MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d5ecab0f13eb33cf39c40cd671c78a44f20d619d52abf26da31fc86f1dac738c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments

SHA256 hash: d5ecab0f13eb33cf39c40cd671c78a44f20d619d52abf26da31fc86f1dac738c
SHA3-384 hash: 38decd3d513bc091b858d0e9d553295fb919c6e158d0a3fb55a3707c0c37e7f9cd75db2147608e4a8ee7225ae269ff6a
SHA1 hash: 2792659ebe971210c7d166c6fec3b26d7f9cd65f
MD5 hash: 4bcfcebb2b7bc24efd72c278727f9867
humanhash: network-hotel-ink-golf
File name:dl600
Download: download sample
File size:8'012 bytes
First seen:2026-06-13 12:09:02 UTC
Last seen:2026-06-25 16:48:25 UTC
File type: sh
MIME type:text/plain
ssdeep 96:l6InWckW7E9WUv48wYWO5aDB4RTmRXs31mWOJnLwhzim7sHuezcCW3DGAgfaka9i:py4d228XOIGLQy
TLSH T146F193CD03D642305841760F35D66F18A89857E1ACF34F9AB8CDEEEA1924E55F528F09
Magika batch
Reporter Blackdome
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://31.170.22.205/bins/whisper.armv555d6cc5c314be3c2c988a797eeed584c7844549513e5eb9106a3a266f5c9c527 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.armv62b4c87240aaf767982d676933e628f8bf2957c931d906a90c88ccf3a18dc55ce DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.armv7e97da696893a2a090ac962789c524119aacab5583df1f2074c081295a0f582e3 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.aarch6438b7cbe9ff53cec015d67d04da59bcced70fae6c7e1d15baf95abc34035cc862 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.aarch64be5b489dfd7395de9106468d7b92374c56d30af994b4ea06be6c77e98ba540cf6a DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.arcle750d6001350ab65adfd7a9e0fca7560c49fc5d8f6e96939f1bdb630599e5fb902a14 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.arclehs381a3c8f2dbd32b05b5dc1c7ebd3b5cdaaf24fb5296978e6061671edca802a41f4 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.mips3d0ff85391334a8130b92bf85bb1b760f7f060508a5bfaab3ff7eb9a2ca53b0a DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64b8c1191781c9feb322cfcacf40f4f1d207a09af4d786e26a7455e8a36afd4a1c DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64le527a822afceebc65d8926a1dd0c3c97862f3e114db26f104797c58f45a2e609c DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.mips64len32c6a1cd7348531c4c0db50ecf21f64e444b33a3ff194ed55a467adb938ec22408 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.mips64n3290676d5a951bfb339c20472a0d3ff253767268f54be520eb6410522eeba9741e DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.mipslee479f82af03dd6087f688cd398fc792a6443e362c9a36348ab53a3f6ddc591a2 DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.riscv3245ca399bc539910e391f87bb398acac0f5c47410acb0d329ea3bf82406b3c189 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.riscv6484dbcc96a5ede7cb185d06f1116aee3bbe07e85ab020e86b5d4bfa9dcc6e60e1 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.m68kc304b1825bfe337bc1801440ca0bb1cda35aa96672d60952b852a5b2e3255f06 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.sh4n/an/aelf
http://31.170.22.205/bins/whisper.i6862ba541b4a6c62619d785852c86d67829118e70a52105ef37f32010aecb64784b DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.x6411742623bba0e1ca221814a36cd8239be94898c59fcc61c1328a6230a9981219 DDoSAgentDDoSAgent elf mirai opendir
http://31.170.22.205/bins/whisper.powerpc440fp197455fb6ac704dea344ee392427a842c243f6919c6886965b9586424b65e00b DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64e55001033d5f5d215d7df4d05737606f8323406eaeb9c215e1308fe48e77aba6f00f4 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64e6500a97c72cdfb63586cf2bbf84c6839b38eaf7af1a474d6f5f27af0b11f7140f067 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64lepower84d5ef555aac80b752223c279e28e49de774e1a68309e426095c52690a105f313 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpc64power8e3ed9343357d6cb963060d7908aa2637165f89cf21a4eb8f7538bb2ddb79e54f DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpce300c395d23e5693047c429dcf68baf9141ee074a578d08d434f6e1ae520374d0c7928 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.powerpce500mc189b5636d5a9a46a6ed38a7fdcd6b4f063fd7abc292363ff9ef7ac77852eae49 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.sparc25bf2d5845b6d3497bbceeeda40ba99a78e27f8ca88ec2efb690d919b4c5b8f6 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.sparc640e7338e304ae5c960e232d80d98edb0a281d03c974ab13c6de4b0596fd0557c9 DDoSAgentDDoSAgent elf
http://31.170.22.205/bins/whisper.armv4n/an/aelf

Intelligence


File Origin
# of uploads :
4
# of downloads :
19
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-06-13T08:54:00Z UTC
Last seen:
2026-06-15T00:48:00Z UTC
Hits:
~10
Status:
terminated
Behavior Graph:
%3 guuid=fe45ded2-1f00-0000-dfc4-fc3a5a0a0000 pid=2650 /usr/bin/sudo guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659 /tmp/sample.bin guuid=fe45ded2-1f00-0000-dfc4-fc3a5a0a0000 pid=2650->guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659 execve guuid=49b9d2d5-1f00-0000-dfc4-fc3a650a0000 pid=2661 /usr/bin/rm guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=49b9d2d5-1f00-0000-dfc4-fc3a650a0000 pid=2661 execve guuid=811124d6-1f00-0000-dfc4-fc3a670a0000 pid=2663 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=811124d6-1f00-0000-dfc4-fc3a670a0000 pid=2663 execve guuid=dc371de1-1f00-0000-dfc4-fc3a800a0000 pid=2688 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=dc371de1-1f00-0000-dfc4-fc3a800a0000 pid=2688 execve guuid=89c26be1-1f00-0000-dfc4-fc3a820a0000 pid=2690 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=89c26be1-1f00-0000-dfc4-fc3a820a0000 pid=2690 clone guuid=57710ee2-1f00-0000-dfc4-fc3a860a0000 pid=2694 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=57710ee2-1f00-0000-dfc4-fc3a860a0000 pid=2694 execve guuid=c9cc7ce2-1f00-0000-dfc4-fc3a880a0000 pid=2696 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=c9cc7ce2-1f00-0000-dfc4-fc3a880a0000 pid=2696 execve guuid=4dc54eeb-1f00-0000-dfc4-fc3a9b0a0000 pid=2715 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=4dc54eeb-1f00-0000-dfc4-fc3a9b0a0000 pid=2715 execve guuid=ec3db2eb-1f00-0000-dfc4-fc3a9c0a0000 pid=2716 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=ec3db2eb-1f00-0000-dfc4-fc3a9c0a0000 pid=2716 clone guuid=f37a31ed-1f00-0000-dfc4-fc3aa20a0000 pid=2722 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=f37a31ed-1f00-0000-dfc4-fc3aa20a0000 pid=2722 execve guuid=94bd94ed-1f00-0000-dfc4-fc3aa40a0000 pid=2724 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=94bd94ed-1f00-0000-dfc4-fc3aa40a0000 pid=2724 execve guuid=006abd08-2000-0000-dfc4-fc3adb0a0000 pid=2779 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=006abd08-2000-0000-dfc4-fc3adb0a0000 pid=2779 execve guuid=fe7b3909-2000-0000-dfc4-fc3adc0a0000 pid=2780 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=fe7b3909-2000-0000-dfc4-fc3adc0a0000 pid=2780 clone guuid=2216d40a-2000-0000-dfc4-fc3ae10a0000 pid=2785 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=2216d40a-2000-0000-dfc4-fc3ae10a0000 pid=2785 execve guuid=83e5180b-2000-0000-dfc4-fc3ae30a0000 pid=2787 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=83e5180b-2000-0000-dfc4-fc3ae30a0000 pid=2787 execve guuid=b54c8113-2000-0000-dfc4-fc3af20a0000 pid=2802 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=b54c8113-2000-0000-dfc4-fc3af20a0000 pid=2802 execve guuid=12d3bf13-2000-0000-dfc4-fc3af40a0000 pid=2804 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=12d3bf13-2000-0000-dfc4-fc3af40a0000 pid=2804 clone guuid=f35e6114-2000-0000-dfc4-fc3af70a0000 pid=2807 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=f35e6114-2000-0000-dfc4-fc3af70a0000 pid=2807 execve guuid=1a12cb14-2000-0000-dfc4-fc3af90a0000 pid=2809 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=1a12cb14-2000-0000-dfc4-fc3af90a0000 pid=2809 execve guuid=362e9e1d-2000-0000-dfc4-fc3a0b0b0000 pid=2827 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=362e9e1d-2000-0000-dfc4-fc3a0b0b0000 pid=2827 execve guuid=f0b0011e-2000-0000-dfc4-fc3a0c0b0000 pid=2828 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=f0b0011e-2000-0000-dfc4-fc3a0c0b0000 pid=2828 clone guuid=e191c91e-2000-0000-dfc4-fc3a0e0b0000 pid=2830 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=e191c91e-2000-0000-dfc4-fc3a0e0b0000 pid=2830 execve guuid=9de62a1f-2000-0000-dfc4-fc3a0f0b0000 pid=2831 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=9de62a1f-2000-0000-dfc4-fc3a0f0b0000 pid=2831 execve guuid=b892fc27-2000-0000-dfc4-fc3a180b0000 pid=2840 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=b892fc27-2000-0000-dfc4-fc3a180b0000 pid=2840 execve guuid=5cf86f28-2000-0000-dfc4-fc3a190b0000 pid=2841 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=5cf86f28-2000-0000-dfc4-fc3a190b0000 pid=2841 clone guuid=d021d42a-2000-0000-dfc4-fc3a1e0b0000 pid=2846 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=d021d42a-2000-0000-dfc4-fc3a1e0b0000 pid=2846 execve guuid=758d3c2b-2000-0000-dfc4-fc3a210b0000 pid=2849 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=758d3c2b-2000-0000-dfc4-fc3a210b0000 pid=2849 execve guuid=7e3ee132-2000-0000-dfc4-fc3a320b0000 pid=2866 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=7e3ee132-2000-0000-dfc4-fc3a320b0000 pid=2866 execve guuid=4eca2533-2000-0000-dfc4-fc3a340b0000 pid=2868 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=4eca2533-2000-0000-dfc4-fc3a340b0000 pid=2868 clone guuid=52403035-2000-0000-dfc4-fc3a370b0000 pid=2871 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=52403035-2000-0000-dfc4-fc3a370b0000 pid=2871 execve guuid=9124b235-2000-0000-dfc4-fc3a380b0000 pid=2872 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=9124b235-2000-0000-dfc4-fc3a380b0000 pid=2872 execve guuid=77993e42-2000-0000-dfc4-fc3a460b0000 pid=2886 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=77993e42-2000-0000-dfc4-fc3a460b0000 pid=2886 execve guuid=a22f9f42-2000-0000-dfc4-fc3a470b0000 pid=2887 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=a22f9f42-2000-0000-dfc4-fc3a470b0000 pid=2887 clone guuid=82f93d43-2000-0000-dfc4-fc3a490b0000 pid=2889 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=82f93d43-2000-0000-dfc4-fc3a490b0000 pid=2889 execve guuid=9f538543-2000-0000-dfc4-fc3a4a0b0000 pid=2890 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=9f538543-2000-0000-dfc4-fc3a4a0b0000 pid=2890 execve guuid=e1841a4c-2000-0000-dfc4-fc3a5c0b0000 pid=2908 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=e1841a4c-2000-0000-dfc4-fc3a5c0b0000 pid=2908 execve guuid=d7667b4c-2000-0000-dfc4-fc3a5e0b0000 pid=2910 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=d7667b4c-2000-0000-dfc4-fc3a5e0b0000 pid=2910 clone guuid=09dc444d-2000-0000-dfc4-fc3a630b0000 pid=2915 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=09dc444d-2000-0000-dfc4-fc3a630b0000 pid=2915 execve guuid=a7e9964d-2000-0000-dfc4-fc3a640b0000 pid=2916 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=a7e9964d-2000-0000-dfc4-fc3a640b0000 pid=2916 execve guuid=2b078456-2000-0000-dfc4-fc3a800b0000 pid=2944 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=2b078456-2000-0000-dfc4-fc3a800b0000 pid=2944 execve guuid=0bd4ec56-2000-0000-dfc4-fc3a810b0000 pid=2945 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=0bd4ec56-2000-0000-dfc4-fc3a810b0000 pid=2945 clone guuid=31ae6c57-2000-0000-dfc4-fc3a850b0000 pid=2949 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=31ae6c57-2000-0000-dfc4-fc3a850b0000 pid=2949 execve guuid=be00ae57-2000-0000-dfc4-fc3a860b0000 pid=2950 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=be00ae57-2000-0000-dfc4-fc3a860b0000 pid=2950 execve guuid=3a18ee5f-2000-0000-dfc4-fc3a990b0000 pid=2969 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=3a18ee5f-2000-0000-dfc4-fc3a990b0000 pid=2969 execve guuid=59934560-2000-0000-dfc4-fc3a9a0b0000 pid=2970 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=59934560-2000-0000-dfc4-fc3a9a0b0000 pid=2970 clone guuid=69690c61-2000-0000-dfc4-fc3a9e0b0000 pid=2974 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=69690c61-2000-0000-dfc4-fc3a9e0b0000 pid=2974 execve guuid=5eb25261-2000-0000-dfc4-fc3aa00b0000 pid=2976 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=5eb25261-2000-0000-dfc4-fc3aa00b0000 pid=2976 execve guuid=3e2ad269-2000-0000-dfc4-fc3ab00b0000 pid=2992 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=3e2ad269-2000-0000-dfc4-fc3ab00b0000 pid=2992 execve guuid=338d166a-2000-0000-dfc4-fc3ab10b0000 pid=2993 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=338d166a-2000-0000-dfc4-fc3ab10b0000 pid=2993 clone guuid=42cb826b-2000-0000-dfc4-fc3ab70b0000 pid=2999 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=42cb826b-2000-0000-dfc4-fc3ab70b0000 pid=2999 execve guuid=df11d36b-2000-0000-dfc4-fc3ab80b0000 pid=3000 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=df11d36b-2000-0000-dfc4-fc3ab80b0000 pid=3000 execve guuid=c0e44974-2000-0000-dfc4-fc3ac80b0000 pid=3016 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=c0e44974-2000-0000-dfc4-fc3ac80b0000 pid=3016 execve guuid=9bc49774-2000-0000-dfc4-fc3aca0b0000 pid=3018 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=9bc49774-2000-0000-dfc4-fc3aca0b0000 pid=3018 clone guuid=f688d076-2000-0000-dfc4-fc3ad00b0000 pid=3024 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=f688d076-2000-0000-dfc4-fc3ad00b0000 pid=3024 execve guuid=b8aa0f77-2000-0000-dfc4-fc3ad20b0000 pid=3026 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=b8aa0f77-2000-0000-dfc4-fc3ad20b0000 pid=3026 execve guuid=7b7f457f-2000-0000-dfc4-fc3ae80b0000 pid=3048 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=7b7f457f-2000-0000-dfc4-fc3ae80b0000 pid=3048 execve guuid=7b988e7f-2000-0000-dfc4-fc3aea0b0000 pid=3050 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=7b988e7f-2000-0000-dfc4-fc3aea0b0000 pid=3050 clone guuid=5174cb81-2000-0000-dfc4-fc3af20b0000 pid=3058 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=5174cb81-2000-0000-dfc4-fc3af20b0000 pid=3058 execve guuid=573e3282-2000-0000-dfc4-fc3af40b0000 pid=3060 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=573e3282-2000-0000-dfc4-fc3af40b0000 pid=3060 execve guuid=d27c7a8b-2000-0000-dfc4-fc3a0a0c0000 pid=3082 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=d27c7a8b-2000-0000-dfc4-fc3a0a0c0000 pid=3082 execve guuid=09db078c-2000-0000-dfc4-fc3a0d0c0000 pid=3085 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=09db078c-2000-0000-dfc4-fc3a0d0c0000 pid=3085 clone guuid=e184fb8c-2000-0000-dfc4-fc3a110c0000 pid=3089 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=e184fb8c-2000-0000-dfc4-fc3a110c0000 pid=3089 execve guuid=a10c4d8d-2000-0000-dfc4-fc3a130c0000 pid=3091 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=a10c4d8d-2000-0000-dfc4-fc3a130c0000 pid=3091 execve guuid=68ab8c95-2000-0000-dfc4-fc3a260c0000 pid=3110 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=68ab8c95-2000-0000-dfc4-fc3a260c0000 pid=3110 execve guuid=01c2ee95-2000-0000-dfc4-fc3a280c0000 pid=3112 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=01c2ee95-2000-0000-dfc4-fc3a280c0000 pid=3112 clone guuid=6036dd96-2000-0000-dfc4-fc3a2c0c0000 pid=3116 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=6036dd96-2000-0000-dfc4-fc3a2c0c0000 pid=3116 execve guuid=d6ea3297-2000-0000-dfc4-fc3a2e0c0000 pid=3118 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=d6ea3297-2000-0000-dfc4-fc3a2e0c0000 pid=3118 execve guuid=78ea18af-2000-0000-dfc4-fc3a690c0000 pid=3177 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=78ea18af-2000-0000-dfc4-fc3a690c0000 pid=3177 execve guuid=75546daf-2000-0000-dfc4-fc3a6c0c0000 pid=3180 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=75546daf-2000-0000-dfc4-fc3a6c0c0000 pid=3180 clone guuid=e79f08b0-2000-0000-dfc4-fc3a6f0c0000 pid=3183 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=e79f08b0-2000-0000-dfc4-fc3a6f0c0000 pid=3183 execve guuid=74dd71b0-2000-0000-dfc4-fc3a710c0000 pid=3185 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=74dd71b0-2000-0000-dfc4-fc3a710c0000 pid=3185 execve guuid=2a7fc6b8-2000-0000-dfc4-fc3a810c0000 pid=3201 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=2a7fc6b8-2000-0000-dfc4-fc3a810c0000 pid=3201 execve guuid=5c350ab9-2000-0000-dfc4-fc3a840c0000 pid=3204 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=5c350ab9-2000-0000-dfc4-fc3a840c0000 pid=3204 clone guuid=74a5a2b9-2000-0000-dfc4-fc3a870c0000 pid=3207 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=74a5a2b9-2000-0000-dfc4-fc3a870c0000 pid=3207 execve guuid=2816e7b9-2000-0000-dfc4-fc3a880c0000 pid=3208 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=2816e7b9-2000-0000-dfc4-fc3a880c0000 pid=3208 execve guuid=77cd24c2-2000-0000-dfc4-fc3aa20c0000 pid=3234 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=77cd24c2-2000-0000-dfc4-fc3aa20c0000 pid=3234 execve guuid=04a358c2-2000-0000-dfc4-fc3aa30c0000 pid=3235 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=04a358c2-2000-0000-dfc4-fc3aa30c0000 pid=3235 clone guuid=daf9dec2-2000-0000-dfc4-fc3aa70c0000 pid=3239 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=daf9dec2-2000-0000-dfc4-fc3aa70c0000 pid=3239 execve guuid=54821cc3-2000-0000-dfc4-fc3aa80c0000 pid=3240 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=54821cc3-2000-0000-dfc4-fc3aa80c0000 pid=3240 execve guuid=dfce73ca-2000-0000-dfc4-fc3abc0c0000 pid=3260 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=dfce73ca-2000-0000-dfc4-fc3abc0c0000 pid=3260 execve guuid=2f4cbcca-2000-0000-dfc4-fc3abe0c0000 pid=3262 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=2f4cbcca-2000-0000-dfc4-fc3abe0c0000 pid=3262 clone guuid=440e64cb-2000-0000-dfc4-fc3ac10c0000 pid=3265 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=440e64cb-2000-0000-dfc4-fc3ac10c0000 pid=3265 execve guuid=81f1a1cb-2000-0000-dfc4-fc3ac30c0000 pid=3267 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=81f1a1cb-2000-0000-dfc4-fc3ac30c0000 pid=3267 execve guuid=fdb3cfd3-2000-0000-dfc4-fc3ad60c0000 pid=3286 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=fdb3cfd3-2000-0000-dfc4-fc3ad60c0000 pid=3286 execve guuid=c5fd44d4-2000-0000-dfc4-fc3ad70c0000 pid=3287 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=c5fd44d4-2000-0000-dfc4-fc3ad70c0000 pid=3287 clone guuid=0f5763d5-2000-0000-dfc4-fc3ad90c0000 pid=3289 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=0f5763d5-2000-0000-dfc4-fc3ad90c0000 pid=3289 execve guuid=a0f2fed5-2000-0000-dfc4-fc3ada0c0000 pid=3290 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=a0f2fed5-2000-0000-dfc4-fc3ada0c0000 pid=3290 execve guuid=6c7536df-2000-0000-dfc4-fc3add0c0000 pid=3293 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=6c7536df-2000-0000-dfc4-fc3add0c0000 pid=3293 execve guuid=3e4b7ddf-2000-0000-dfc4-fc3ade0c0000 pid=3294 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=3e4b7ddf-2000-0000-dfc4-fc3ade0c0000 pid=3294 clone guuid=8f8720e1-2000-0000-dfc4-fc3ae40c0000 pid=3300 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=8f8720e1-2000-0000-dfc4-fc3ae40c0000 pid=3300 execve guuid=66c186e1-2000-0000-dfc4-fc3ae60c0000 pid=3302 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=66c186e1-2000-0000-dfc4-fc3ae60c0000 pid=3302 execve guuid=387018e9-2000-0000-dfc4-fc3af50c0000 pid=3317 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=387018e9-2000-0000-dfc4-fc3af50c0000 pid=3317 execve guuid=aa7687e9-2000-0000-dfc4-fc3af70c0000 pid=3319 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=aa7687e9-2000-0000-dfc4-fc3af70c0000 pid=3319 clone guuid=225d2beb-2000-0000-dfc4-fc3afc0c0000 pid=3324 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=225d2beb-2000-0000-dfc4-fc3afc0c0000 pid=3324 execve guuid=34f285eb-2000-0000-dfc4-fc3afe0c0000 pid=3326 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=34f285eb-2000-0000-dfc4-fc3afe0c0000 pid=3326 execve guuid=8caddbf4-2000-0000-dfc4-fc3a090d0000 pid=3337 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=8caddbf4-2000-0000-dfc4-fc3a090d0000 pid=3337 execve guuid=231159f5-2000-0000-dfc4-fc3a0a0d0000 pid=3338 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=231159f5-2000-0000-dfc4-fc3a0a0d0000 pid=3338 clone guuid=e3c0c6f6-2000-0000-dfc4-fc3a0c0d0000 pid=3340 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=e3c0c6f6-2000-0000-dfc4-fc3a0c0d0000 pid=3340 execve guuid=d00b30f7-2000-0000-dfc4-fc3a0d0d0000 pid=3341 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=d00b30f7-2000-0000-dfc4-fc3a0d0d0000 pid=3341 execve guuid=1cefc8fe-2000-0000-dfc4-fc3a0e0d0000 pid=3342 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=1cefc8fe-2000-0000-dfc4-fc3a0e0d0000 pid=3342 execve guuid=a20639ff-2000-0000-dfc4-fc3a0f0d0000 pid=3343 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=a20639ff-2000-0000-dfc4-fc3a0f0d0000 pid=3343 clone guuid=644f2e00-2100-0000-dfc4-fc3a110d0000 pid=3345 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=644f2e00-2100-0000-dfc4-fc3a110d0000 pid=3345 execve guuid=69a1aa00-2100-0000-dfc4-fc3a120d0000 pid=3346 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=69a1aa00-2100-0000-dfc4-fc3a120d0000 pid=3346 execve guuid=58872e09-2100-0000-dfc4-fc3a210d0000 pid=3361 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=58872e09-2100-0000-dfc4-fc3a210d0000 pid=3361 execve guuid=019a8009-2100-0000-dfc4-fc3a220d0000 pid=3362 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=019a8009-2100-0000-dfc4-fc3a220d0000 pid=3362 clone guuid=9e30750a-2100-0000-dfc4-fc3a250d0000 pid=3365 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=9e30750a-2100-0000-dfc4-fc3a250d0000 pid=3365 execve guuid=7a5dec0a-2100-0000-dfc4-fc3a260d0000 pid=3366 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=7a5dec0a-2100-0000-dfc4-fc3a260d0000 pid=3366 execve guuid=1efd5313-2100-0000-dfc4-fc3a2e0d0000 pid=3374 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=1efd5313-2100-0000-dfc4-fc3a2e0d0000 pid=3374 execve guuid=3deea413-2100-0000-dfc4-fc3a2f0d0000 pid=3375 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=3deea413-2100-0000-dfc4-fc3a2f0d0000 pid=3375 clone guuid=0aac3c15-2100-0000-dfc4-fc3a330d0000 pid=3379 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=0aac3c15-2100-0000-dfc4-fc3a330d0000 pid=3379 execve guuid=a64a8715-2100-0000-dfc4-fc3a350d0000 pid=3381 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=a64a8715-2100-0000-dfc4-fc3a350d0000 pid=3381 execve guuid=7bc0541d-2100-0000-dfc4-fc3a440d0000 pid=3396 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=7bc0541d-2100-0000-dfc4-fc3a440d0000 pid=3396 execve guuid=7beec51d-2100-0000-dfc4-fc3a460d0000 pid=3398 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=7beec51d-2100-0000-dfc4-fc3a460d0000 pid=3398 clone guuid=4ac2fd1e-2100-0000-dfc4-fc3a4a0d0000 pid=3402 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=4ac2fd1e-2100-0000-dfc4-fc3a4a0d0000 pid=3402 execve guuid=4dd9591f-2100-0000-dfc4-fc3a4b0d0000 pid=3403 /usr/bin/wget net send-data write-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=4dd9591f-2100-0000-dfc4-fc3a4b0d0000 pid=3403 execve guuid=ffc1f627-2100-0000-dfc4-fc3a550d0000 pid=3413 /usr/bin/chmod guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=ffc1f627-2100-0000-dfc4-fc3a550d0000 pid=3413 execve guuid=2ef33228-2100-0000-dfc4-fc3a570d0000 pid=3415 /usr/bin/dash guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=2ef33228-2100-0000-dfc4-fc3a570d0000 pid=3415 clone guuid=885ab128-2100-0000-dfc4-fc3a5a0d0000 pid=3418 /usr/bin/rm delete-file guuid=17f06fd5-1f00-0000-dfc4-fc3a630a0000 pid=2659->guuid=885ab128-2100-0000-dfc4-fc3a5a0d0000 pid=3418 execve 4466a7ec-d357-5dbd-9f7f-c7e61f48c387 31.170.22.205:80 guuid=811124d6-1f00-0000-dfc4-fc3a670a0000 pid=2663->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 146B guuid=c9cc7ce2-1f00-0000-dfc4-fc3a880a0000 pid=2696->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 146B guuid=94bd94ed-1f00-0000-dfc4-fc3aa40a0000 pid=2724->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 146B guuid=83e5180b-2000-0000-dfc4-fc3ae30a0000 pid=2787->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 148B guuid=1a12cb14-2000-0000-dfc4-fc3af90a0000 pid=2809->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=9de62a1f-2000-0000-dfc4-fc3a0f0b0000 pid=2831->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=758d3c2b-2000-0000-dfc4-fc3a210b0000 pid=2849->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=9124b235-2000-0000-dfc4-fc3a380b0000 pid=2872->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 145B guuid=9f538543-2000-0000-dfc4-fc3a4a0b0000 pid=2890->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 147B guuid=a7e9964d-2000-0000-dfc4-fc3a640b0000 pid=2916->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 149B guuid=be00ae57-2000-0000-dfc4-fc3a860b0000 pid=2950->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 152B guuid=5eb25261-2000-0000-dfc4-fc3aa00b0000 pid=2976->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 150B guuid=df11d36b-2000-0000-dfc4-fc3ab80b0000 pid=3000->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 147B guuid=b8aa0f77-2000-0000-dfc4-fc3ad20b0000 pid=3026->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 148B guuid=573e3282-2000-0000-dfc4-fc3af40b0000 pid=3060->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 148B guuid=a10c4d8d-2000-0000-dfc4-fc3a130c0000 pid=3091->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 145B guuid=d6ea3297-2000-0000-dfc4-fc3a2e0c0000 pid=3118->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 144B guuid=74dd71b0-2000-0000-dfc4-fc3a710c0000 pid=3185->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 145B guuid=2816e7b9-2000-0000-dfc4-fc3a880c0000 pid=3208->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 144B guuid=54821cc3-2000-0000-dfc4-fc3aa80c0000 pid=3240->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 153B guuid=81f1a1cb-2000-0000-dfc4-fc3ac30c0000 pid=3267->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 155B guuid=a0f2fed5-2000-0000-dfc4-fc3ada0c0000 pid=3290->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 155B guuid=66c186e1-2000-0000-dfc4-fc3ae60c0000 pid=3302->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 158B guuid=34f285eb-2000-0000-dfc4-fc3afe0c0000 pid=3326->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 156B guuid=d00b30f7-2000-0000-dfc4-fc3a0d0d0000 pid=3341->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 154B guuid=69a1aa00-2100-0000-dfc4-fc3a120d0000 pid=3346->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 154B guuid=7a5dec0a-2100-0000-dfc4-fc3a260d0000 pid=3366->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 146B guuid=a64a8715-2100-0000-dfc4-fc3a350d0000 pid=3381->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 148B guuid=4dd9591f-2100-0000-dfc4-fc3a4b0d0000 pid=3403->4466a7ec-d357-5dbd-9f7f-c7e61f48c387 send: 146B
Threat name:
Linux.Downloader.Generic
Status:
Suspicious
First seen:
2026-06-13 14:49:56 UTC
File Type:
Text (Shell)
AV detection:
11 of 23 (47.83%)
Threat level:
  3/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures


MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information


The table below shows additional information about this malware sample such as delivery method and external references.

sh d5ecab0f13eb33cf39c40cd671c78a44f20d619d52abf26da31fc86f1dac738c

(this sample)

Comments