MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eb4f85811554ad4c63a44e241ee6bc3fdc304fb15f7f50bf06514d84ac80383b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eb4f85811554ad4c63a44e241ee6bc3fdc304fb15f7f50bf06514d84ac80383b
SHA3-384 hash: fd9026c547460756d562bcb82fbec18f6d080d99ab8830abcd2698d3062fc3bba9bac84c50077f5e694cb39f3ab66fce
SHA1 hash: 8fb0b7bb41d9db58bc765e4b96ee58b609f801fc
MD5 hash: a98e29b2f7afdbaa440a038190e0e551
humanhash: ack-summer-texas-pluto
File name:ohshit.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'940 bytes
First seen:2025-08-04 22:36:06 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:vM7h7N7hMq6GMgSzPMaKWM4oUM747o7UMf73bMx9RMUcgMVpVMSSOM2+CMLfTMz+:vM7h7N7hMq6GMgSzPMaKWM4oUM747o7Q
TLSH T19251E4C582444D302DA7AE23EBB6837C348195D21CE1EF95E9C8FEE0064EE24F269753
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.67.244.57/hiddenbin/boatnet.x863c3e36b9c5dcac4324d16ada4ec2b0100156ee43e98d4693317e574bbb5f7d2c Miraielf mirai ua-wget
http://103.67.244.57/hiddenbin/boatnet.mipsf4dfb944cb657fb586818228afb57fc4cd19c5ba05358936e4f75b8c4d51f303 Miraielf mirai ua-wget
http://103.67.244.57/hiddenbin/boatnet.arc5f87d62a958e779686e29261e31c0115da8e6b03141ca1a22c49ee5de2a1be26 Miraielf mirai ua-wget
http://103.67.244.57/hiddenbin/boatnet.i468n/an/aelf ua-wget
http://103.67.244.57/hiddenbin/boatnet.i686n/an/aelf ua-wget
http://103.67.244.57/hiddenbin/boatnet.x86_64n/an/aelf ua-wget
http://103.67.244.57/hiddenbin/boatnet.mpsl95f761923c051f49322fbeb65da632cd807c34eb5352ca7989c6b6c79db0c7ab Miraielf mirai ua-wget
http://103.67.244.57/hiddenbin/boatnet.arm16047a48e8841e9ff0f8e37ce6d90edeaaf92d1a4f590d7b7eab5626b13e6cd4 Mirai32-bit elf mirai Mozi
http://103.67.244.57/hiddenbin/boatnet.arm56af2e5eca5aa3483754a8b5ecc20264bda5fd6c8b22b1ccca82fad8e9f6f3c77 Miraielf mirai ua-wget
http://103.67.244.57/hiddenbin/boatnet.arm639c8d341b0b356020ece614010fa7ccf3e581618c4178b753980552100feceb8 Miraielf mirai ua-wget
http://103.67.244.57/hiddenbin/boatnet.arm7a0dbd4d368087f425a67004ca95fc6e6c68093e44171384c10755a055e59b775 Mirai32-bit elf mirai Mozi
http://103.67.244.57/hiddenbin/boatnet.ppc680d6800a4a131ca2afe8e89f704aae1baaa56d26cfe9097bea007cfaf233c25 Miraielf mirai ua-wget
http://103.67.244.57/hiddenbin/boatnet.spcn/an/aelf ua-wget
http://103.67.244.57/hiddenbin/boatnet.m68k553379a9048929b6a3ddf2d6c4bdd90dabc6268327e75dd6afedaef620a0c3cd Miraielf mirai ua-wget
http://103.67.244.57/hiddenbin/boatnet.sh4f64bd010a6b4de34f00ff6f5170c1deffbe3ed481192917943bc0ffe2b86dc5c Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
34
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/3aca0c5e-b07d-4587-8b27-604834060b16
Behavior Graph:
Download SVG
%3 guuid=fa4b42e4-1900-0000-a118-df58f2090000 pid=2546 /usr/bin/sudo guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550 /tmp/sample.bin guuid=fa4b42e4-1900-0000-a118-df58f2090000 pid=2546->guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550 execve guuid=be8aa4e7-1900-0000-a118-df58f7090000 pid=2551 /usr/bin/wget net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=be8aa4e7-1900-0000-a118-df58f7090000 pid=2551 execve guuid=80c0b015-1a00-0000-a118-df58800a0000 pid=2688 /usr/bin/curl net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=80c0b015-1a00-0000-a118-df58800a0000 pid=2688 execve guuid=b06ff145-1a00-0000-a118-df58cd0a0000 pid=2765 /usr/bin/cat guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=b06ff145-1a00-0000-a118-df58cd0a0000 pid=2765 execve guuid=c5df7946-1a00-0000-a118-df58ce0a0000 pid=2766 /usr/bin/chmod guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=c5df7946-1a00-0000-a118-df58ce0a0000 pid=2766 execve guuid=abc8e146-1a00-0000-a118-df58cf0a0000 pid=2767 /tmp/WTF net guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=abc8e146-1a00-0000-a118-df58cf0a0000 pid=2767 execve guuid=8f319a47-1a00-0000-a118-df58d30a0000 pid=2771 /usr/bin/wget net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=8f319a47-1a00-0000-a118-df58d30a0000 pid=2771 execve guuid=f325f971-1a00-0000-a118-df58050b0000 pid=2821 /usr/bin/curl net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=f325f971-1a00-0000-a118-df58050b0000 pid=2821 execve guuid=de5b159f-1a00-0000-a118-df586f0b0000 pid=2927 /usr/bin/bash guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=de5b159f-1a00-0000-a118-df586f0b0000 pid=2927 clone guuid=ebc64f9f-1a00-0000-a118-df58700b0000 pid=2928 /usr/bin/chmod guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=ebc64f9f-1a00-0000-a118-df58700b0000 pid=2928 execve guuid=9e70e09f-1a00-0000-a118-df58710b0000 pid=2929 /tmp/WTF net guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=9e70e09f-1a00-0000-a118-df58710b0000 pid=2929 execve guuid=af3dcea0-1a00-0000-a118-df58750b0000 pid=2933 /usr/bin/wget net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=af3dcea0-1a00-0000-a118-df58750b0000 pid=2933 execve guuid=48b4cdd7-1a00-0000-a118-df58d90b0000 pid=3033 /usr/bin/curl net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=48b4cdd7-1a00-0000-a118-df58d90b0000 pid=3033 execve guuid=0ad85111-1b00-0000-a118-df58630c0000 pid=3171 /usr/bin/bash guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=0ad85111-1b00-0000-a118-df58630c0000 pid=3171 clone guuid=9de47711-1b00-0000-a118-df58640c0000 pid=3172 /usr/bin/chmod guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=9de47711-1b00-0000-a118-df58640c0000 pid=3172 execve guuid=69e5c811-1b00-0000-a118-df58650c0000 pid=3173 /tmp/WTF net guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=69e5c811-1b00-0000-a118-df58650c0000 pid=3173 execve guuid=5bb1c512-1b00-0000-a118-df58690c0000 pid=3177 /usr/bin/wget net send-data guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=5bb1c512-1b00-0000-a118-df58690c0000 pid=3177 execve guuid=fa4a5229-1b00-0000-a118-df587f0c0000 pid=3199 /usr/bin/curl net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=fa4a5229-1b00-0000-a118-df587f0c0000 pid=3199 execve guuid=693cf443-1b00-0000-a118-df58a20c0000 pid=3234 /usr/bin/bash guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=693cf443-1b00-0000-a118-df58a20c0000 pid=3234 clone guuid=25830b44-1b00-0000-a118-df58a30c0000 pid=3235 /usr/bin/chmod guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=25830b44-1b00-0000-a118-df58a30c0000 pid=3235 execve guuid=84f25144-1b00-0000-a118-df58a50c0000 pid=3237 /tmp/WTF net guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=84f25144-1b00-0000-a118-df58a50c0000 pid=3237 execve guuid=614b0945-1b00-0000-a118-df58aa0c0000 pid=3242 /usr/bin/wget net send-data guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=614b0945-1b00-0000-a118-df58aa0c0000 pid=3242 execve guuid=df850f5c-1b00-0000-a118-df58b90c0000 pid=3257 /usr/bin/curl net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=df850f5c-1b00-0000-a118-df58b90c0000 pid=3257 execve guuid=dd3d0374-1b00-0000-a118-df58d60c0000 pid=3286 /usr/bin/bash guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=dd3d0374-1b00-0000-a118-df58d60c0000 pid=3286 clone guuid=37452b74-1b00-0000-a118-df58d70c0000 pid=3287 /usr/bin/chmod guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=37452b74-1b00-0000-a118-df58d70c0000 pid=3287 execve guuid=4ef0a574-1b00-0000-a118-df58d80c0000 pid=3288 /tmp/WTF net guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=4ef0a574-1b00-0000-a118-df58d80c0000 pid=3288 execve guuid=d46b8d75-1b00-0000-a118-df58dc0c0000 pid=3292 /usr/bin/wget net send-data guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=d46b8d75-1b00-0000-a118-df58dc0c0000 pid=3292 execve guuid=55bd108c-1b00-0000-a118-df580e0d0000 pid=3342 /usr/bin/curl net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=55bd108c-1b00-0000-a118-df580e0d0000 pid=3342 execve guuid=1e3b4fa3-1b00-0000-a118-df58270d0000 pid=3367 /usr/bin/bash guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=1e3b4fa3-1b00-0000-a118-df58270d0000 pid=3367 clone guuid=c59e7ea3-1b00-0000-a118-df58280d0000 pid=3368 /usr/bin/chmod guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=c59e7ea3-1b00-0000-a118-df58280d0000 pid=3368 execve guuid=0a08f7a3-1b00-0000-a118-df582a0d0000 pid=3370 /tmp/WTF net guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=0a08f7a3-1b00-0000-a118-df582a0d0000 pid=3370 execve guuid=afd62ba5-1b00-0000-a118-df58310d0000 pid=3377 /usr/bin/wget net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=afd62ba5-1b00-0000-a118-df58310d0000 pid=3377 execve guuid=5801a6d1-1b00-0000-a118-df58730d0000 pid=3443 /usr/bin/curl net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=5801a6d1-1b00-0000-a118-df58730d0000 pid=3443 execve guuid=02f47eff-1b00-0000-a118-df58d00d0000 pid=3536 /usr/bin/bash guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=02f47eff-1b00-0000-a118-df58d00d0000 pid=3536 clone guuid=bb43a3ff-1b00-0000-a118-df58d10d0000 pid=3537 /usr/bin/chmod guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=bb43a3ff-1b00-0000-a118-df58d10d0000 pid=3537 execve guuid=cd3dffff-1b00-0000-a118-df58d20d0000 pid=3538 /tmp/WTF net guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=cd3dffff-1b00-0000-a118-df58d20d0000 pid=3538 execve guuid=b08ccd00-1c00-0000-a118-df58d60d0000 pid=3542 /usr/bin/wget net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=b08ccd00-1c00-0000-a118-df58d60d0000 pid=3542 execve guuid=e12f252c-1c00-0000-a118-df583e0e0000 pid=3646 /usr/bin/curl net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=e12f252c-1c00-0000-a118-df583e0e0000 pid=3646 execve guuid=0b44dc5a-1c00-0000-a118-df58bf0e0000 pid=3775 /usr/bin/bash guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=0b44dc5a-1c00-0000-a118-df58bf0e0000 pid=3775 clone guuid=2762025b-1c00-0000-a118-df58c00e0000 pid=3776 /usr/bin/chmod guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=2762025b-1c00-0000-a118-df58c00e0000 pid=3776 execve guuid=645b515b-1c00-0000-a118-df58c40e0000 pid=3780 /tmp/WTF net guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=645b515b-1c00-0000-a118-df58c40e0000 pid=3780 execve guuid=90e83d5c-1c00-0000-a118-df58ca0e0000 pid=3786 /usr/bin/wget net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=90e83d5c-1c00-0000-a118-df58ca0e0000 pid=3786 execve guuid=34458e8c-1c00-0000-a118-df58760f0000 pid=3958 /usr/bin/curl net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=34458e8c-1c00-0000-a118-df58760f0000 pid=3958 execve guuid=0127ffaf-1c00-0000-a118-df58da0f0000 pid=4058 /usr/bin/bash guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=0127ffaf-1c00-0000-a118-df58da0f0000 pid=4058 clone guuid=4e2c1eb0-1c00-0000-a118-df58db0f0000 pid=4059 /usr/bin/chmod guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=4e2c1eb0-1c00-0000-a118-df58db0f0000 pid=4059 execve guuid=c7b683b0-1c00-0000-a118-df58dd0f0000 pid=4061 /tmp/WTF net guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=c7b683b0-1c00-0000-a118-df58dd0f0000 pid=4061 execve guuid=e35668b1-1c00-0000-a118-df58e30f0000 pid=4067 /usr/bin/wget net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=e35668b1-1c00-0000-a118-df58e30f0000 pid=4067 execve guuid=9984a4dc-1c00-0000-a118-df5862100000 pid=4194 /usr/bin/curl net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=9984a4dc-1c00-0000-a118-df5862100000 pid=4194 execve guuid=f779da09-1d00-0000-a118-df58df100000 pid=4319 /usr/bin/bash guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=f779da09-1d00-0000-a118-df58df100000 pid=4319 clone guuid=ded0020a-1d00-0000-a118-df58e0100000 pid=4320 /usr/bin/chmod guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=ded0020a-1d00-0000-a118-df58e0100000 pid=4320 execve guuid=47c46b0a-1d00-0000-a118-df58e4100000 pid=4324 /tmp/WTF net guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=47c46b0a-1d00-0000-a118-df58e4100000 pid=4324 execve guuid=d8804a0b-1d00-0000-a118-df58ea100000 pid=4330 /usr/bin/wget net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=d8804a0b-1d00-0000-a118-df58ea100000 pid=4330 execve guuid=a6227d38-1d00-0000-a118-df586c110000 pid=4460 /usr/bin/curl net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=a6227d38-1d00-0000-a118-df586c110000 pid=4460 execve guuid=8e46b667-1d00-0000-a118-df58ee110000 pid=4590 /usr/bin/bash guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=8e46b667-1d00-0000-a118-df58ee110000 pid=4590 clone guuid=466df667-1d00-0000-a118-df58ef110000 pid=4591 /usr/bin/chmod guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=466df667-1d00-0000-a118-df58ef110000 pid=4591 execve guuid=cbc39068-1d00-0000-a118-df58f3110000 pid=4595 /tmp/WTF net guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=cbc39068-1d00-0000-a118-df58f3110000 pid=4595 execve guuid=c6c67669-1d00-0000-a118-df58f9110000 pid=4601 /usr/bin/wget net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=c6c67669-1d00-0000-a118-df58f9110000 pid=4601 execve guuid=90c5c194-1d00-0000-a118-df5868120000 pid=4712 /usr/bin/curl net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=90c5c194-1d00-0000-a118-df5868120000 pid=4712 execve guuid=a3a5becc-1d00-0000-a118-df58cf120000 pid=4815 /usr/bin/bash guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=a3a5becc-1d00-0000-a118-df58cf120000 pid=4815 clone guuid=c36affcc-1d00-0000-a118-df58d1120000 pid=4817 /usr/bin/chmod guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=c36affcc-1d00-0000-a118-df58d1120000 pid=4817 execve guuid=fee756cd-1d00-0000-a118-df58d2120000 pid=4818 /tmp/WTF net guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=fee756cd-1d00-0000-a118-df58d2120000 pid=4818 execve guuid=f40b3ece-1d00-0000-a118-df58d6120000 pid=4822 /usr/bin/wget net send-data guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=f40b3ece-1d00-0000-a118-df58d6120000 pid=4822 execve guuid=f4cb4ee4-1d00-0000-a118-df5819130000 pid=4889 /usr/bin/curl net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=f4cb4ee4-1d00-0000-a118-df5819130000 pid=4889 execve guuid=f2e2d9fb-1d00-0000-a118-df585b130000 pid=4955 /usr/bin/bash guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=f2e2d9fb-1d00-0000-a118-df585b130000 pid=4955 clone guuid=933406fc-1d00-0000-a118-df585d130000 pid=4957 /usr/bin/chmod guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=933406fc-1d00-0000-a118-df585d130000 pid=4957 execve guuid=aa2203fd-1d00-0000-a118-df5860130000 pid=4960 /tmp/WTF net guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=aa2203fd-1d00-0000-a118-df5860130000 pid=4960 execve guuid=2e6122fe-1d00-0000-a118-df5867130000 pid=4967 /usr/bin/wget net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=2e6122fe-1d00-0000-a118-df5867130000 pid=4967 execve guuid=9ecdac37-1e00-0000-a118-df58f0130000 pid=5104 /usr/bin/curl net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=9ecdac37-1e00-0000-a118-df58f0130000 pid=5104 execve guuid=579b3770-1e00-0000-a118-df5883140000 pid=5251 /usr/bin/bash guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=579b3770-1e00-0000-a118-df5883140000 pid=5251 clone guuid=a01c6f70-1e00-0000-a118-df5885140000 pid=5253 /usr/bin/chmod guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=a01c6f70-1e00-0000-a118-df5885140000 pid=5253 execve guuid=dee71d71-1e00-0000-a118-df5888140000 pid=5256 /tmp/WTF net guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=dee71d71-1e00-0000-a118-df5888140000 pid=5256 execve guuid=3c475472-1e00-0000-a118-df588f140000 pid=5263 /usr/bin/wget net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=3c475472-1e00-0000-a118-df588f140000 pid=5263 execve guuid=a34f70a9-1e00-0000-a118-df58d7140000 pid=5335 /usr/bin/curl net send-data write-file guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=a34f70a9-1e00-0000-a118-df58d7140000 pid=5335 execve guuid=6338c0e0-1e00-0000-a118-df58d8140000 pid=5336 /usr/bin/bash guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=6338c0e0-1e00-0000-a118-df58d8140000 pid=5336 clone guuid=c01de1e0-1e00-0000-a118-df58d9140000 pid=5337 /usr/bin/chmod guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=c01de1e0-1e00-0000-a118-df58d9140000 pid=5337 execve guuid=963434e1-1e00-0000-a118-df58da140000 pid=5338 /tmp/WTF net guuid=e842fee6-1900-0000-a118-df58f6090000 pid=2550->guuid=963434e1-1e00-0000-a118-df58da140000 pid=5338 execve ff8aed58-b700-5c66-af35-d0e39f6be125 103.67.244.57:80 guuid=be8aa4e7-1900-0000-a118-df58f7090000 pid=2551->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 149B guuid=80c0b015-1a00-0000-a118-df58800a0000 pid=2688->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 98B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=abc8e146-1a00-0000-a118-df58cf0a0000 pid=2767->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ba548247-1a00-0000-a118-df58d00a0000 pid=2768 /tmp/WTF guuid=abc8e146-1a00-0000-a118-df58cf0a0000 pid=2767->guuid=ba548247-1a00-0000-a118-df58d00a0000 pid=2768 clone guuid=53e88747-1a00-0000-a118-df58d10a0000 pid=2769 /tmp/WTF guuid=abc8e146-1a00-0000-a118-df58cf0a0000 pid=2767->guuid=53e88747-1a00-0000-a118-df58d10a0000 pid=2769 clone guuid=8c638b47-1a00-0000-a118-df58d20a0000 pid=2770 /tmp/WTF net send-data zombie guuid=abc8e146-1a00-0000-a118-df58cf0a0000 pid=2767->guuid=8c638b47-1a00-0000-a118-df58d20a0000 pid=2770 clone guuid=8c638b47-1a00-0000-a118-df58d20a0000 pid=2770->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 0b7fcb0e-329d-5230-a4b3-03ad05baa1cd 103.67.244.57:3778 guuid=8c638b47-1a00-0000-a118-df58d20a0000 pid=2770->0b7fcb0e-329d-5230-a4b3-03ad05baa1cd send: 7B guuid=8f319a47-1a00-0000-a118-df58d30a0000 pid=2771->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 150B guuid=f325f971-1a00-0000-a118-df58050b0000 pid=2821->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 99B guuid=9e70e09f-1a00-0000-a118-df58710b0000 pid=2929->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=3318b1a0-1a00-0000-a118-df58720b0000 pid=2930 /tmp/WTF guuid=9e70e09f-1a00-0000-a118-df58710b0000 pid=2929->guuid=3318b1a0-1a00-0000-a118-df58720b0000 pid=2930 clone guuid=a442b7a0-1a00-0000-a118-df58730b0000 pid=2931 /tmp/WTF guuid=9e70e09f-1a00-0000-a118-df58710b0000 pid=2929->guuid=a442b7a0-1a00-0000-a118-df58730b0000 pid=2931 clone guuid=26c7bea0-1a00-0000-a118-df58740b0000 pid=2932 /tmp/WTF net send-data zombie guuid=9e70e09f-1a00-0000-a118-df58710b0000 pid=2929->guuid=26c7bea0-1a00-0000-a118-df58740b0000 pid=2932 clone guuid=26c7bea0-1a00-0000-a118-df58740b0000 pid=2932->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=26c7bea0-1a00-0000-a118-df58740b0000 pid=2932->0b7fcb0e-329d-5230-a4b3-03ad05baa1cd send: 7B guuid=af3dcea0-1a00-0000-a118-df58750b0000 pid=2933->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 149B guuid=48b4cdd7-1a00-0000-a118-df58d90b0000 pid=3033->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 98B guuid=69e5c811-1b00-0000-a118-df58650c0000 pid=3173->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e91d9612-1b00-0000-a118-df58660c0000 pid=3174 /tmp/WTF guuid=69e5c811-1b00-0000-a118-df58650c0000 pid=3173->guuid=e91d9612-1b00-0000-a118-df58660c0000 pid=3174 clone guuid=2a93a212-1b00-0000-a118-df58670c0000 pid=3175 /tmp/WTF guuid=69e5c811-1b00-0000-a118-df58650c0000 pid=3173->guuid=2a93a212-1b00-0000-a118-df58670c0000 pid=3175 clone guuid=b2e4ad12-1b00-0000-a118-df58680c0000 pid=3176 /tmp/WTF net send-data zombie guuid=69e5c811-1b00-0000-a118-df58650c0000 pid=3173->guuid=b2e4ad12-1b00-0000-a118-df58680c0000 pid=3176 clone guuid=b2e4ad12-1b00-0000-a118-df58680c0000 pid=3176->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b2e4ad12-1b00-0000-a118-df58680c0000 pid=3176->0b7fcb0e-329d-5230-a4b3-03ad05baa1cd send: 7B guuid=5bb1c512-1b00-0000-a118-df58690c0000 pid=3177->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 150B guuid=fa4a5229-1b00-0000-a118-df587f0c0000 pid=3199->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 99B guuid=84f25144-1b00-0000-a118-df58a50c0000 pid=3237->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4072df44-1b00-0000-a118-df58a70c0000 pid=3239 /tmp/WTF guuid=84f25144-1b00-0000-a118-df58a50c0000 pid=3237->guuid=4072df44-1b00-0000-a118-df58a70c0000 pid=3239 clone guuid=6a93ea44-1b00-0000-a118-df58a80c0000 pid=3240 /tmp/WTF guuid=84f25144-1b00-0000-a118-df58a50c0000 pid=3237->guuid=6a93ea44-1b00-0000-a118-df58a80c0000 pid=3240 clone guuid=7548f444-1b00-0000-a118-df58a90c0000 pid=3241 /tmp/WTF net send-data zombie guuid=84f25144-1b00-0000-a118-df58a50c0000 pid=3237->guuid=7548f444-1b00-0000-a118-df58a90c0000 pid=3241 clone guuid=7548f444-1b00-0000-a118-df58a90c0000 pid=3241->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7548f444-1b00-0000-a118-df58a90c0000 pid=3241->0b7fcb0e-329d-5230-a4b3-03ad05baa1cd send: 7B guuid=614b0945-1b00-0000-a118-df58aa0c0000 pid=3242->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 150B guuid=df850f5c-1b00-0000-a118-df58b90c0000 pid=3257->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 99B guuid=4ef0a574-1b00-0000-a118-df58d80c0000 pid=3288->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a3bb6575-1b00-0000-a118-df58d90c0000 pid=3289 /tmp/WTF guuid=4ef0a574-1b00-0000-a118-df58d80c0000 pid=3288->guuid=a3bb6575-1b00-0000-a118-df58d90c0000 pid=3289 clone guuid=53616d75-1b00-0000-a118-df58da0c0000 pid=3290 /tmp/WTF guuid=4ef0a574-1b00-0000-a118-df58d80c0000 pid=3288->guuid=53616d75-1b00-0000-a118-df58da0c0000 pid=3290 clone guuid=ce657375-1b00-0000-a118-df58db0c0000 pid=3291 /tmp/WTF net send-data zombie guuid=4ef0a574-1b00-0000-a118-df58d80c0000 pid=3288->guuid=ce657375-1b00-0000-a118-df58db0c0000 pid=3291 clone guuid=ce657375-1b00-0000-a118-df58db0c0000 pid=3291->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ce657375-1b00-0000-a118-df58db0c0000 pid=3291->0b7fcb0e-329d-5230-a4b3-03ad05baa1cd send: 7B guuid=d46b8d75-1b00-0000-a118-df58dc0c0000 pid=3292->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 152B guuid=55bd108c-1b00-0000-a118-df580e0d0000 pid=3342->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 101B guuid=0a08f7a3-1b00-0000-a118-df582a0d0000 pid=3370->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9e8200a5-1b00-0000-a118-df582e0d0000 pid=3374 /tmp/WTF guuid=0a08f7a3-1b00-0000-a118-df582a0d0000 pid=3370->guuid=9e8200a5-1b00-0000-a118-df582e0d0000 pid=3374 clone guuid=f9f408a5-1b00-0000-a118-df582f0d0000 pid=3375 /tmp/WTF guuid=0a08f7a3-1b00-0000-a118-df582a0d0000 pid=3370->guuid=f9f408a5-1b00-0000-a118-df582f0d0000 pid=3375 clone guuid=26c212a5-1b00-0000-a118-df58300d0000 pid=3376 /tmp/WTF net send-data zombie guuid=0a08f7a3-1b00-0000-a118-df582a0d0000 pid=3370->guuid=26c212a5-1b00-0000-a118-df58300d0000 pid=3376 clone guuid=26c212a5-1b00-0000-a118-df58300d0000 pid=3376->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=26c212a5-1b00-0000-a118-df58300d0000 pid=3376->0b7fcb0e-329d-5230-a4b3-03ad05baa1cd send: 7B guuid=afd62ba5-1b00-0000-a118-df58310d0000 pid=3377->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 150B guuid=5801a6d1-1b00-0000-a118-df58730d0000 pid=3443->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 99B guuid=cd3dffff-1b00-0000-a118-df58d20d0000 pid=3538->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=df1eb000-1c00-0000-a118-df58d30d0000 pid=3539 /tmp/WTF guuid=cd3dffff-1b00-0000-a118-df58d20d0000 pid=3538->guuid=df1eb000-1c00-0000-a118-df58d30d0000 pid=3539 clone guuid=7537b600-1c00-0000-a118-df58d40d0000 pid=3540 /tmp/WTF guuid=cd3dffff-1b00-0000-a118-df58d20d0000 pid=3538->guuid=7537b600-1c00-0000-a118-df58d40d0000 pid=3540 clone guuid=c087bd00-1c00-0000-a118-df58d50d0000 pid=3541 /tmp/WTF net send-data zombie guuid=cd3dffff-1b00-0000-a118-df58d20d0000 pid=3538->guuid=c087bd00-1c00-0000-a118-df58d50d0000 pid=3541 clone guuid=c087bd00-1c00-0000-a118-df58d50d0000 pid=3541->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c087bd00-1c00-0000-a118-df58d50d0000 pid=3541->0b7fcb0e-329d-5230-a4b3-03ad05baa1cd send: 7B guuid=b08ccd00-1c00-0000-a118-df58d60d0000 pid=3542->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 149B guuid=e12f252c-1c00-0000-a118-df583e0e0000 pid=3646->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 98B guuid=645b515b-1c00-0000-a118-df58c40e0000 pid=3780->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6444235c-1c00-0000-a118-df58c70e0000 pid=3783 /tmp/WTF guuid=645b515b-1c00-0000-a118-df58c40e0000 pid=3780->guuid=6444235c-1c00-0000-a118-df58c70e0000 pid=3783 clone guuid=12ae285c-1c00-0000-a118-df58c80e0000 pid=3784 /tmp/WTF guuid=645b515b-1c00-0000-a118-df58c40e0000 pid=3780->guuid=12ae285c-1c00-0000-a118-df58c80e0000 pid=3784 clone guuid=a639305c-1c00-0000-a118-df58c90e0000 pid=3785 /tmp/WTF net send-data zombie guuid=645b515b-1c00-0000-a118-df58c40e0000 pid=3780->guuid=a639305c-1c00-0000-a118-df58c90e0000 pid=3785 clone guuid=a639305c-1c00-0000-a118-df58c90e0000 pid=3785->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a639305c-1c00-0000-a118-df58c90e0000 pid=3785->0b7fcb0e-329d-5230-a4b3-03ad05baa1cd send: 7B guuid=90e83d5c-1c00-0000-a118-df58ca0e0000 pid=3786->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 150B guuid=34458e8c-1c00-0000-a118-df58760f0000 pid=3958->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 99B guuid=c7b683b0-1c00-0000-a118-df58dd0f0000 pid=4061->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c6ff4cb1-1c00-0000-a118-df58e00f0000 pid=4064 /tmp/WTF guuid=c7b683b0-1c00-0000-a118-df58dd0f0000 pid=4061->guuid=c6ff4cb1-1c00-0000-a118-df58e00f0000 pid=4064 clone guuid=fdb053b1-1c00-0000-a118-df58e10f0000 pid=4065 /tmp/WTF guuid=c7b683b0-1c00-0000-a118-df58dd0f0000 pid=4061->guuid=fdb053b1-1c00-0000-a118-df58e10f0000 pid=4065 clone guuid=decd58b1-1c00-0000-a118-df58e20f0000 pid=4066 /tmp/WTF net send-data zombie guuid=c7b683b0-1c00-0000-a118-df58dd0f0000 pid=4061->guuid=decd58b1-1c00-0000-a118-df58e20f0000 pid=4066 clone guuid=decd58b1-1c00-0000-a118-df58e20f0000 pid=4066->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=decd58b1-1c00-0000-a118-df58e20f0000 pid=4066->0b7fcb0e-329d-5230-a4b3-03ad05baa1cd send: 7B guuid=e35668b1-1c00-0000-a118-df58e30f0000 pid=4067->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 150B guuid=9984a4dc-1c00-0000-a118-df5862100000 pid=4194->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 99B guuid=47c46b0a-1d00-0000-a118-df58e4100000 pid=4324->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=fdf52d0b-1d00-0000-a118-df58e6100000 pid=4326 /tmp/WTF guuid=47c46b0a-1d00-0000-a118-df58e4100000 pid=4324->guuid=fdf52d0b-1d00-0000-a118-df58e6100000 pid=4326 clone guuid=166f350b-1d00-0000-a118-df58e7100000 pid=4327 /tmp/WTF guuid=47c46b0a-1d00-0000-a118-df58e4100000 pid=4324->guuid=166f350b-1d00-0000-a118-df58e7100000 pid=4327 clone guuid=a85f3b0b-1d00-0000-a118-df58e9100000 pid=4329 /tmp/WTF net send-data zombie guuid=47c46b0a-1d00-0000-a118-df58e4100000 pid=4324->guuid=a85f3b0b-1d00-0000-a118-df58e9100000 pid=4329 clone guuid=a85f3b0b-1d00-0000-a118-df58e9100000 pid=4329->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a85f3b0b-1d00-0000-a118-df58e9100000 pid=4329->0b7fcb0e-329d-5230-a4b3-03ad05baa1cd send: 7B guuid=d8804a0b-1d00-0000-a118-df58ea100000 pid=4330->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 150B guuid=a6227d38-1d00-0000-a118-df586c110000 pid=4460->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 99B guuid=cbc39068-1d00-0000-a118-df58f3110000 pid=4595->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=de7b5569-1d00-0000-a118-df58f4110000 pid=4596 /tmp/WTF guuid=cbc39068-1d00-0000-a118-df58f3110000 pid=4595->guuid=de7b5569-1d00-0000-a118-df58f4110000 pid=4596 clone guuid=9de05a69-1d00-0000-a118-df58f5110000 pid=4597 /tmp/WTF guuid=cbc39068-1d00-0000-a118-df58f3110000 pid=4595->guuid=9de05a69-1d00-0000-a118-df58f5110000 pid=4597 clone guuid=94776069-1d00-0000-a118-df58f7110000 pid=4599 /tmp/WTF net send-data zombie guuid=cbc39068-1d00-0000-a118-df58f3110000 pid=4595->guuid=94776069-1d00-0000-a118-df58f7110000 pid=4599 clone guuid=94776069-1d00-0000-a118-df58f7110000 pid=4599->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=94776069-1d00-0000-a118-df58f7110000 pid=4599->0b7fcb0e-329d-5230-a4b3-03ad05baa1cd send: 7B guuid=c6c67669-1d00-0000-a118-df58f9110000 pid=4601->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 149B guuid=90c5c194-1d00-0000-a118-df5868120000 pid=4712->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 98B guuid=fee756cd-1d00-0000-a118-df58d2120000 pid=4818->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2f8717ce-1d00-0000-a118-df58d3120000 pid=4819 /tmp/WTF guuid=fee756cd-1d00-0000-a118-df58d2120000 pid=4818->guuid=2f8717ce-1d00-0000-a118-df58d3120000 pid=4819 clone guuid=cd021cce-1d00-0000-a118-df58d4120000 pid=4820 /tmp/WTF guuid=fee756cd-1d00-0000-a118-df58d2120000 pid=4818->guuid=cd021cce-1d00-0000-a118-df58d4120000 pid=4820 clone guuid=722625ce-1d00-0000-a118-df58d5120000 pid=4821 /tmp/WTF net send-data zombie guuid=fee756cd-1d00-0000-a118-df58d2120000 pid=4818->guuid=722625ce-1d00-0000-a118-df58d5120000 pid=4821 clone guuid=722625ce-1d00-0000-a118-df58d5120000 pid=4821->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=722625ce-1d00-0000-a118-df58d5120000 pid=4821->0b7fcb0e-329d-5230-a4b3-03ad05baa1cd send: 7B guuid=f40b3ece-1d00-0000-a118-df58d6120000 pid=4822->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 149B guuid=f4cb4ee4-1d00-0000-a118-df5819130000 pid=4889->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 98B guuid=aa2203fd-1d00-0000-a118-df5860130000 pid=4960->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=59d3ecfd-1d00-0000-a118-df5864130000 pid=4964 /tmp/WTF guuid=aa2203fd-1d00-0000-a118-df5860130000 pid=4960->guuid=59d3ecfd-1d00-0000-a118-df5864130000 pid=4964 clone guuid=39cef9fd-1d00-0000-a118-df5865130000 pid=4965 /tmp/WTF guuid=aa2203fd-1d00-0000-a118-df5860130000 pid=4960->guuid=39cef9fd-1d00-0000-a118-df5865130000 pid=4965 clone guuid=02d804fe-1d00-0000-a118-df5866130000 pid=4966 /tmp/WTF net send-data zombie guuid=aa2203fd-1d00-0000-a118-df5860130000 pid=4960->guuid=02d804fe-1d00-0000-a118-df5866130000 pid=4966 clone guuid=02d804fe-1d00-0000-a118-df5866130000 pid=4966->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=02d804fe-1d00-0000-a118-df5866130000 pid=4966->0b7fcb0e-329d-5230-a4b3-03ad05baa1cd send: 7B guuid=2e6122fe-1d00-0000-a118-df5867130000 pid=4967->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 150B guuid=9ecdac37-1e00-0000-a118-df58f0130000 pid=5104->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 99B guuid=dee71d71-1e00-0000-a118-df5888140000 pid=5256->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b6342372-1e00-0000-a118-df588c140000 pid=5260 /tmp/WTF guuid=dee71d71-1e00-0000-a118-df5888140000 pid=5256->guuid=b6342372-1e00-0000-a118-df588c140000 pid=5260 clone guuid=3fa53072-1e00-0000-a118-df588d140000 pid=5261 /tmp/WTF guuid=dee71d71-1e00-0000-a118-df5888140000 pid=5256->guuid=3fa53072-1e00-0000-a118-df588d140000 pid=5261 clone guuid=c13d3972-1e00-0000-a118-df588e140000 pid=5262 /tmp/WTF net send-data zombie guuid=dee71d71-1e00-0000-a118-df5888140000 pid=5256->guuid=c13d3972-1e00-0000-a118-df588e140000 pid=5262 clone guuid=c13d3972-1e00-0000-a118-df588e140000 pid=5262->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c13d3972-1e00-0000-a118-df588e140000 pid=5262->0b7fcb0e-329d-5230-a4b3-03ad05baa1cd send: 7B guuid=3c475472-1e00-0000-a118-df588f140000 pid=5263->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 149B guuid=a34f70a9-1e00-0000-a118-df58d7140000 pid=5335->ff8aed58-b700-5c66-af35-d0e39f6be125 send: 98B guuid=963434e1-1e00-0000-a118-df58da140000 pid=5338->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=59eedae1-1e00-0000-a118-df58db140000 pid=5339 /tmp/WTF guuid=963434e1-1e00-0000-a118-df58da140000 pid=5338->guuid=59eedae1-1e00-0000-a118-df58db140000 pid=5339 clone guuid=9576e0e1-1e00-0000-a118-df58dc140000 pid=5340 /tmp/WTF guuid=963434e1-1e00-0000-a118-df58da140000 pid=5338->guuid=9576e0e1-1e00-0000-a118-df58dc140000 pid=5340 clone guuid=75dbe4e1-1e00-0000-a118-df58dd140000 pid=5341 /tmp/WTF net send-data zombie guuid=963434e1-1e00-0000-a118-df58da140000 pid=5338->guuid=75dbe4e1-1e00-0000-a118-df58dd140000 pid=5341 clone guuid=75dbe4e1-1e00-0000-a118-df58dd140000 pid=5341->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=75dbe4e1-1e00-0000-a118-df58dd140000 pid=5341->0b7fcb0e-329d-5230-a4b3-03ad05baa1cd send: 7B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/eb4f85811554ad4c63a44e241ee6bc3fdc304fb15f7f50bf06514d84ac80383b
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eb4f85811554ad4c63a44e241ee6bc3fdc304fb15f7f50bf06514d84ac80383b/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/eb4f85811554ad4c63a44e241ee6bc3fdc304fb15f7f50bf06514d84ac80383b
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-07-31 03:19:14 UTC
File Type:
Text (Shell)
AV detection:
23 of 36 (63.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5nhylaivkswuyy5ejysb5zv4h7odat5rl57vbpygkfgyjleaha5q._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/250804-2je1nswwdt/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Malware family:
Mirai
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/eb4f85811554/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.39
Link:
https://yomi.yoroi.company/submissions/eb4f85811554ad4c63a44e241ee6bc3fdc304fb15f7f50bf06514d84ac80383b

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh eb4f85811554ad4c63a44e241ee6bc3fdc304fb15f7f50bf06514d84ac80383b

(this sample)

Mirai

elf 3c3e36b9c5dcac4324d16ada4ec2b0100156ee43e98d4693317e574bbb5f7d2c

  
URLhaus
https://urlhaus.abuse.ch/url/3596315/
  
Delivery method
Distributed via web download
  
Dropping
MD5 525adedcf89720737829eb92de183a79
  
Dropping
SHA256 3c3e36b9c5dcac4324d16ada4ec2b0100156ee43e98d4693317e574bbb5f7d2c

Comments