:00:40 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 6:hdaycKT40eTBDgIWEMGzBqlQXZRlEafaqUZtL57bNwb:Xai4TBUlGzYlEBC3THGb
TLSH T15AD02B45106336957A435F117939ABC076016C25A620092ED3A9BB134DBDF41370D871
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh

Intelligence

File Origin
# of uploads :
3
# of downloads :
56
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.Mirai-82.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-2.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
First seen:
2026-05-30T16:17:00Z UTC
Last seen:
2026-05-31T22:33:00Z UTC
Hits:
~10
Detections:
Trojan-Downloader.Shell.Agent.bi HEUR:Trojan-Downloader.Shell.Mirai.a
Link:
https://opentip.kaspersky.com/cd8854cd185ccd37c4b95c87bf33f8bd687b841fa4d29893f9f7a747703cdcea/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/32089733-f2cc-4c9d-bb97-6735e212af28
Behavior Graph:
Download SVG
%3 guuid=e40a54fc-1800-0000-b697-bbd17f050000 pid=1407 /usr/bin/sudo guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416 /tmp/sample.bin guuid=e40a54fc-1800-0000-b697-bbd17f050000 pid=1407->guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416 execve guuid=29a3e3ff-1800-0000-b697-bbd189050000 pid=1417 /usr/bin/wget net send-data write-file guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=29a3e3ff-1800-0000-b697-bbd189050000 pid=1417 execve guuid=3485fe4a-1900-0000-b697-bbd14b060000 pid=1611 /usr/bin/chmod guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=3485fe4a-1900-0000-b697-bbd14b060000 pid=1611 execve guuid=fdfb534b-1900-0000-b697-bbd14d060000 pid=1613 /home/sandbox/dvrHelper delete-file net guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=fdfb534b-1900-0000-b697-bbd14d060000 pid=1613 execve guuid=2c08a94b-1900-0000-b697-bbd14f060000 pid=1615 /usr/bin/wget net send-data write-file guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=2c08a94b-1900-0000-b697-bbd14f060000 pid=1615 execve guuid=0b869799-1900-0000-b697-bbd10a070000 pid=1802 /usr/bin/chmod guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=0b869799-1900-0000-b697-bbd10a070000 pid=1802 execve guuid=25de049a-1900-0000-b697-bbd10c070000 pid=1804 /home/sandbox/dvrHelper delete-file net guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=25de049a-1900-0000-b697-bbd10c070000 pid=1804 execve guuid=86dedac4-1a00-0000-b697-bbd128090000 pid=2344 /usr/bin/wget net send-data write-file guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=86dedac4-1a00-0000-b697-bbd128090000 pid=2344 execve guuid=fe127f0c-1b00-0000-b697-bbd1b4090000 pid=2484 /usr/bin/chmod guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=fe127f0c-1b00-0000-b697-bbd1b4090000 pid=2484 execve guuid=f5a4c00c-1b00-0000-b697-bbd1b5090000 pid=2485 /usr/bin/dash guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=f5a4c00c-1b00-0000-b697-bbd1b5090000 pid=2485 clone guuid=347e670d-1b00-0000-b697-bbd1b8090000 pid=2488 /usr/bin/wget net send-data write-file guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=347e670d-1b00-0000-b697-bbd1b8090000 pid=2488 execve guuid=88208c53-1b00-0000-b697-bbd1540a0000 pid=2644 /usr/bin/chmod guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=88208c53-1b00-0000-b697-bbd1540a0000 pid=2644 execve guuid=d5670d54-1b00-0000-b697-bbd1570a0000 pid=2647 /usr/bin/dash guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=d5670d54-1b00-0000-b697-bbd1570a0000 pid=2647 clone guuid=202dea54-1b00-0000-b697-bbd15b0a0000 pid=2651 /usr/bin/wget net send-data write-file guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=202dea54-1b00-0000-b697-bbd15b0a0000 pid=2651 execve guuid=053c1da1-1b00-0000-b697-bbd1cb0a0000 pid=2763 /usr/bin/chmod guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=053c1da1-1b00-0000-b697-bbd1cb0a0000 pid=2763 execve guuid=d35e9fa1-1b00-0000-b697-bbd1cc0a0000 pid=2764 /usr/bin/dash guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=d35e9fa1-1b00-0000-b697-bbd1cc0a0000 pid=2764 clone guuid=7a342ea3-1b00-0000-b697-bbd1ce0a0000 pid=2766 /usr/bin/wget net send-data write-file guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=7a342ea3-1b00-0000-b697-bbd1ce0a0000 pid=2766 execve guuid=07662deb-1b00-0000-b697-bbd1290b0000 pid=2857 /usr/bin/chmod guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=07662deb-1b00-0000-b697-bbd1290b0000 pid=2857 execve guuid=cb9aafeb-1b00-0000-b697-bbd12a0b0000 pid=2858 /usr/bin/dash guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=cb9aafeb-1b00-0000-b697-bbd12a0b0000 pid=2858 clone guuid=2ab8eaec-1b00-0000-b697-bbd12d0b0000 pid=2861 /usr/bin/wget net send-data write-file guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=2ab8eaec-1b00-0000-b697-bbd12d0b0000 pid=2861 execve guuid=d56f9635-1c00-0000-b697-bbd1a30b0000 pid=2979 /usr/bin/chmod guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=d56f9635-1c00-0000-b697-bbd1a30b0000 pid=2979 execve guuid=5e07e635-1c00-0000-b697-bbd1a50b0000 pid=2981 /usr/bin/dash guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=5e07e635-1c00-0000-b697-bbd1a50b0000 pid=2981 clone guuid=f6ffb236-1c00-0000-b697-bbd1a80b0000 pid=2984 /usr/bin/wget net send-data write-file guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=f6ffb236-1c00-0000-b697-bbd1a80b0000 pid=2984 execve guuid=15a7a57b-1c00-0000-b697-bbd1510c0000 pid=3153 /usr/bin/chmod guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=15a7a57b-1c00-0000-b697-bbd1510c0000 pid=3153 execve guuid=36a5f17b-1c00-0000-b697-bbd1520c0000 pid=3154 /usr/bin/dash guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=36a5f17b-1c00-0000-b697-bbd1520c0000 pid=3154 clone guuid=28658c7c-1c00-0000-b697-bbd1550c0000 pid=3157 /usr/bin/wget net send-data write-file guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=28658c7c-1c00-0000-b697-bbd1550c0000 pid=3157 execve guuid=4a7ea6d3-1c00-0000-b697-bbd1af0c0000 pid=3247 /usr/bin/chmod guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=4a7ea6d3-1c00-0000-b697-bbd1af0c0000 pid=3247 execve guuid=c0680bd4-1c00-0000-b697-bbd1b10c0000 pid=3249 /usr/bin/dash guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=c0680bd4-1c00-0000-b697-bbd1b10c0000 pid=3249 clone guuid=47d4bcd5-1c00-0000-b697-bbd1b40c0000 pid=3252 /usr/bin/wget net send-data write-file guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=47d4bcd5-1c00-0000-b697-bbd1b40c0000 pid=3252 execve guuid=ebebf219-1d00-0000-b697-bbd11d0d0000 pid=3357 /usr/bin/chmod guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=ebebf219-1d00-0000-b697-bbd11d0d0000 pid=3357 execve guuid=fd067f1a-1d00-0000-b697-bbd11e0d0000 pid=3358 /usr/bin/dash guuid=d53aa1ff-1800-0000-b697-bbd188050000 pid=1416->guuid=fd067f1a-1d00-0000-b697-bbd11e0d0000 pid=3358 clone c21c70c6-e5db-5be8-98a5-018504c93149 78.13.245.82:80 guuid=29a3e3ff-1800-0000-b697-bbd189050000 pid=1417->c21c70c6-e5db-5be8-98a5-018504c93149 send: 144B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=fdfb534b-1900-0000-b697-bbd14d060000 pid=1613->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=413e9d4b-1900-0000-b697-bbd14e060000 pid=1614 /home/sandbox/dvrHelper net send-data zombie guuid=fdfb534b-1900-0000-b697-bbd14d060000 pid=1613->guuid=413e9d4b-1900-0000-b697-bbd14e060000 pid=1614 clone guuid=413e9d4b-1900-0000-b697-bbd14e060000 pid=1614->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 110B 310a0ed0-c544-54ca-bf3f-fca55e459297 65.222.202.53:80 guuid=413e9d4b-1900-0000-b697-bbd14e060000 pid=1614->310a0ed0-c544-54ca-bf3f-fca55e459297 con guuid=62ffab4b-1900-0000-b697-bbd150060000 pid=1616 /home/sandbox/dvrHelper guuid=413e9d4b-1900-0000-b697-bbd14e060000 pid=1614->guuid=62ffab4b-1900-0000-b697-bbd150060000 pid=1616 clone guuid=2c08a94b-1900-0000-b697-bbd14f060000 pid=1615->c21c70c6-e5db-5be8-98a5-018504c93149 send: 141B guuid=25de049a-1900-0000-b697-bbd10c070000 pid=1804->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 8ff25191-b423-5251-a735-2378c22ab12a 0.0.0.0:48101 guuid=25de049a-1900-0000-b697-bbd10c070000 pid=1804->8ff25191-b423-5251-a735-2378c22ab12a con guuid=a909d4c4-1a00-0000-b697-bbd127090000 pid=2343 /home/sandbox/dvrHelper net send-data zombie guuid=25de049a-1900-0000-b697-bbd10c070000 pid=1804->guuid=a909d4c4-1a00-0000-b697-bbd127090000 pid=2343 clone guuid=a909d4c4-1a00-0000-b697-bbd127090000 pid=2343->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 send: 374B guuid=a909d4c4-1a00-0000-b697-bbd127090000 pid=2343->310a0ed0-c544-54ca-bf3f-fca55e459297 send: 2B guuid=c145e7c4-1a00-0000-b697-bbd129090000 pid=2345 /home/sandbox/dvrHelper guuid=a909d4c4-1a00-0000-b697-bbd127090000 pid=2343->guuid=c145e7c4-1a00-0000-b697-bbd129090000 pid=2345 clone guuid=4f31eec4-1a00-0000-b697-bbd12a090000 pid=2346 /home/sandbox/dvrHelper net net-scan send-data guuid=a909d4c4-1a00-0000-b697-bbd127090000 pid=2343->guuid=4f31eec4-1a00-0000-b697-bbd12a090000 pid=2346 clone guuid=86dedac4-1a00-0000-b697-bbd128090000 pid=2344->c21c70c6-e5db-5be8-98a5-018504c93149 send: 142B guuid=4f31eec4-1a00-0000-b697-bbd12a090000 pid=2346->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4f31eec4-1a00-0000-b697-bbd12a090000 pid=2346|send-data send-data to 4097 IP addresses review logs to see them all guuid=4f31eec4-1a00-0000-b697-bbd12a090000 pid=2346->guuid=4f31eec4-1a00-0000-b697-bbd12a090000 pid=2346|send-data send guuid=347e670d-1b00-0000-b697-bbd1b8090000 pid=2488->c21c70c6-e5db-5be8-98a5-018504c93149 send: 141B guuid=202dea54-1b00-0000-b697-bbd15b0a0000 pid=2651->c21c70c6-e5db-5be8-98a5-018504c93149 send: 142B guuid=7a342ea3-1b00-0000-b697-bbd1ce0a0000 pid=2766->c21c70c6-e5db-5be8-98a5-018504c93149 send: 142B guuid=2ab8eaec-1b00-0000-b697-bbd12d0b0000 pid=2861->c21c70c6-e5db-5be8-98a5-018504c93149 send: 141B guuid=f6ffb236-1c00-0000-b697-bbd1a80b0000 pid=2984->c21c70c6-e5db-5be8-98a5-018504c93149 send: 141B guuid=28658c7c-1c00-0000-b697-bbd1550c0000 pid=3157->c21c70c6-e5db-5be8-98a5-018504c93149 send: 141B guuid=47d4bcd5-1c00-0000-b697-bbd1b40c0000 pid=3252->c21c70c6-e5db-5be8-98a5-018504c93149 send: 142B
Score:
96%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/cd8854cd185ccd37c4b95c87bf33f8bd687b841fa4d29893f9f7a747703cdcea
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cd8854cd185ccd37c4b95c87bf33f8bd687b841fa4d29893f9f7a747703cdcea/
Threat name:
Linux.Trojan.Dakkatoni
Create hunting rule
Status:
Malicious
First seen:
2026-05-30 19:02:45 UTC
File Type:
Text (Shell)
AV detection:
13 of 24 (54.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zwefjtiyltgtprfzlsd36m7yxvuhxba7utjjre7z66tuo4b43tva._file
Result
Malware family:
n/a
Score:
  9/10
Tags:
defense_evasion discovery linux
Link:
https://tria.ge/reports/260530-xpzvtabv8x/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Reads system network configuration
Enumerates active TCP sockets
Enumerates running processes
File and Directory Permissions Modification
Deletes itself
Executes dropped EXE
Modifies Watchdog functionality
Contacts a large (22409) amount of remote hosts
Creates a large amount of network flows
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.37
Link:
https://yomi.yoroi.company/submissions/cd8854cd185ccd37c4b95c87bf33f8bd687b841fa4d29893f9f7a747703cdcea

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh cd8854cd185ccd37c4b95c87bf33f8bd687b841fa4d29893f9f7a747703cdcea

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3855968/
  
Delivery method
Distributed via web download

Comments