MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e031de762e54fe17c46c8a1936eba20787368ad79f046d762542ca487d7ec3d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments

SHA256 hash: e031de762e54fe17c46c8a1936eba20787368ad79f046d762542ca487d7ec3d2
SHA3-384 hash: e6cb1ae8fed9e4594c002c8c7d5231127bc8c4b446b0814eed29b42473b176a7cb48ebd3727d2df1d78cb5a54d169fca
SHA1 hash: 314aa63b9cc2e2f8454787aa1e7c7855aeb2720a
MD5 hash: 6d9e170a96deeee4cab94fff043de2c3
humanhash: vegan-fifteen-juliet-winter
File name:WSW0
Download: download sample
File size:266 bytes
First seen:2026-07-03 07:38:41 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 6:hTGwn/7QuYPXZpAulNXYq9DG+NjVsNXYrkJ:VG0TR4Piq9DGmKi2
TLSH T1EED0A7F36573527860966455F1DA7F00B450877E8C86863CB92720792E4434AF5C46A4
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://216.107.139.197/n/an/an/a

Intelligence


File Origin
# of uploads :
1
# of downloads :
51
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Status:
terminated
Behavior Graph:
%3 guuid=4a4f31c3-1900-0000-7439-24716d0b0000 pid=2925 /usr/bin/sudo guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932 /tmp/sample.bin guuid=4a4f31c3-1900-0000-7439-24716d0b0000 pid=2925->guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932 execve guuid=06ff40c6-1900-0000-7439-2471760b0000 pid=2934 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=06ff40c6-1900-0000-7439-2471760b0000 pid=2934 execve guuid=43858fc6-1900-0000-7439-2471780b0000 pid=2936 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=43858fc6-1900-0000-7439-2471780b0000 pid=2936 execve guuid=be0f55e2-1900-0000-7439-2471b30b0000 pid=2995 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=be0f55e2-1900-0000-7439-2471b30b0000 pid=2995 execve guuid=04bbbbe2-1900-0000-7439-2471b50b0000 pid=2997 /usr/bin/dash guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=04bbbbe2-1900-0000-7439-2471b50b0000 pid=2997 clone guuid=f8bf4be3-1900-0000-7439-2471b80b0000 pid=3000 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=f8bf4be3-1900-0000-7439-2471b80b0000 pid=3000 execve guuid=93049ee3-1900-0000-7439-2471ba0b0000 pid=3002 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=93049ee3-1900-0000-7439-2471ba0b0000 pid=3002 execve guuid=0573ec04-1a00-0000-7439-2471080c0000 pid=3080 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=0573ec04-1a00-0000-7439-2471080c0000 pid=3080 execve guuid=dc6b3d05-1a00-0000-7439-24710a0c0000 pid=3082 /usr/bin/dash guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=dc6b3d05-1a00-0000-7439-24710a0c0000 pid=3082 clone guuid=d14ecc07-1a00-0000-7439-2471110c0000 pid=3089 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=d14ecc07-1a00-0000-7439-2471110c0000 pid=3089 execve guuid=67010608-1a00-0000-7439-2471130c0000 pid=3091 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=67010608-1a00-0000-7439-2471130c0000 pid=3091 execve guuid=00813823-1a00-0000-7439-24713d0c0000 pid=3133 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=00813823-1a00-0000-7439-24713d0c0000 pid=3133 execve guuid=6f9aa123-1a00-0000-7439-24713e0c0000 pid=3134 /tmp/HKBB guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=6f9aa123-1a00-0000-7439-24713e0c0000 pid=3134 execve guuid=10d2c523-1a00-0000-7439-2471400c0000 pid=3136 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=10d2c523-1a00-0000-7439-2471400c0000 pid=3136 execve guuid=9f327c24-1a00-0000-7439-2471410c0000 pid=3137 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=9f327c24-1a00-0000-7439-2471410c0000 pid=3137 execve guuid=6d54b740-1a00-0000-7439-2471420c0000 pid=3138 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=6d54b740-1a00-0000-7439-2471420c0000 pid=3138 execve guuid=6c584241-1a00-0000-7439-2471430c0000 pid=3139 /usr/bin/dash guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=6c584241-1a00-0000-7439-2471430c0000 pid=3139 clone guuid=f8017b44-1a00-0000-7439-2471450c0000 pid=3141 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=f8017b44-1a00-0000-7439-2471450c0000 pid=3141 execve guuid=cb6c0d45-1a00-0000-7439-2471470c0000 pid=3143 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=cb6c0d45-1a00-0000-7439-2471470c0000 pid=3143 execve guuid=a2b2cb60-1a00-0000-7439-24716c0c0000 pid=3180 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=a2b2cb60-1a00-0000-7439-24716c0c0000 pid=3180 execve guuid=d39ceb61-1a00-0000-7439-24716d0c0000 pid=3181 /tmp/BJXD guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=d39ceb61-1a00-0000-7439-24716d0c0000 pid=3181 execve guuid=8de82762-1a00-0000-7439-24716f0c0000 pid=3183 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=8de82762-1a00-0000-7439-24716f0c0000 pid=3183 execve guuid=70d8fa62-1a00-0000-7439-2471700c0000 pid=3184 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=70d8fa62-1a00-0000-7439-2471700c0000 pid=3184 execve guuid=3f665180-1a00-0000-7439-2471860c0000 pid=3206 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=3f665180-1a00-0000-7439-2471860c0000 pid=3206 execve guuid=8ac5b780-1a00-0000-7439-2471880c0000 pid=3208 /usr/bin/dash guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=8ac5b780-1a00-0000-7439-2471880c0000 pid=3208 clone guuid=18018c82-1a00-0000-7439-24718d0c0000 pid=3213 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=18018c82-1a00-0000-7439-24718d0c0000 pid=3213 execve guuid=a3edcb82-1a00-0000-7439-24718f0c0000 pid=3215 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=a3edcb82-1a00-0000-7439-24718f0c0000 pid=3215 execve guuid=da9388a0-1a00-0000-7439-2471be0c0000 pid=3262 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=da9388a0-1a00-0000-7439-2471be0c0000 pid=3262 execve guuid=1171e1a0-1a00-0000-7439-2471c00c0000 pid=3264 /usr/bin/dash guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=1171e1a0-1a00-0000-7439-2471c00c0000 pid=3264 clone guuid=cd617ea1-1a00-0000-7439-2471c30c0000 pid=3267 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=cd617ea1-1a00-0000-7439-2471c30c0000 pid=3267 execve guuid=9a4cbda1-1a00-0000-7439-2471c50c0000 pid=3269 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=9a4cbda1-1a00-0000-7439-2471c50c0000 pid=3269 execve guuid=caee7abf-1a00-0000-7439-2471ec0c0000 pid=3308 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=caee7abf-1a00-0000-7439-2471ec0c0000 pid=3308 execve guuid=d5a4e4bf-1a00-0000-7439-2471ed0c0000 pid=3309 /usr/bin/dash guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=d5a4e4bf-1a00-0000-7439-2471ed0c0000 pid=3309 clone guuid=21b5e4c0-1a00-0000-7439-2471ef0c0000 pid=3311 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=21b5e4c0-1a00-0000-7439-2471ef0c0000 pid=3311 execve guuid=472c31c1-1a00-0000-7439-2471f00c0000 pid=3312 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=472c31c1-1a00-0000-7439-2471f00c0000 pid=3312 execve guuid=d02f5fd8-1a00-0000-7439-2471f70c0000 pid=3319 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=d02f5fd8-1a00-0000-7439-2471f70c0000 pid=3319 execve guuid=7be41bd9-1a00-0000-7439-2471fa0c0000 pid=3322 /usr/bin/dash guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=7be41bd9-1a00-0000-7439-2471fa0c0000 pid=3322 clone guuid=203fbad9-1a00-0000-7439-2471fe0c0000 pid=3326 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=203fbad9-1a00-0000-7439-2471fe0c0000 pid=3326 execve guuid=f0c9fed9-1a00-0000-7439-2471000d0000 pid=3328 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=f0c9fed9-1a00-0000-7439-2471000d0000 pid=3328 execve guuid=6a89f4f4-1a00-0000-7439-24713d0d0000 pid=3389 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=6a89f4f4-1a00-0000-7439-24713d0d0000 pid=3389 execve guuid=478e37f5-1a00-0000-7439-24713f0d0000 pid=3391 /usr/bin/dash guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=478e37f5-1a00-0000-7439-24713f0d0000 pid=3391 clone guuid=96af4af6-1a00-0000-7439-2471440d0000 pid=3396 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=96af4af6-1a00-0000-7439-2471440d0000 pid=3396 execve guuid=47d19af6-1a00-0000-7439-2471460d0000 pid=3398 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=47d19af6-1a00-0000-7439-2471460d0000 pid=3398 execve guuid=45830013-1b00-0000-7439-2471800d0000 pid=3456 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=45830013-1b00-0000-7439-2471800d0000 pid=3456 execve guuid=801d6a13-1b00-0000-7439-2471820d0000 pid=3458 /usr/bin/dash guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=801d6a13-1b00-0000-7439-2471820d0000 pid=3458 clone guuid=10943814-1b00-0000-7439-2471850d0000 pid=3461 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=10943814-1b00-0000-7439-2471850d0000 pid=3461 execve guuid=1d2d9a14-1b00-0000-7439-2471870d0000 pid=3463 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=1d2d9a14-1b00-0000-7439-2471870d0000 pid=3463 execve guuid=55f1f830-1b00-0000-7439-2471b00d0000 pid=3504 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=55f1f830-1b00-0000-7439-2471b00d0000 pid=3504 execve guuid=cb326f31-1b00-0000-7439-2471b10d0000 pid=3505 /usr/bin/dash guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=cb326f31-1b00-0000-7439-2471b10d0000 pid=3505 clone guuid=e8e12a32-1b00-0000-7439-2471b40d0000 pid=3508 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=e8e12a32-1b00-0000-7439-2471b40d0000 pid=3508 execve guuid=43869132-1b00-0000-7439-2471b50d0000 pid=3509 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=43869132-1b00-0000-7439-2471b50d0000 pid=3509 execve guuid=15217b4e-1b00-0000-7439-2471dc0d0000 pid=3548 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=15217b4e-1b00-0000-7439-2471dc0d0000 pid=3548 execve guuid=fa3abb4e-1b00-0000-7439-2471dd0d0000 pid=3549 /usr/bin/dash guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=fa3abb4e-1b00-0000-7439-2471dd0d0000 pid=3549 clone guuid=0e5f614f-1b00-0000-7439-2471e10d0000 pid=3553 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=0e5f614f-1b00-0000-7439-2471e10d0000 pid=3553 execve guuid=f1cbac4f-1b00-0000-7439-2471e30d0000 pid=3555 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=f1cbac4f-1b00-0000-7439-2471e30d0000 pid=3555 execve guuid=02cd436c-1b00-0000-7439-24711c0e0000 pid=3612 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=02cd436c-1b00-0000-7439-24711c0e0000 pid=3612 execve guuid=28848f6c-1b00-0000-7439-24711d0e0000 pid=3613 /usr/bin/dash guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=28848f6c-1b00-0000-7439-24711d0e0000 pid=3613 clone guuid=d7680e6e-1b00-0000-7439-2471210e0000 pid=3617 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=d7680e6e-1b00-0000-7439-2471210e0000 pid=3617 execve guuid=ff33666e-1b00-0000-7439-2471230e0000 pid=3619 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=ff33666e-1b00-0000-7439-2471230e0000 pid=3619 execve guuid=6ae4c889-1b00-0000-7439-24715d0e0000 pid=3677 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=6ae4c889-1b00-0000-7439-24715d0e0000 pid=3677 execve guuid=22f3378a-1b00-0000-7439-24715e0e0000 pid=3678 /usr/bin/dash guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=22f3378a-1b00-0000-7439-24715e0e0000 pid=3678 clone guuid=a7d6c08b-1b00-0000-7439-2471600e0000 pid=3680 /usr/bin/rm guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=a7d6c08b-1b00-0000-7439-2471600e0000 pid=3680 execve guuid=095b4f8c-1b00-0000-7439-2471610e0000 pid=3681 /usr/bin/wget net send-data write-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=095b4f8c-1b00-0000-7439-2471610e0000 pid=3681 execve guuid=69b125a8-1b00-0000-7439-2471930e0000 pid=3731 /usr/bin/chmod guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=69b125a8-1b00-0000-7439-2471930e0000 pid=3731 execve guuid=cc3e6ca8-1b00-0000-7439-2471970e0000 pid=3735 /usr/bin/dash guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=cc3e6ca8-1b00-0000-7439-2471970e0000 pid=3735 clone guuid=67802aa9-1b00-0000-7439-24719c0e0000 pid=3740 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=67802aa9-1b00-0000-7439-24719c0e0000 pid=3740 execve guuid=8b0e89a9-1b00-0000-7439-24719e0e0000 pid=3742 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=8b0e89a9-1b00-0000-7439-24719e0e0000 pid=3742 execve guuid=cf0aeba9-1b00-0000-7439-2471a00e0000 pid=3744 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=cf0aeba9-1b00-0000-7439-2471a00e0000 pid=3744 execve guuid=90df31aa-1b00-0000-7439-2471a40e0000 pid=3748 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=90df31aa-1b00-0000-7439-2471a40e0000 pid=3748 execve guuid=9a858aaa-1b00-0000-7439-2471a50e0000 pid=3749 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=9a858aaa-1b00-0000-7439-2471a50e0000 pid=3749 execve guuid=8063e8aa-1b00-0000-7439-2471a90e0000 pid=3753 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=8063e8aa-1b00-0000-7439-2471a90e0000 pid=3753 execve guuid=2bc244ab-1b00-0000-7439-2471aa0e0000 pid=3754 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=2bc244ab-1b00-0000-7439-2471aa0e0000 pid=3754 execve guuid=11b3aaab-1b00-0000-7439-2471ac0e0000 pid=3756 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=11b3aaab-1b00-0000-7439-2471ac0e0000 pid=3756 execve guuid=c0ca0fac-1b00-0000-7439-2471ae0e0000 pid=3758 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=c0ca0fac-1b00-0000-7439-2471ae0e0000 pid=3758 execve guuid=c3ac74ac-1b00-0000-7439-2471b20e0000 pid=3762 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=c3ac74ac-1b00-0000-7439-2471b20e0000 pid=3762 execve guuid=25cdedac-1b00-0000-7439-2471b30e0000 pid=3763 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=25cdedac-1b00-0000-7439-2471b30e0000 pid=3763 execve guuid=8f7557ad-1b00-0000-7439-2471b70e0000 pid=3767 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=8f7557ad-1b00-0000-7439-2471b70e0000 pid=3767 execve guuid=04b1bbad-1b00-0000-7439-2471b90e0000 pid=3769 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=04b1bbad-1b00-0000-7439-2471b90e0000 pid=3769 execve guuid=4b8a04ae-1b00-0000-7439-2471ba0e0000 pid=3770 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=4b8a04ae-1b00-0000-7439-2471ba0e0000 pid=3770 execve guuid=ac2d58ae-1b00-0000-7439-2471bc0e0000 pid=3772 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=ac2d58ae-1b00-0000-7439-2471bc0e0000 pid=3772 execve guuid=9a8ebbae-1b00-0000-7439-2471c00e0000 pid=3776 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=9a8ebbae-1b00-0000-7439-2471c00e0000 pid=3776 execve guuid=9d2620af-1b00-0000-7439-2471c10e0000 pid=3777 /usr/bin/rm delete-file guuid=7a95e2c5-1900-0000-7439-2471740b0000 pid=2932->guuid=9d2620af-1b00-0000-7439-2471c10e0000 pid=3777 execve d7be7143-8a84-51ae-b4d7-8e2f14064a79 216.107.139.197:80 guuid=43858fc6-1900-0000-7439-2471780b0000 pid=2936->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=93049ee3-1900-0000-7439-2471ba0b0000 pid=3002->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=67010608-1a00-0000-7439-2471130c0000 pid=3091->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=856ebd23-1a00-0000-7439-24713f0c0000 pid=3135 /tmp/HKBB net send-data write-file zombie guuid=6f9aa123-1a00-0000-7439-24713e0c0000 pid=3134->guuid=856ebd23-1a00-0000-7439-24713f0c0000 pid=3135 clone aaf9c0a7-7302-5ede-b172-9a9351bb3b01 2000:::0 guuid=856ebd23-1a00-0000-7439-24713f0c0000 pid=3135->aaf9c0a7-7302-5ede-b172-9a9351bb3b01 con 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=856ebd23-1a00-0000-7439-24713f0c0000 pid=3135->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 495B e0ec34da-6728-5421-bf74-e67eb37a76fd 127.0.0.1:53 guuid=856ebd23-1a00-0000-7439-24713f0c0000 pid=3135->e0ec34da-6728-5421-bf74-e67eb37a76fd send: 495B guuid=f7c68c44-1a00-0000-7439-2471460c0000 pid=3142 /usr/bin/uname guuid=856ebd23-1a00-0000-7439-24713f0c0000 pid=3135->guuid=f7c68c44-1a00-0000-7439-2471460c0000 pid=3142 execve guuid=9f327c24-1a00-0000-7439-2471410c0000 pid=3137->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=cb6c0d45-1a00-0000-7439-2471470c0000 pid=3143->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=88e90a62-1a00-0000-7439-24716e0c0000 pid=3182 /tmp/BJXD zombie guuid=d39ceb61-1a00-0000-7439-24716d0c0000 pid=3181->guuid=88e90a62-1a00-0000-7439-24716e0c0000 pid=3182 clone guuid=70d8fa62-1a00-0000-7439-2471700c0000 pid=3184->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=a3edcb82-1a00-0000-7439-24718f0c0000 pid=3215->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=9a4cbda1-1a00-0000-7439-2471c50c0000 pid=3269->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=472c31c1-1a00-0000-7439-2471f00c0000 pid=3312->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=f0c9fed9-1a00-0000-7439-2471000d0000 pid=3328->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=47d19af6-1a00-0000-7439-2471460d0000 pid=3398->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=1d2d9a14-1b00-0000-7439-2471870d0000 pid=3463->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=43869132-1b00-0000-7439-2471b50d0000 pid=3509->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=f1cbac4f-1b00-0000-7439-2471e30d0000 pid=3555->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=ff33666e-1b00-0000-7439-2471230e0000 pid=3619->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=095b4f8c-1b00-0000-7439-2471610e0000 pid=3681->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B
Gathering data
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm credential_access defense_evasion linux
Behaviour
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
OS Credential Dumping
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh e031de762e54fe17c46c8a1936eba20787368ad79f046d762542ca487d7ec3d2

(this sample)

  
Delivery method
Distributed via web download

Comments