MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ee049e30cb33ab713c24efa7dc1032f2de4d5e3b2855574c25aab0ca728ea0df. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ee049e30cb33ab713c24efa7dc1032f2de4d5e3b2855574c25aab0ca728ea0df
SHA3-384 hash: 83e2fd852ae1b4d412d0b361945f6c023a8dc14a0e0407666a8a8a80ae3bb90920e9693cf20e34b502ce5c69001d88c6
SHA1 hash: 9a909857161a1fe769bc2d453e4f724d0e2590d1
MD5 hash: 98201bd1e5402304e58fb238b9472dc7
humanhash: iowa-helium-mockingbird-lamp
File name:1.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:3'035 bytes
First seen:2026-03-10 20:28:51 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:io7hmVoNnE7oQCX0oMePgoaZazvZSoafaFvjko9N39z4geDopjczoASvaLojZjzl:iKmV+E7EX0QPg1gzvZS1yFvjkWzz4ZDy
TLSH T1685197DB62A1093559627617FFB9CE3CB6C8409738EAAF04A4FC34B5568CDC87848A43
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://82.223.44.153/hiddenbin/Space.arc1bd36ccedcad1be4add977e7296eebf6e8e0c89a5cb117695989f7b90581f45f Miraimirai opendir
http://82.223.44.153/hiddenbin/Space.x86cec5f8634be78a5ffb625c7ebf9b7692740b4391f5ad3aaf93a784daff522edf Miraimirai opendir
http://82.223.44.153/hiddenbin/Space.x86_646e0c8cf3bcd78c90258999a8bd9cb804690c869dec30725efe2c001f3e1f326d Miraimirai opendir
http://82.223.44.153/hiddenbin/Space.i6862b4ac7e737a9c2e22c5d10e3d9773ae52fbe7e91dd4dddc793cacee9c2d97303 Miraimirai opendir
http://82.223.44.153/hiddenbin/Space.mipsa65a5c3f10bef050b6b77ba34256aff7b1fbb4dd424d633ef2809e453a42c660 Miraimirai opendir
http://82.223.44.153/hiddenbin/Space.mips64n/an/aelf ua-wget
http://82.223.44.153/hiddenbin/Space.mpsl434c2c56aad4e047a0ab6ff156660869640c79f1ad6b576cbc949370fff43b26 Miraimirai opendir
http://82.223.44.153/hiddenbin/Space.arm86e4e9c186b3f4d9f39b4b24bb3d62ba232ac6e35d162e03e9f9291bf14f63b3 Miraimirai opendir
http://82.223.44.153/hiddenbin/Space.arm5043ab6b18ecbe610cef182efed798dd68850c048abe6b59624b6101a5ea6f772 Miraimirai opendir
http://82.223.44.153/hiddenbin/Space.arm605f6766499af6ecb6ebe1ee4a4ae977a18d9ad68ecfd83a6ced7ea2fa9054a60 Miraimirai opendir
http://82.223.44.153/hiddenbin/Space.arm7cdf30a2045b791d262f9e6fafd95bffc5e7290cd0ab8a64667a64c3e2d6a1b0a Miraimirai opendir
http://82.223.44.153/hiddenbin/Space.ppc30fe8dbe6f822877e7285b66409c67c68d023869095250706384651f33849b5b Miraimirai opendir
http://82.223.44.153/hiddenbin/Space.sparcn/an/aelf ua-wget
http://82.223.44.153/hiddenbin/Space.m68k385adb28f2f541476f4f91b70afb58f9b32744c560a932b23fb1f9b1822d752d Miraimirai opendir
http://82.223.44.153/hiddenbin/Space.sh489945f4dee2d309650797af5856d4da12f52fd7a11c2be612c4d8df12a671019 Miraimirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox medusa mirai obfuscated
Link:
https://www.filescan.io/uploads/69b07f19cd25bfe1dfe74295/reports/2f60d529-0a2d-468f-a764-39b506b269eb/overview
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/ee049e30cb33ab713c24efa7dc1032f2de4d5e3b2855574c25aab0ca728ea0df/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/8517dda5-080e-4e5c-ac7c-3057640510c2
Behavior Graph:
Download SVG
%3 guuid=9c285df6-1500-0000-9623-4d20880c0000 pid=3208 /usr/bin/sudo guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209 /tmp/sample.bin guuid=9c285df6-1500-0000-9623-4d20880c0000 pid=3208->guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209 execve guuid=9b1305fc-1500-0000-9623-4d208a0c0000 pid=3210 /usr/bin/cp guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=9b1305fc-1500-0000-9623-4d208a0c0000 pid=3210 execve guuid=c061a402-1600-0000-9623-4d20950c0000 pid=3221 /usr/bin/wget net send-data guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=c061a402-1600-0000-9623-4d20950c0000 pid=3221 execve guuid=37e5c909-1600-0000-9623-4d20a10c0000 pid=3233 /usr/bin/curl net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=37e5c909-1600-0000-9623-4d20a10c0000 pid=3233 execve guuid=63826116-1600-0000-9623-4d20b00c0000 pid=3248 /usr/bin/cat guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=63826116-1600-0000-9623-4d20b00c0000 pid=3248 execve guuid=1065c116-1600-0000-9623-4d20b10c0000 pid=3249 /usr/bin/chmod guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=1065c116-1600-0000-9623-4d20b10c0000 pid=3249 execve guuid=b26f2017-1600-0000-9623-4d20b20c0000 pid=3250 /usr/bin/bash guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=b26f2017-1600-0000-9623-4d20b20c0000 pid=3250 clone guuid=71c54d17-1600-0000-9623-4d20b30c0000 pid=3251 /usr/bin/wget net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=71c54d17-1600-0000-9623-4d20b30c0000 pid=3251 execve guuid=29ea601f-1600-0000-9623-4d20c40c0000 pid=3268 /usr/bin/curl net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=29ea601f-1600-0000-9623-4d20c40c0000 pid=3268 execve guuid=ddfae52a-1600-0000-9623-4d20e20c0000 pid=3298 /usr/bin/cat guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=ddfae52a-1600-0000-9623-4d20e20c0000 pid=3298 execve guuid=c5866f2b-1600-0000-9623-4d20e30c0000 pid=3299 /usr/bin/chmod guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=c5866f2b-1600-0000-9623-4d20e30c0000 pid=3299 execve guuid=2995032c-1600-0000-9623-4d20e40c0000 pid=3300 /tmp/Space net guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=2995032c-1600-0000-9623-4d20e40c0000 pid=3300 execve guuid=89831e59-1700-0000-9623-4d20460f0000 pid=3910 /usr/bin/wget net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=89831e59-1700-0000-9623-4d20460f0000 pid=3910 execve guuid=b35d2561-1700-0000-9623-4d206b0f0000 pid=3947 /usr/bin/curl net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=b35d2561-1700-0000-9623-4d206b0f0000 pid=3947 execve guuid=19101c6a-1700-0000-9623-4d20970f0000 pid=3991 /usr/bin/bash guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=19101c6a-1700-0000-9623-4d20970f0000 pid=3991 clone guuid=f3f2376a-1700-0000-9623-4d20980f0000 pid=3992 /usr/bin/chmod guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=f3f2376a-1700-0000-9623-4d20980f0000 pid=3992 execve guuid=cb60786a-1700-0000-9623-4d209a0f0000 pid=3994 /tmp/Space net guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=cb60786a-1700-0000-9623-4d209a0f0000 pid=3994 execve guuid=79b8cb96-1800-0000-9623-4d20e9130000 pid=5097 /usr/bin/wget net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=79b8cb96-1800-0000-9623-4d20e9130000 pid=5097 execve guuid=cee0ec9f-1800-0000-9623-4d2001140000 pid=5121 /usr/bin/curl net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=cee0ec9f-1800-0000-9623-4d2001140000 pid=5121 execve guuid=e87750ab-1800-0000-9623-4d2023140000 pid=5155 /usr/bin/bash guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=e87750ab-1800-0000-9623-4d2023140000 pid=5155 clone guuid=5e7266ab-1800-0000-9623-4d2024140000 pid=5156 /usr/bin/chmod guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=5e7266ab-1800-0000-9623-4d2024140000 pid=5156 execve guuid=089baaab-1800-0000-9623-4d2026140000 pid=5158 /tmp/Space net guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=089baaab-1800-0000-9623-4d2026140000 pid=5158 execve guuid=d5c853d8-1900-0000-9623-4d2091140000 pid=5265 /usr/bin/wget net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=d5c853d8-1900-0000-9623-4d2091140000 pid=5265 execve guuid=010cdfe2-1900-0000-9623-4d2092140000 pid=5266 /usr/bin/curl net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=010cdfe2-1900-0000-9623-4d2092140000 pid=5266 execve guuid=eaafaced-1900-0000-9623-4d2093140000 pid=5267 /usr/bin/bash guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=eaafaced-1900-0000-9623-4d2093140000 pid=5267 clone guuid=91e1dced-1900-0000-9623-4d2094140000 pid=5268 /usr/bin/chmod guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=91e1dced-1900-0000-9623-4d2094140000 pid=5268 execve guuid=c9915dee-1900-0000-9623-4d2095140000 pid=5269 /tmp/Space net guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=c9915dee-1900-0000-9623-4d2095140000 pid=5269 execve guuid=fcc9bf1c-1b00-0000-9623-4d20d5140000 pid=5333 /usr/bin/wget net send-data guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=fcc9bf1c-1b00-0000-9623-4d20d5140000 pid=5333 execve guuid=c3006922-1b00-0000-9623-4d20d8140000 pid=5336 /usr/bin/curl net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=c3006922-1b00-0000-9623-4d20d8140000 pid=5336 execve guuid=9c8a6e29-1b00-0000-9623-4d20d9140000 pid=5337 /usr/bin/bash guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=9c8a6e29-1b00-0000-9623-4d20d9140000 pid=5337 clone guuid=3653d729-1b00-0000-9623-4d20da140000 pid=5338 /usr/bin/chmod guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=3653d729-1b00-0000-9623-4d20da140000 pid=5338 execve guuid=88c05c2a-1b00-0000-9623-4d20db140000 pid=5339 /tmp/Space net guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=88c05c2a-1b00-0000-9623-4d20db140000 pid=5339 execve guuid=465aa057-1c00-0000-9623-4d2064150000 pid=5476 /usr/bin/wget net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=465aa057-1c00-0000-9623-4d2064150000 pid=5476 execve guuid=e151d360-1c00-0000-9623-4d2065150000 pid=5477 /usr/bin/curl net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=e151d360-1c00-0000-9623-4d2065150000 pid=5477 execve guuid=bfe8196b-1c00-0000-9623-4d2066150000 pid=5478 /usr/bin/bash guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=bfe8196b-1c00-0000-9623-4d2066150000 pid=5478 clone guuid=b21f406b-1c00-0000-9623-4d2067150000 pid=5479 /usr/bin/chmod guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=b21f406b-1c00-0000-9623-4d2067150000 pid=5479 execve guuid=79678c6b-1c00-0000-9623-4d2068150000 pid=5480 /tmp/Space net guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=79678c6b-1c00-0000-9623-4d2068150000 pid=5480 execve guuid=e337fb97-1d00-0000-9623-4d2073150000 pid=5491 /usr/bin/wget net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=e337fb97-1d00-0000-9623-4d2073150000 pid=5491 execve guuid=85442ca0-1d00-0000-9623-4d2095150000 pid=5525 /usr/bin/curl net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=85442ca0-1d00-0000-9623-4d2095150000 pid=5525 execve guuid=318218a9-1d00-0000-9623-4d20a3150000 pid=5539 /usr/bin/bash guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=318218a9-1d00-0000-9623-4d20a3150000 pid=5539 clone guuid=51893ca9-1d00-0000-9623-4d20a4150000 pid=5540 /usr/bin/chmod guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=51893ca9-1d00-0000-9623-4d20a4150000 pid=5540 execve guuid=8f7886a9-1d00-0000-9623-4d20a5150000 pid=5541 /tmp/Space net guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=8f7886a9-1d00-0000-9623-4d20a5150000 pid=5541 execve guuid=d2e75bd7-1e00-0000-9623-4d20dc150000 pid=5596 /usr/bin/wget net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=d2e75bd7-1e00-0000-9623-4d20dc150000 pid=5596 execve guuid=e8ea55df-1e00-0000-9623-4d20dd150000 pid=5597 /usr/bin/curl net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=e8ea55df-1e00-0000-9623-4d20dd150000 pid=5597 execve guuid=56943ee8-1e00-0000-9623-4d20de150000 pid=5598 /usr/bin/bash guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=56943ee8-1e00-0000-9623-4d20de150000 pid=5598 clone guuid=6d9a6ce8-1e00-0000-9623-4d20df150000 pid=5599 /usr/bin/chmod guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=6d9a6ce8-1e00-0000-9623-4d20df150000 pid=5599 execve guuid=aa0a01e9-1e00-0000-9623-4d20e0150000 pid=5600 /tmp/Space net guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=aa0a01e9-1e00-0000-9623-4d20e0150000 pid=5600 execve guuid=31a1e116-2000-0000-9623-4d20e6150000 pid=5606 /usr/bin/wget net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=31a1e116-2000-0000-9623-4d20e6150000 pid=5606 execve guuid=e008231f-2000-0000-9623-4d20e7150000 pid=5607 /usr/bin/curl net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=e008231f-2000-0000-9623-4d20e7150000 pid=5607 execve guuid=9d4f1e29-2000-0000-9623-4d20e8150000 pid=5608 /usr/bin/bash guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=9d4f1e29-2000-0000-9623-4d20e8150000 pid=5608 clone guuid=757b4629-2000-0000-9623-4d20e9150000 pid=5609 /usr/bin/chmod guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=757b4629-2000-0000-9623-4d20e9150000 pid=5609 execve guuid=347ed629-2000-0000-9623-4d20ea150000 pid=5610 /tmp/Space net guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=347ed629-2000-0000-9623-4d20ea150000 pid=5610 execve guuid=cb073458-2100-0000-9623-4d20f0150000 pid=5616 /usr/bin/wget net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=cb073458-2100-0000-9623-4d20f0150000 pid=5616 execve guuid=6fb9c762-2100-0000-9623-4d20f1150000 pid=5617 /usr/bin/curl net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=6fb9c762-2100-0000-9623-4d20f1150000 pid=5617 execve guuid=86d9a06f-2100-0000-9623-4d20f2150000 pid=5618 /usr/bin/bash guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=86d9a06f-2100-0000-9623-4d20f2150000 pid=5618 clone guuid=b66cce6f-2100-0000-9623-4d20f3150000 pid=5619 /usr/bin/chmod guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=b66cce6f-2100-0000-9623-4d20f3150000 pid=5619 execve guuid=af866370-2100-0000-9623-4d20f4150000 pid=5620 /tmp/Space net guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=af866370-2100-0000-9623-4d20f4150000 pid=5620 execve guuid=ac8eaa9e-2200-0000-9623-4d20fa150000 pid=5626 /usr/bin/wget net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=ac8eaa9e-2200-0000-9623-4d20fa150000 pid=5626 execve guuid=bef0d6a6-2200-0000-9623-4d20fb150000 pid=5627 /usr/bin/curl net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=bef0d6a6-2200-0000-9623-4d20fb150000 pid=5627 execve guuid=196e79af-2200-0000-9623-4d20fc150000 pid=5628 /usr/bin/bash guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=196e79af-2200-0000-9623-4d20fc150000 pid=5628 clone guuid=778b9faf-2200-0000-9623-4d20fd150000 pid=5629 /usr/bin/chmod guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=778b9faf-2200-0000-9623-4d20fd150000 pid=5629 execve guuid=3bb9eeaf-2200-0000-9623-4d20fe150000 pid=5630 /tmp/Space net guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=3bb9eeaf-2200-0000-9623-4d20fe150000 pid=5630 execve guuid=5d3762dc-2300-0000-9623-4d200d160000 pid=5645 /usr/bin/wget net send-data guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=5d3762dc-2300-0000-9623-4d200d160000 pid=5645 execve guuid=103f0de2-2300-0000-9623-4d200e160000 pid=5646 /usr/bin/curl net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=103f0de2-2300-0000-9623-4d200e160000 pid=5646 execve guuid=b3bc49e8-2300-0000-9623-4d200f160000 pid=5647 /usr/bin/bash guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=b3bc49e8-2300-0000-9623-4d200f160000 pid=5647 clone guuid=bacc68e8-2300-0000-9623-4d2010160000 pid=5648 /usr/bin/chmod guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=bacc68e8-2300-0000-9623-4d2010160000 pid=5648 execve guuid=baecc2e8-2300-0000-9623-4d2011160000 pid=5649 /usr/bin/bash guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=baecc2e8-2300-0000-9623-4d2011160000 pid=5649 clone guuid=9c1de8e8-2300-0000-9623-4d2012160000 pid=5650 /usr/bin/wget net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=9c1de8e8-2300-0000-9623-4d2012160000 pid=5650 execve guuid=af529af3-2300-0000-9623-4d201b160000 pid=5659 /usr/bin/curl net send-data write-file guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=af529af3-2300-0000-9623-4d201b160000 pid=5659 execve guuid=43ffc0fe-2300-0000-9623-4d201c160000 pid=5660 /usr/bin/bash guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=43ffc0fe-2300-0000-9623-4d201c160000 pid=5660 clone guuid=c34cd5fe-2300-0000-9623-4d201d160000 pid=5661 /usr/bin/chmod guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=c34cd5fe-2300-0000-9623-4d201d160000 pid=5661 execve guuid=2cab16ff-2300-0000-9623-4d201e160000 pid=5662 /tmp/Space net guuid=c85007fb-1500-0000-9623-4d20890c0000 pid=3209->guuid=2cab16ff-2300-0000-9623-4d201e160000 pid=5662 execve 71f0aa2d-ca86-5e26-ac9a-e7f60432059a 82.223.44.153:80 guuid=c061a402-1600-0000-9623-4d20950c0000 pid=3221->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 147B guuid=37e5c909-1600-0000-9623-4d20a10c0000 pid=3233->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 96B guuid=71c54d17-1600-0000-9623-4d20b30c0000 pid=3251->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 147B guuid=29ea601f-1600-0000-9623-4d20c40c0000 pid=3268->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 96B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=2995032c-1600-0000-9623-4d20e40c0000 pid=3300->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=7a64ce2c-1600-0000-9623-4d20e60c0000 pid=3302 /tmp/Space guuid=2995032c-1600-0000-9623-4d20e40c0000 pid=3300->guuid=7a64ce2c-1600-0000-9623-4d20e60c0000 pid=3302 clone guuid=3ba40c59-1700-0000-9623-4d20440f0000 pid=3908 /tmp/Space guuid=2995032c-1600-0000-9623-4d20e40c0000 pid=3300->guuid=3ba40c59-1700-0000-9623-4d20440f0000 pid=3908 clone guuid=69ca1259-1700-0000-9623-4d20450f0000 pid=3909 /tmp/Space net send-data zombie guuid=2995032c-1600-0000-9623-4d20e40c0000 pid=3300->guuid=69ca1259-1700-0000-9623-4d20450f0000 pid=3909 clone guuid=b92bd82c-1600-0000-9623-4d20e70c0000 pid=3303 /tmp/Space guuid=7a64ce2c-1600-0000-9623-4d20e60c0000 pid=3302->guuid=b92bd82c-1600-0000-9623-4d20e70c0000 pid=3303 clone guuid=a58ee22c-1600-0000-9623-4d20e80c0000 pid=3304 /tmp/Space net send-data zombie guuid=7a64ce2c-1600-0000-9623-4d20e60c0000 pid=3302->guuid=a58ee22c-1600-0000-9623-4d20e80c0000 pid=3304 clone guuid=a58ee22c-1600-0000-9623-4d20e80c0000 pid=3304->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 9b8f721d-ac51-5686-b3c6-fc717356b9b8 82.223.44.153:3778 guuid=a58ee22c-1600-0000-9623-4d20e80c0000 pid=3304->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 10B guuid=69ca1259-1700-0000-9623-4d20450f0000 pid=3909->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=69ca1259-1700-0000-9623-4d20450f0000 pid=3909->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 448B guuid=89831e59-1700-0000-9623-4d20460f0000 pid=3910->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 150B guuid=b35d2561-1700-0000-9623-4d206b0f0000 pid=3947->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 99B guuid=cb60786a-1700-0000-9623-4d209a0f0000 pid=3994->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4519ea6a-1700-0000-9623-4d209c0f0000 pid=3996 /tmp/Space guuid=cb60786a-1700-0000-9623-4d209a0f0000 pid=3994->guuid=4519ea6a-1700-0000-9623-4d209c0f0000 pid=3996 clone guuid=af99af96-1800-0000-9623-4d20e7130000 pid=5095 /tmp/Space guuid=cb60786a-1700-0000-9623-4d209a0f0000 pid=3994->guuid=af99af96-1800-0000-9623-4d20e7130000 pid=5095 clone guuid=222cb496-1800-0000-9623-4d20e8130000 pid=5096 /tmp/Space net send-data zombie guuid=cb60786a-1700-0000-9623-4d209a0f0000 pid=3994->guuid=222cb496-1800-0000-9623-4d20e8130000 pid=5096 clone guuid=e14dee6a-1700-0000-9623-4d209e0f0000 pid=3998 /tmp/Space guuid=4519ea6a-1700-0000-9623-4d209c0f0000 pid=3996->guuid=e14dee6a-1700-0000-9623-4d209e0f0000 pid=3998 clone guuid=1ffef26a-1700-0000-9623-4d209f0f0000 pid=3999 /tmp/Space net send-data zombie guuid=4519ea6a-1700-0000-9623-4d209c0f0000 pid=3996->guuid=1ffef26a-1700-0000-9623-4d209f0f0000 pid=3999 clone guuid=1ffef26a-1700-0000-9623-4d209f0f0000 pid=3999->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=1ffef26a-1700-0000-9623-4d209f0f0000 pid=3999->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 627B guuid=222cb496-1800-0000-9623-4d20e8130000 pid=5096->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=222cb496-1800-0000-9623-4d20e8130000 pid=5096->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 539B guuid=79b8cb96-1800-0000-9623-4d20e9130000 pid=5097->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 148B guuid=cee0ec9f-1800-0000-9623-4d2001140000 pid=5121->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 97B guuid=089baaab-1800-0000-9623-4d2026140000 pid=5158->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=82342fac-1800-0000-9623-4d2029140000 pid=5161 /tmp/Space guuid=089baaab-1800-0000-9623-4d2026140000 pid=5158->guuid=82342fac-1800-0000-9623-4d2029140000 pid=5161 clone guuid=b4190fd8-1900-0000-9623-4d208f140000 pid=5263 /tmp/Space guuid=089baaab-1800-0000-9623-4d2026140000 pid=5158->guuid=b4190fd8-1900-0000-9623-4d208f140000 pid=5263 clone guuid=5ed727d8-1900-0000-9623-4d2090140000 pid=5264 /tmp/Space net send-data zombie guuid=089baaab-1800-0000-9623-4d2026140000 pid=5158->guuid=5ed727d8-1900-0000-9623-4d2090140000 pid=5264 clone guuid=5c3e37ac-1800-0000-9623-4d202a140000 pid=5162 /tmp/Space guuid=82342fac-1800-0000-9623-4d2029140000 pid=5161->guuid=5c3e37ac-1800-0000-9623-4d202a140000 pid=5162 clone guuid=4b593aac-1800-0000-9623-4d202b140000 pid=5163 /tmp/Space net send-data zombie guuid=82342fac-1800-0000-9623-4d2029140000 pid=5161->guuid=4b593aac-1800-0000-9623-4d202b140000 pid=5163 clone guuid=4b593aac-1800-0000-9623-4d202b140000 pid=5163->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4b593aac-1800-0000-9623-4d202b140000 pid=5163->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 441B guuid=5ed727d8-1900-0000-9623-4d2090140000 pid=5264->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5ed727d8-1900-0000-9623-4d2090140000 pid=5264->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 378B guuid=d5c853d8-1900-0000-9623-4d2091140000 pid=5265->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 148B guuid=010cdfe2-1900-0000-9623-4d2092140000 pid=5266->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 97B guuid=c9915dee-1900-0000-9623-4d2095140000 pid=5269->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=11876def-1900-0000-9623-4d2096140000 pid=5270 /tmp/Space guuid=c9915dee-1900-0000-9623-4d2095140000 pid=5269->guuid=11876def-1900-0000-9623-4d2096140000 pid=5270 clone guuid=23fdb21c-1b00-0000-9623-4d20d3140000 pid=5331 /tmp/Space guuid=c9915dee-1900-0000-9623-4d2095140000 pid=5269->guuid=23fdb21c-1b00-0000-9623-4d20d3140000 pid=5331 clone guuid=b2cfb61c-1b00-0000-9623-4d20d4140000 pid=5332 /tmp/Space net send-data zombie guuid=c9915dee-1900-0000-9623-4d2095140000 pid=5269->guuid=b2cfb61c-1b00-0000-9623-4d20d4140000 pid=5332 clone guuid=c8f97ef0-1900-0000-9623-4d2097140000 pid=5271 /tmp/Space guuid=11876def-1900-0000-9623-4d2096140000 pid=5270->guuid=c8f97ef0-1900-0000-9623-4d2097140000 pid=5271 clone guuid=d6d786f0-1900-0000-9623-4d2098140000 pid=5272 /tmp/Space net send-data zombie guuid=11876def-1900-0000-9623-4d2096140000 pid=5270->guuid=d6d786f0-1900-0000-9623-4d2098140000 pid=5272 clone guuid=d6d786f0-1900-0000-9623-4d2098140000 pid=5272->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d6d786f0-1900-0000-9623-4d2098140000 pid=5272->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 396B guuid=b2cfb61c-1b00-0000-9623-4d20d4140000 pid=5332->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b2cfb61c-1b00-0000-9623-4d20d4140000 pid=5332->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 360B guuid=fcc9bf1c-1b00-0000-9623-4d20d5140000 pid=5333->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 150B guuid=c3006922-1b00-0000-9623-4d20d8140000 pid=5336->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 99B guuid=88c05c2a-1b00-0000-9623-4d20db140000 pid=5339->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a7aa582b-1b00-0000-9623-4d20dc140000 pid=5340 /tmp/Space guuid=88c05c2a-1b00-0000-9623-4d20db140000 pid=5339->guuid=a7aa582b-1b00-0000-9623-4d20dc140000 pid=5340 clone guuid=3f978d57-1c00-0000-9623-4d2062150000 pid=5474 /tmp/Space guuid=88c05c2a-1b00-0000-9623-4d20db140000 pid=5339->guuid=3f978d57-1c00-0000-9623-4d2062150000 pid=5474 clone guuid=59c49557-1c00-0000-9623-4d2063150000 pid=5475 /tmp/Space net send-data zombie guuid=88c05c2a-1b00-0000-9623-4d20db140000 pid=5339->guuid=59c49557-1c00-0000-9623-4d2063150000 pid=5475 clone guuid=3328202c-1b00-0000-9623-4d20dd140000 pid=5341 /tmp/Space guuid=a7aa582b-1b00-0000-9623-4d20dc140000 pid=5340->guuid=3328202c-1b00-0000-9623-4d20dd140000 pid=5341 clone guuid=1914292c-1b00-0000-9623-4d20de140000 pid=5342 /tmp/Space net send-data zombie guuid=a7aa582b-1b00-0000-9623-4d20dc140000 pid=5340->guuid=1914292c-1b00-0000-9623-4d20de140000 pid=5342 clone guuid=1914292c-1b00-0000-9623-4d20de140000 pid=5342->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=1914292c-1b00-0000-9623-4d20de140000 pid=5342->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 396B guuid=59c49557-1c00-0000-9623-4d2063150000 pid=5475->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=59c49557-1c00-0000-9623-4d2063150000 pid=5475->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 396B guuid=465aa057-1c00-0000-9623-4d2064150000 pid=5476->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 148B guuid=e151d360-1c00-0000-9623-4d2065150000 pid=5477->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 97B guuid=79678c6b-1c00-0000-9623-4d2068150000 pid=5480->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5012006c-1c00-0000-9623-4d2069150000 pid=5481 /tmp/Space guuid=79678c6b-1c00-0000-9623-4d2068150000 pid=5480->guuid=5012006c-1c00-0000-9623-4d2069150000 pid=5481 clone guuid=1c43e997-1d00-0000-9623-4d2071150000 pid=5489 /tmp/Space guuid=79678c6b-1c00-0000-9623-4d2068150000 pid=5480->guuid=1c43e997-1d00-0000-9623-4d2071150000 pid=5489 clone guuid=575fee97-1d00-0000-9623-4d2072150000 pid=5490 /tmp/Space net send-data zombie guuid=79678c6b-1c00-0000-9623-4d2068150000 pid=5480->guuid=575fee97-1d00-0000-9623-4d2072150000 pid=5490 clone guuid=07ab076d-1c00-0000-9623-4d206a150000 pid=5482 /tmp/Space guuid=5012006c-1c00-0000-9623-4d2069150000 pid=5481->guuid=07ab076d-1c00-0000-9623-4d206a150000 pid=5482 clone guuid=ab3c0c6d-1c00-0000-9623-4d206b150000 pid=5483 /tmp/Space net send-data zombie guuid=5012006c-1c00-0000-9623-4d2069150000 pid=5481->guuid=ab3c0c6d-1c00-0000-9623-4d206b150000 pid=5483 clone guuid=ab3c0c6d-1c00-0000-9623-4d206b150000 pid=5483->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ab3c0c6d-1c00-0000-9623-4d206b150000 pid=5483->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 306B guuid=575fee97-1d00-0000-9623-4d2072150000 pid=5490->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=575fee97-1d00-0000-9623-4d2072150000 pid=5490->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 261B guuid=e337fb97-1d00-0000-9623-4d2073150000 pid=5491->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 147B guuid=85442ca0-1d00-0000-9623-4d2095150000 pid=5525->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 96B guuid=8f7886a9-1d00-0000-9623-4d20a5150000 pid=5541->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5be41dab-1d00-0000-9623-4d20a6150000 pid=5542 /tmp/Space guuid=8f7886a9-1d00-0000-9623-4d20a5150000 pid=5541->guuid=5be41dab-1d00-0000-9623-4d20a6150000 pid=5542 clone guuid=5e5e48d7-1e00-0000-9623-4d20da150000 pid=5594 /tmp/Space guuid=8f7886a9-1d00-0000-9623-4d20a5150000 pid=5541->guuid=5e5e48d7-1e00-0000-9623-4d20da150000 pid=5594 clone guuid=871a4ed7-1e00-0000-9623-4d20db150000 pid=5595 /tmp/Space net send-data zombie guuid=8f7886a9-1d00-0000-9623-4d20a5150000 pid=5541->guuid=871a4ed7-1e00-0000-9623-4d20db150000 pid=5595 clone guuid=6ecc22ab-1d00-0000-9623-4d20a7150000 pid=5543 /tmp/Space guuid=5be41dab-1d00-0000-9623-4d20a6150000 pid=5542->guuid=6ecc22ab-1d00-0000-9623-4d20a7150000 pid=5543 clone guuid=6f4929ab-1d00-0000-9623-4d20a8150000 pid=5544 /tmp/Space net send-data zombie guuid=5be41dab-1d00-0000-9623-4d20a6150000 pid=5542->guuid=6f4929ab-1d00-0000-9623-4d20a8150000 pid=5544 clone guuid=6f4929ab-1d00-0000-9623-4d20a8150000 pid=5544->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6f4929ab-1d00-0000-9623-4d20a8150000 pid=5544->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 224B guuid=871a4ed7-1e00-0000-9623-4d20db150000 pid=5595->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=871a4ed7-1e00-0000-9623-4d20db150000 pid=5595->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 176B guuid=d2e75bd7-1e00-0000-9623-4d20dc150000 pid=5596->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 148B guuid=e8ea55df-1e00-0000-9623-4d20dd150000 pid=5597->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 97B guuid=aa0a01e9-1e00-0000-9623-4d20e0150000 pid=5600->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=41ed02ea-1e00-0000-9623-4d20e1150000 pid=5601 /tmp/Space guuid=aa0a01e9-1e00-0000-9623-4d20e0150000 pid=5600->guuid=41ed02ea-1e00-0000-9623-4d20e1150000 pid=5601 clone guuid=cb6fc016-2000-0000-9623-4d20e4150000 pid=5604 /tmp/Space guuid=aa0a01e9-1e00-0000-9623-4d20e0150000 pid=5600->guuid=cb6fc016-2000-0000-9623-4d20e4150000 pid=5604 clone guuid=620bc616-2000-0000-9623-4d20e5150000 pid=5605 /tmp/Space net send-data zombie guuid=aa0a01e9-1e00-0000-9623-4d20e0150000 pid=5600->guuid=620bc616-2000-0000-9623-4d20e5150000 pid=5605 clone guuid=78510eea-1e00-0000-9623-4d20e2150000 pid=5602 /tmp/Space guuid=41ed02ea-1e00-0000-9623-4d20e1150000 pid=5601->guuid=78510eea-1e00-0000-9623-4d20e2150000 pid=5602 clone guuid=4a4f14ea-1e00-0000-9623-4d20e3150000 pid=5603 /tmp/Space net send-data zombie guuid=41ed02ea-1e00-0000-9623-4d20e1150000 pid=5601->guuid=4a4f14ea-1e00-0000-9623-4d20e3150000 pid=5603 clone guuid=4a4f14ea-1e00-0000-9623-4d20e3150000 pid=5603->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4a4f14ea-1e00-0000-9623-4d20e3150000 pid=5603->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 198B guuid=620bc616-2000-0000-9623-4d20e5150000 pid=5605->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=620bc616-2000-0000-9623-4d20e5150000 pid=5605->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 189B guuid=31a1e116-2000-0000-9623-4d20e6150000 pid=5606->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 148B guuid=e008231f-2000-0000-9623-4d20e7150000 pid=5607->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 97B guuid=347ed629-2000-0000-9623-4d20ea150000 pid=5610->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=350bc72a-2000-0000-9623-4d20eb150000 pid=5611 /tmp/Space guuid=347ed629-2000-0000-9623-4d20ea150000 pid=5610->guuid=350bc72a-2000-0000-9623-4d20eb150000 pid=5611 clone guuid=86081d58-2100-0000-9623-4d20ee150000 pid=5614 /tmp/Space guuid=347ed629-2000-0000-9623-4d20ea150000 pid=5610->guuid=86081d58-2100-0000-9623-4d20ee150000 pid=5614 clone guuid=88272358-2100-0000-9623-4d20ef150000 pid=5615 /tmp/Space net send-data zombie guuid=347ed629-2000-0000-9623-4d20ea150000 pid=5610->guuid=88272358-2100-0000-9623-4d20ef150000 pid=5615 clone guuid=4974b92b-2000-0000-9623-4d20ec150000 pid=5612 /tmp/Space guuid=350bc72a-2000-0000-9623-4d20eb150000 pid=5611->guuid=4974b92b-2000-0000-9623-4d20ec150000 pid=5612 clone guuid=515ec12b-2000-0000-9623-4d20ed150000 pid=5613 /tmp/Space net send-data zombie guuid=350bc72a-2000-0000-9623-4d20eb150000 pid=5611->guuid=515ec12b-2000-0000-9623-4d20ed150000 pid=5613 clone guuid=515ec12b-2000-0000-9623-4d20ed150000 pid=5613->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=515ec12b-2000-0000-9623-4d20ed150000 pid=5613->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 171B guuid=88272358-2100-0000-9623-4d20ef150000 pid=5615->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=88272358-2100-0000-9623-4d20ef150000 pid=5615->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 117B guuid=cb073458-2100-0000-9623-4d20f0150000 pid=5616->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 148B guuid=6fb9c762-2100-0000-9623-4d20f1150000 pid=5617->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 97B guuid=af866370-2100-0000-9623-4d20f4150000 pid=5620->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=af6b6871-2100-0000-9623-4d20f5150000 pid=5621 /tmp/Space guuid=af866370-2100-0000-9623-4d20f4150000 pid=5620->guuid=af6b6871-2100-0000-9623-4d20f5150000 pid=5621 clone guuid=f7018a9e-2200-0000-9623-4d20f8150000 pid=5624 /tmp/Space guuid=af866370-2100-0000-9623-4d20f4150000 pid=5620->guuid=f7018a9e-2200-0000-9623-4d20f8150000 pid=5624 clone guuid=93cc939e-2200-0000-9623-4d20f9150000 pid=5625 /tmp/Space net send-data zombie guuid=af866370-2100-0000-9623-4d20f4150000 pid=5620->guuid=93cc939e-2200-0000-9623-4d20f9150000 pid=5625 clone guuid=b7467571-2100-0000-9623-4d20f6150000 pid=5622 /tmp/Space guuid=af6b6871-2100-0000-9623-4d20f5150000 pid=5621->guuid=b7467571-2100-0000-9623-4d20f6150000 pid=5622 clone guuid=84797871-2100-0000-9623-4d20f7150000 pid=5623 /tmp/Space net send-data zombie guuid=af6b6871-2100-0000-9623-4d20f5150000 pid=5621->guuid=84797871-2100-0000-9623-4d20f7150000 pid=5623 clone guuid=84797871-2100-0000-9623-4d20f7150000 pid=5623->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=84797871-2100-0000-9623-4d20f7150000 pid=5623->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 108B guuid=93cc939e-2200-0000-9623-4d20f9150000 pid=5625->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=93cc939e-2200-0000-9623-4d20f9150000 pid=5625->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 63B guuid=ac8eaa9e-2200-0000-9623-4d20fa150000 pid=5626->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 147B guuid=bef0d6a6-2200-0000-9623-4d20fb150000 pid=5627->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 96B guuid=3bb9eeaf-2200-0000-9623-4d20fe150000 pid=5630->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=36bd5db0-2200-0000-9623-4d20ff150000 pid=5631 /tmp/Space guuid=3bb9eeaf-2200-0000-9623-4d20fe150000 pid=5630->guuid=36bd5db0-2200-0000-9623-4d20ff150000 pid=5631 clone guuid=54984adc-2300-0000-9623-4d200b160000 pid=5643 /tmp/Space guuid=3bb9eeaf-2200-0000-9623-4d20fe150000 pid=5630->guuid=54984adc-2300-0000-9623-4d200b160000 pid=5643 clone guuid=cab252dc-2300-0000-9623-4d200c160000 pid=5644 /tmp/Space net send-data zombie guuid=3bb9eeaf-2200-0000-9623-4d20fe150000 pid=5630->guuid=cab252dc-2300-0000-9623-4d200c160000 pid=5644 clone guuid=ad7666b0-2200-0000-9623-4d2000160000 pid=5632 /tmp/Space guuid=36bd5db0-2200-0000-9623-4d20ff150000 pid=5631->guuid=ad7666b0-2200-0000-9623-4d2000160000 pid=5632 clone guuid=df756db0-2200-0000-9623-4d2001160000 pid=5633 /tmp/Space net send-data zombie guuid=36bd5db0-2200-0000-9623-4d20ff150000 pid=5631->guuid=df756db0-2200-0000-9623-4d2001160000 pid=5633 clone guuid=df756db0-2200-0000-9623-4d2001160000 pid=5633->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=df756db0-2200-0000-9623-4d2001160000 pid=5633->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 64B guuid=cab252dc-2300-0000-9623-4d200c160000 pid=5644->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=cab252dc-2300-0000-9623-4d200c160000 pid=5644->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 16B guuid=5d3762dc-2300-0000-9623-4d200d160000 pid=5645->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 149B guuid=103f0de2-2300-0000-9623-4d200e160000 pid=5646->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 98B guuid=9c1de8e8-2300-0000-9623-4d2012160000 pid=5650->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 148B guuid=af529af3-2300-0000-9623-4d201b160000 pid=5659->71f0aa2d-ca86-5e26-ac9a-e7f60432059a send: 97B guuid=2cab16ff-2300-0000-9623-4d201e160000 pid=5662->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=695f8cff-2300-0000-9623-4d201f160000 pid=5663 /tmp/Space guuid=2cab16ff-2300-0000-9623-4d201e160000 pid=5662->guuid=695f8cff-2300-0000-9623-4d201f160000 pid=5663 clone guuid=aa431f00-2400-0000-9623-4d2020160000 pid=5664 /tmp/Space guuid=695f8cff-2300-0000-9623-4d201f160000 pid=5663->guuid=aa431f00-2400-0000-9623-4d2020160000 pid=5664 clone guuid=e8f82200-2400-0000-9623-4d2021160000 pid=5665 /tmp/Space net send-data zombie guuid=695f8cff-2300-0000-9623-4d201f160000 pid=5663->guuid=e8f82200-2400-0000-9623-4d2021160000 pid=5665 clone guuid=e8f82200-2400-0000-9623-4d2021160000 pid=5665->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e8f82200-2400-0000-9623-4d2021160000 pid=5665->9b8f721d-ac51-5686-b3c6-fc717356b9b8 send: 9B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ee049e30cb33ab713c24efa7dc1032f2de4d5e3b2855574c25aab0ca728ea0df
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ee049e30cb33ab713c24efa7dc1032f2de4d5e3b2855574c25aab0ca728ea0df/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/ee049e30cb33ab713c24efa7dc1032f2de4d5e3b2855574c25aab0ca728ea0df
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-03-10 20:29:15 UTC
File Type:
Text (Shell)
AV detection:
17 of 24 (70.83%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5ycj4mglgovxcpbe56t5yebs6lpe2xr3fbkvotbfvkymu4uoudpq._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/260310-y9nhysbx2n/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.34
Link:
https://yomi.yoroi.company/submissions/ee049e30cb33ab713c24efa7dc1032f2de4d5e3b2855574c25aab0ca728ea0df

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders
Rule name:MAL_Linux_IoT_MultiArch_BotnetLoader_Generic
Create hunting rule
Author:Anish Bogati
Description:Technique-based detection of IoT/Linux botnet loader shell scripts downloading binaries from numeric IPs, chmodding, and executing multi-architecture payloads
Reference:MalwareBazaar sample lilin.sh

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh ee049e30cb33ab713c24efa7dc1032f2de4d5e3b2855574c25aab0ca728ea0df

(this sample)

Mirai

elf 1bd36ccedcad1be4add977e7296eebf6e8e0c89a5cb117695989f7b90581f45f

  
URLhaus
https://urlhaus.abuse.ch/url/3787125/
  
Delivery method
Distributed via web download
  
Dropping
MD5 1574d4dca38c698c2a0aedc23d182234
  
Dropping
SHA256 1bd36ccedcad1be4add977e7296eebf6e8e0c89a5cb117695989f7b90581f45f

Comments