MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f19598deddf930da7e84172ea0a6bb8568a18a610e5bfb36183be1dbba5cd456. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f19598deddf930da7e84172ea0a6bb8568a18a610e5bfb36183be1dbba5cd456
SHA3-384 hash: 4fbf1941fa71127152bc678f05e37f315eb7f85e50564936eb312bddfc3396068df3c17955e2714d894a5808c6e324bf
SHA1 hash: 9d6029a73b6bea6dae4a1072818f83b825db11f0
MD5 hash: 5c824fb82cc62fc947e8f1b4d0a7ddab
humanhash: vermont-xray-robert-louisiana
File name:ohshit.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'910 bytes
First seen:2025-07-17 20:52:00 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:v47H7N7h4q6G4gizP4aKW4coU47c7o7U4f93b4X9R4wcg4zpV4iSO4e+C4NfT4lo:v47H7N7h4q6G4gizP4aKW4coU47c7o7g
TLSH T16C51918D72440D782973EA13FAB6E12C32C590529DE17B95DDE4BAF8839ED143A40B63
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://87.121.84.75/hiddenbin/boatnet.x861675c26d3dbc855c34d495a9669e13fd716e35bc7ea2cafdfd5b606586b64a75 Miraicensys elf mirai ua-wget
http://87.121.84.75/hiddenbin/boatnet.mips21ce5a7caef5b6b4eef88e8045fb846184d6cb5cf339c2eb567d876a66f5bc9b Miraielf mirai ua-wget
http://87.121.84.75/hiddenbin/boatnet.arce513df7b78d1420c08ef0ec7f763995c9868c87879a3a50e10b45b5be5a1926c Miraielf mirai ua-wget
http://87.121.84.75/hiddenbin/boatnet.i468n/an/aua-wget
http://87.121.84.75/hiddenbin/boatnet.i686n/an/aua-wget
http://87.121.84.75/hiddenbin/boatnet.x86_64n/an/aua-wget
http://87.121.84.75/hiddenbin/boatnet.mpsld8ebd461e8ecdd958c158532b1fef88a6eccf25aac58f6eb4051e6056ba2ef86 Miraielf mirai ua-wget
http://87.121.84.75/hiddenbin/boatnet.arm3bc87303ea5ece64254a2a1a216bac09f20e5eeb5155ac013e877b3915680f7b Miraielf mirai ua-wget
http://87.121.84.75/hiddenbin/boatnet.arm5c119cc6f1a1e189c54c2e58be7e420ef25673714384ccad9128f71924f774341 Miraielf mirai ua-wget
http://87.121.84.75/hiddenbin/boatnet.arm6b4a0d9cd6f4f6f5c5fe85be465a9ca95cf591cd67a6578580b8a53be52b70117 Miraielf mirai ua-wget
http://87.121.84.75/hiddenbin/boatnet.arm7n/an/aua-wget
http://87.121.84.75/hiddenbin/boatnet.ppcd36a9f0b6e2d6b979116d0c4c1b178c96123e245ac7778c82c4c76e35e26055f Miraielf mirai ua-wget
http://87.121.84.75/hiddenbin/boatnet.spce9f52d86ed84bc5f291772756662b7d3eac30f7ac5ebd9604ed6c95012cf1036 Miraielf mirai ua-wget
http://87.121.84.75/hiddenbin/boatnet.m68k5c700d49e13fdf9e423cbe867d9c0ff86525633de97882cf92a7b747f91a44ff Miraielf mirai ua-wget
http://87.121.84.75/hiddenbin/boatnet.sh487e873e3f542c757103aba6f1ba22de6ca4f7efbfcc4025a25f7d631634f2840 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/62d2971e-5220-48b4-9c57-538c960303dc
Behavior Graph:
Download SVG
%3 guuid=cf834742-1800-0000-b008-8322e90c0000 pid=3305 /usr/bin/sudo guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312 /tmp/sample.bin guuid=cf834742-1800-0000-b008-8322e90c0000 pid=3305->guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312 execve guuid=50c57244-1800-0000-b008-8322f20c0000 pid=3314 /usr/bin/wget net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=50c57244-1800-0000-b008-8322f20c0000 pid=3314 execve guuid=5d32df49-1800-0000-b008-8322fd0c0000 pid=3325 /usr/bin/curl net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=5d32df49-1800-0000-b008-8322fd0c0000 pid=3325 execve guuid=a3673956-1800-0000-b008-8322080d0000 pid=3336 /usr/bin/cat guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=a3673956-1800-0000-b008-8322080d0000 pid=3336 execve guuid=2a7b9556-1800-0000-b008-83220a0d0000 pid=3338 /usr/bin/chmod guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=2a7b9556-1800-0000-b008-83220a0d0000 pid=3338 execve guuid=215be856-1800-0000-b008-83220b0d0000 pid=3339 /tmp/WTF net guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=215be856-1800-0000-b008-83220b0d0000 pid=3339 execve guuid=57584257-1800-0000-b008-83220f0d0000 pid=3343 /usr/bin/wget net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=57584257-1800-0000-b008-83220f0d0000 pid=3343 execve guuid=c80ec65b-1800-0000-b008-8322180d0000 pid=3352 /usr/bin/curl net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=c80ec65b-1800-0000-b008-8322180d0000 pid=3352 execve guuid=d10e0d62-1800-0000-b008-83222a0d0000 pid=3370 /usr/bin/bash guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=d10e0d62-1800-0000-b008-83222a0d0000 pid=3370 clone guuid=518f2962-1800-0000-b008-83222b0d0000 pid=3371 /usr/bin/chmod guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=518f2962-1800-0000-b008-83222b0d0000 pid=3371 execve guuid=e56d6b62-1800-0000-b008-83222c0d0000 pid=3372 /tmp/WTF net guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=e56d6b62-1800-0000-b008-83222c0d0000 pid=3372 execve guuid=b0bba662-1800-0000-b008-8322300d0000 pid=3376 /usr/bin/wget net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=b0bba662-1800-0000-b008-8322300d0000 pid=3376 execve guuid=f2f72d69-1800-0000-b008-83223a0d0000 pid=3386 /usr/bin/curl net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=f2f72d69-1800-0000-b008-83223a0d0000 pid=3386 execve guuid=1bbd0b71-1800-0000-b008-83224c0d0000 pid=3404 /usr/bin/bash guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=1bbd0b71-1800-0000-b008-83224c0d0000 pid=3404 clone guuid=ff272e71-1800-0000-b008-83224d0d0000 pid=3405 /usr/bin/chmod guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=ff272e71-1800-0000-b008-83224d0d0000 pid=3405 execve guuid=cbbc8771-1800-0000-b008-83224e0d0000 pid=3406 /tmp/WTF net guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=cbbc8771-1800-0000-b008-83224e0d0000 pid=3406 execve guuid=7140e571-1800-0000-b008-8322520d0000 pid=3410 /usr/bin/wget net send-data guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=7140e571-1800-0000-b008-8322520d0000 pid=3410 execve guuid=57e6e174-1800-0000-b008-8322530d0000 pid=3411 /usr/bin/curl net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=57e6e174-1800-0000-b008-8322530d0000 pid=3411 execve guuid=68c4517a-1800-0000-b008-8322630d0000 pid=3427 /usr/bin/bash guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=68c4517a-1800-0000-b008-8322630d0000 pid=3427 clone guuid=0207707a-1800-0000-b008-8322640d0000 pid=3428 /usr/bin/chmod guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=0207707a-1800-0000-b008-8322640d0000 pid=3428 execve guuid=84b7c67a-1800-0000-b008-8322660d0000 pid=3430 /tmp/WTF net guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=84b7c67a-1800-0000-b008-8322660d0000 pid=3430 execve guuid=ec88177b-1800-0000-b008-83226b0d0000 pid=3435 /usr/bin/wget net send-data guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=ec88177b-1800-0000-b008-83226b0d0000 pid=3435 execve guuid=f80d047f-1800-0000-b008-8322770d0000 pid=3447 /usr/bin/curl net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=f80d047f-1800-0000-b008-8322770d0000 pid=3447 execve guuid=92bfa882-1800-0000-b008-8322830d0000 pid=3459 /usr/bin/bash guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=92bfa882-1800-0000-b008-8322830d0000 pid=3459 clone guuid=3a47cc82-1800-0000-b008-8322850d0000 pid=3461 /usr/bin/chmod guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=3a47cc82-1800-0000-b008-8322850d0000 pid=3461 execve guuid=5a444283-1800-0000-b008-8322870d0000 pid=3463 /tmp/WTF net guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=5a444283-1800-0000-b008-8322870d0000 pid=3463 execve guuid=91489783-1800-0000-b008-83228c0d0000 pid=3468 /usr/bin/wget net send-data guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=91489783-1800-0000-b008-83228c0d0000 pid=3468 execve guuid=402ae787-1800-0000-b008-83229a0d0000 pid=3482 /usr/bin/curl net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=402ae787-1800-0000-b008-83229a0d0000 pid=3482 execve guuid=03b6d68b-1800-0000-b008-8322a70d0000 pid=3495 /usr/bin/bash guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=03b6d68b-1800-0000-b008-8322a70d0000 pid=3495 clone guuid=56e3ef8b-1800-0000-b008-8322a80d0000 pid=3496 /usr/bin/chmod guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=56e3ef8b-1800-0000-b008-8322a80d0000 pid=3496 execve guuid=408b678c-1800-0000-b008-8322aa0d0000 pid=3498 /tmp/WTF net guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=408b678c-1800-0000-b008-8322aa0d0000 pid=3498 execve guuid=748ecc8c-1800-0000-b008-8322af0d0000 pid=3503 /usr/bin/wget net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=748ecc8c-1800-0000-b008-8322af0d0000 pid=3503 execve guuid=bccd0e91-1800-0000-b008-8322bb0d0000 pid=3515 /usr/bin/curl net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=bccd0e91-1800-0000-b008-8322bb0d0000 pid=3515 execve guuid=af61ab96-1800-0000-b008-8322c90d0000 pid=3529 /usr/bin/bash guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=af61ab96-1800-0000-b008-8322c90d0000 pid=3529 clone guuid=9cf9c796-1800-0000-b008-8322ca0d0000 pid=3530 /usr/bin/chmod guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=9cf9c796-1800-0000-b008-8322ca0d0000 pid=3530 execve guuid=4fe92d97-1800-0000-b008-8322cc0d0000 pid=3532 /tmp/WTF net guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=4fe92d97-1800-0000-b008-8322cc0d0000 pid=3532 execve guuid=6ed07697-1800-0000-b008-8322d00d0000 pid=3536 /usr/bin/wget net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=6ed07697-1800-0000-b008-8322d00d0000 pid=3536 execve guuid=6358569b-1800-0000-b008-8322d80d0000 pid=3544 /usr/bin/curl net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=6358569b-1800-0000-b008-8322d80d0000 pid=3544 execve guuid=8306aea1-1800-0000-b008-8322e10d0000 pid=3553 /usr/bin/bash guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=8306aea1-1800-0000-b008-8322e10d0000 pid=3553 clone guuid=11f1d6a1-1800-0000-b008-8322e20d0000 pid=3554 /usr/bin/chmod guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=11f1d6a1-1800-0000-b008-8322e20d0000 pid=3554 execve guuid=918e7ea2-1800-0000-b008-8322e50d0000 pid=3557 /tmp/WTF net guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=918e7ea2-1800-0000-b008-8322e50d0000 pid=3557 execve guuid=fc43b7a2-1800-0000-b008-8322ea0d0000 pid=3562 /usr/bin/wget net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=fc43b7a2-1800-0000-b008-8322ea0d0000 pid=3562 execve guuid=156422a7-1800-0000-b008-8322ee0d0000 pid=3566 /usr/bin/curl net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=156422a7-1800-0000-b008-8322ee0d0000 pid=3566 execve guuid=bf4f59ae-1800-0000-b008-8322f50d0000 pid=3573 /usr/bin/bash guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=bf4f59ae-1800-0000-b008-8322f50d0000 pid=3573 clone guuid=39d981ae-1800-0000-b008-8322f60d0000 pid=3574 /usr/bin/chmod guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=39d981ae-1800-0000-b008-8322f60d0000 pid=3574 execve guuid=c8d805af-1800-0000-b008-8322f70d0000 pid=3575 /tmp/WTF net guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=c8d805af-1800-0000-b008-8322f70d0000 pid=3575 execve guuid=812d65af-1800-0000-b008-8322fb0d0000 pid=3579 /usr/bin/wget net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=812d65af-1800-0000-b008-8322fb0d0000 pid=3579 execve guuid=29479db4-1800-0000-b008-8322fc0d0000 pid=3580 /usr/bin/curl net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=29479db4-1800-0000-b008-8322fc0d0000 pid=3580 execve guuid=4709b4bb-1800-0000-b008-8322010e0000 pid=3585 /usr/bin/bash guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=4709b4bb-1800-0000-b008-8322010e0000 pid=3585 clone guuid=3114e1bb-1800-0000-b008-8322020e0000 pid=3586 /usr/bin/chmod guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=3114e1bb-1800-0000-b008-8322020e0000 pid=3586 execve guuid=9f4662bc-1800-0000-b008-8322040e0000 pid=3588 /tmp/WTF net guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=9f4662bc-1800-0000-b008-8322040e0000 pid=3588 execve guuid=8a5edabc-1800-0000-b008-8322090e0000 pid=3593 /usr/bin/wget net send-data guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=8a5edabc-1800-0000-b008-8322090e0000 pid=3593 execve guuid=2874fcbf-1800-0000-b008-8322110e0000 pid=3601 /usr/bin/curl net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=2874fcbf-1800-0000-b008-8322110e0000 pid=3601 execve guuid=76e09ec7-1800-0000-b008-83221f0e0000 pid=3615 /usr/bin/bash guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=76e09ec7-1800-0000-b008-83221f0e0000 pid=3615 clone guuid=0967bcc7-1800-0000-b008-8322200e0000 pid=3616 /usr/bin/chmod guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=0967bcc7-1800-0000-b008-8322200e0000 pid=3616 execve guuid=35b408c8-1800-0000-b008-8322220e0000 pid=3618 /tmp/WTF net guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=35b408c8-1800-0000-b008-8322220e0000 pid=3618 execve guuid=c02946c8-1800-0000-b008-8322270e0000 pid=3623 /usr/bin/wget net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=c02946c8-1800-0000-b008-8322270e0000 pid=3623 execve guuid=fff2e8cb-1800-0000-b008-8322300e0000 pid=3632 /usr/bin/curl net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=fff2e8cb-1800-0000-b008-8322300e0000 pid=3632 execve guuid=682b29d2-1800-0000-b008-8322420e0000 pid=3650 /usr/bin/bash guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=682b29d2-1800-0000-b008-8322420e0000 pid=3650 clone guuid=1e8952d2-1800-0000-b008-8322440e0000 pid=3652 /usr/bin/chmod guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=1e8952d2-1800-0000-b008-8322440e0000 pid=3652 execve guuid=51d6d9d2-1800-0000-b008-8322470e0000 pid=3655 /tmp/WTF net guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=51d6d9d2-1800-0000-b008-8322470e0000 pid=3655 execve guuid=83b324d3-1800-0000-b008-83224b0e0000 pid=3659 /usr/bin/wget net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=83b324d3-1800-0000-b008-83224b0e0000 pid=3659 execve guuid=c8b68ed8-1800-0000-b008-8322560e0000 pid=3670 /usr/bin/curl net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=c8b68ed8-1800-0000-b008-8322560e0000 pid=3670 execve guuid=2efa09e0-1800-0000-b008-8322660e0000 pid=3686 /usr/bin/bash guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=2efa09e0-1800-0000-b008-8322660e0000 pid=3686 clone guuid=0ff033e0-1800-0000-b008-8322670e0000 pid=3687 /usr/bin/chmod guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=0ff033e0-1800-0000-b008-8322670e0000 pid=3687 execve guuid=61c3bce0-1800-0000-b008-8322680e0000 pid=3688 /tmp/WTF net guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=61c3bce0-1800-0000-b008-8322680e0000 pid=3688 execve guuid=a7b337e1-1800-0000-b008-83226c0e0000 pid=3692 /usr/bin/wget net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=a7b337e1-1800-0000-b008-83226c0e0000 pid=3692 execve guuid=a939f0e6-1800-0000-b008-8322730e0000 pid=3699 /usr/bin/curl net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=a939f0e6-1800-0000-b008-8322730e0000 pid=3699 execve guuid=5795dcef-1800-0000-b008-8322860e0000 pid=3718 /usr/bin/bash guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=5795dcef-1800-0000-b008-8322860e0000 pid=3718 clone guuid=2149ffef-1800-0000-b008-8322870e0000 pid=3719 /usr/bin/chmod guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=2149ffef-1800-0000-b008-8322870e0000 pid=3719 execve guuid=d7e06ff0-1800-0000-b008-8322880e0000 pid=3720 /tmp/WTF net guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=d7e06ff0-1800-0000-b008-8322880e0000 pid=3720 execve guuid=8dfae7f0-1800-0000-b008-83228c0e0000 pid=3724 /usr/bin/wget net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=8dfae7f0-1800-0000-b008-83228c0e0000 pid=3724 execve guuid=dd6547f6-1800-0000-b008-83228d0e0000 pid=3725 /usr/bin/curl net send-data write-file guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=dd6547f6-1800-0000-b008-83228d0e0000 pid=3725 execve guuid=69d40200-1900-0000-b008-83229e0e0000 pid=3742 /usr/bin/bash guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=69d40200-1900-0000-b008-83229e0e0000 pid=3742 clone guuid=7bb43800-1900-0000-b008-83229f0e0000 pid=3743 /usr/bin/chmod guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=7bb43800-1900-0000-b008-83229f0e0000 pid=3743 execve guuid=def0c800-1900-0000-b008-8322a10e0000 pid=3745 /tmp/WTF net guuid=cb32e843-1800-0000-b008-8322f00c0000 pid=3312->guuid=def0c800-1900-0000-b008-8322a10e0000 pid=3745 execve 6d08a444-25df-59bb-8189-2d2180e3769f 87.121.84.75:80 guuid=50c57244-1800-0000-b008-8322f20c0000 pid=3314->6d08a444-25df-59bb-8189-2d2180e3769f send: 148B guuid=5d32df49-1800-0000-b008-8322fd0c0000 pid=3325->6d08a444-25df-59bb-8189-2d2180e3769f send: 97B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=215be856-1800-0000-b008-83220b0d0000 pid=3339->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=22d22b57-1800-0000-b008-83220c0d0000 pid=3340 /tmp/WTF guuid=215be856-1800-0000-b008-83220b0d0000 pid=3339->guuid=22d22b57-1800-0000-b008-83220c0d0000 pid=3340 clone guuid=fd5e3057-1800-0000-b008-83220d0d0000 pid=3341 /tmp/WTF guuid=215be856-1800-0000-b008-83220b0d0000 pid=3339->guuid=fd5e3057-1800-0000-b008-83220d0d0000 pid=3341 clone guuid=d39e3457-1800-0000-b008-83220e0d0000 pid=3342 /tmp/WTF net send-data zombie guuid=215be856-1800-0000-b008-83220b0d0000 pid=3339->guuid=d39e3457-1800-0000-b008-83220e0d0000 pid=3342 clone guuid=d39e3457-1800-0000-b008-83220e0d0000 pid=3342->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 2fca0933-c3ab-506f-8cbb-29bc1399b9fe 87.121.84.75:3778 guuid=d39e3457-1800-0000-b008-83220e0d0000 pid=3342->2fca0933-c3ab-506f-8cbb-29bc1399b9fe send: 7B guuid=57584257-1800-0000-b008-83220f0d0000 pid=3343->6d08a444-25df-59bb-8189-2d2180e3769f send: 149B guuid=c80ec65b-1800-0000-b008-8322180d0000 pid=3352->6d08a444-25df-59bb-8189-2d2180e3769f send: 98B guuid=e56d6b62-1800-0000-b008-83222c0d0000 pid=3372->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=144c9762-1800-0000-b008-83222d0d0000 pid=3373 /tmp/WTF guuid=e56d6b62-1800-0000-b008-83222c0d0000 pid=3372->guuid=144c9762-1800-0000-b008-83222d0d0000 pid=3373 clone guuid=0de19b62-1800-0000-b008-83222e0d0000 pid=3374 /tmp/WTF guuid=e56d6b62-1800-0000-b008-83222c0d0000 pid=3372->guuid=0de19b62-1800-0000-b008-83222e0d0000 pid=3374 clone guuid=23939f62-1800-0000-b008-83222f0d0000 pid=3375 /tmp/WTF net send-data zombie guuid=e56d6b62-1800-0000-b008-83222c0d0000 pid=3372->guuid=23939f62-1800-0000-b008-83222f0d0000 pid=3375 clone guuid=23939f62-1800-0000-b008-83222f0d0000 pid=3375->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=23939f62-1800-0000-b008-83222f0d0000 pid=3375->2fca0933-c3ab-506f-8cbb-29bc1399b9fe send: 7B guuid=b0bba662-1800-0000-b008-8322300d0000 pid=3376->6d08a444-25df-59bb-8189-2d2180e3769f send: 148B guuid=f2f72d69-1800-0000-b008-83223a0d0000 pid=3386->6d08a444-25df-59bb-8189-2d2180e3769f send: 97B guuid=cbbc8771-1800-0000-b008-83224e0d0000 pid=3406->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9481c871-1800-0000-b008-83224f0d0000 pid=3407 /tmp/WTF guuid=cbbc8771-1800-0000-b008-83224e0d0000 pid=3406->guuid=9481c871-1800-0000-b008-83224f0d0000 pid=3407 clone guuid=5c68ce71-1800-0000-b008-8322500d0000 pid=3408 /tmp/WTF guuid=cbbc8771-1800-0000-b008-83224e0d0000 pid=3406->guuid=5c68ce71-1800-0000-b008-8322500d0000 pid=3408 clone guuid=6651d371-1800-0000-b008-8322510d0000 pid=3409 /tmp/WTF net send-data zombie guuid=cbbc8771-1800-0000-b008-83224e0d0000 pid=3406->guuid=6651d371-1800-0000-b008-8322510d0000 pid=3409 clone guuid=6651d371-1800-0000-b008-8322510d0000 pid=3409->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6651d371-1800-0000-b008-8322510d0000 pid=3409->2fca0933-c3ab-506f-8cbb-29bc1399b9fe send: 7B guuid=7140e571-1800-0000-b008-8322520d0000 pid=3410->6d08a444-25df-59bb-8189-2d2180e3769f send: 149B guuid=57e6e174-1800-0000-b008-8322530d0000 pid=3411->6d08a444-25df-59bb-8189-2d2180e3769f send: 98B guuid=84b7c67a-1800-0000-b008-8322660d0000 pid=3430->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=b9a1027b-1800-0000-b008-8322680d0000 pid=3432 /tmp/WTF guuid=84b7c67a-1800-0000-b008-8322660d0000 pid=3430->guuid=b9a1027b-1800-0000-b008-8322680d0000 pid=3432 clone guuid=1da6057b-1800-0000-b008-8322690d0000 pid=3433 /tmp/WTF guuid=84b7c67a-1800-0000-b008-8322660d0000 pid=3430->guuid=1da6057b-1800-0000-b008-8322690d0000 pid=3433 clone guuid=a01b0b7b-1800-0000-b008-83226a0d0000 pid=3434 /tmp/WTF net send-data zombie guuid=84b7c67a-1800-0000-b008-8322660d0000 pid=3430->guuid=a01b0b7b-1800-0000-b008-83226a0d0000 pid=3434 clone guuid=a01b0b7b-1800-0000-b008-83226a0d0000 pid=3434->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a01b0b7b-1800-0000-b008-83226a0d0000 pid=3434->2fca0933-c3ab-506f-8cbb-29bc1399b9fe send: 7B guuid=ec88177b-1800-0000-b008-83226b0d0000 pid=3435->6d08a444-25df-59bb-8189-2d2180e3769f send: 149B guuid=f80d047f-1800-0000-b008-8322770d0000 pid=3447->6d08a444-25df-59bb-8189-2d2180e3769f send: 98B guuid=5a444283-1800-0000-b008-8322870d0000 pid=3463->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=58878083-1800-0000-b008-8322880d0000 pid=3464 /tmp/WTF guuid=5a444283-1800-0000-b008-8322870d0000 pid=3463->guuid=58878083-1800-0000-b008-8322880d0000 pid=3464 clone guuid=6c368683-1800-0000-b008-83228a0d0000 pid=3466 /tmp/WTF guuid=5a444283-1800-0000-b008-8322870d0000 pid=3463->guuid=6c368683-1800-0000-b008-83228a0d0000 pid=3466 clone guuid=672d8b83-1800-0000-b008-83228b0d0000 pid=3467 /tmp/WTF net send-data zombie guuid=5a444283-1800-0000-b008-8322870d0000 pid=3463->guuid=672d8b83-1800-0000-b008-83228b0d0000 pid=3467 clone guuid=672d8b83-1800-0000-b008-83228b0d0000 pid=3467->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=672d8b83-1800-0000-b008-83228b0d0000 pid=3467->2fca0933-c3ab-506f-8cbb-29bc1399b9fe send: 17B guuid=91489783-1800-0000-b008-83228c0d0000 pid=3468->6d08a444-25df-59bb-8189-2d2180e3769f send: 151B guuid=402ae787-1800-0000-b008-83229a0d0000 pid=3482->6d08a444-25df-59bb-8189-2d2180e3769f send: 100B guuid=408b678c-1800-0000-b008-8322aa0d0000 pid=3498->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=eb3dad8c-1800-0000-b008-8322ac0d0000 pid=3500 /tmp/WTF guuid=408b678c-1800-0000-b008-8322aa0d0000 pid=3498->guuid=eb3dad8c-1800-0000-b008-8322ac0d0000 pid=3500 clone guuid=dc69bb8c-1800-0000-b008-8322ad0d0000 pid=3501 /tmp/WTF guuid=408b678c-1800-0000-b008-8322aa0d0000 pid=3498->guuid=dc69bb8c-1800-0000-b008-8322ad0d0000 pid=3501 clone guuid=6658c08c-1800-0000-b008-8322ae0d0000 pid=3502 /tmp/WTF net send-data zombie guuid=408b678c-1800-0000-b008-8322aa0d0000 pid=3498->guuid=6658c08c-1800-0000-b008-8322ae0d0000 pid=3502 clone guuid=6658c08c-1800-0000-b008-8322ae0d0000 pid=3502->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6658c08c-1800-0000-b008-8322ae0d0000 pid=3502->2fca0933-c3ab-506f-8cbb-29bc1399b9fe send: 7B guuid=748ecc8c-1800-0000-b008-8322af0d0000 pid=3503->6d08a444-25df-59bb-8189-2d2180e3769f send: 149B guuid=bccd0e91-1800-0000-b008-8322bb0d0000 pid=3515->6d08a444-25df-59bb-8189-2d2180e3769f send: 98B guuid=4fe92d97-1800-0000-b008-8322cc0d0000 pid=3532->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=0e246097-1800-0000-b008-8322cd0d0000 pid=3533 /tmp/WTF guuid=4fe92d97-1800-0000-b008-8322cc0d0000 pid=3532->guuid=0e246097-1800-0000-b008-8322cd0d0000 pid=3533 clone guuid=7d9b6397-1800-0000-b008-8322ce0d0000 pid=3534 /tmp/WTF guuid=4fe92d97-1800-0000-b008-8322cc0d0000 pid=3532->guuid=7d9b6397-1800-0000-b008-8322ce0d0000 pid=3534 clone guuid=5d1f6797-1800-0000-b008-8322cf0d0000 pid=3535 /tmp/WTF net send-data zombie guuid=4fe92d97-1800-0000-b008-8322cc0d0000 pid=3532->guuid=5d1f6797-1800-0000-b008-8322cf0d0000 pid=3535 clone guuid=5d1f6797-1800-0000-b008-8322cf0d0000 pid=3535->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=5d1f6797-1800-0000-b008-8322cf0d0000 pid=3535->2fca0933-c3ab-506f-8cbb-29bc1399b9fe send: 7B guuid=6ed07697-1800-0000-b008-8322d00d0000 pid=3536->6d08a444-25df-59bb-8189-2d2180e3769f send: 148B guuid=6358569b-1800-0000-b008-8322d80d0000 pid=3544->6d08a444-25df-59bb-8189-2d2180e3769f send: 97B guuid=918e7ea2-1800-0000-b008-8322e50d0000 pid=3557->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ab6ba8a2-1800-0000-b008-8322e70d0000 pid=3559 /tmp/WTF guuid=918e7ea2-1800-0000-b008-8322e50d0000 pid=3557->guuid=ab6ba8a2-1800-0000-b008-8322e70d0000 pid=3559 clone guuid=2f3baba2-1800-0000-b008-8322e80d0000 pid=3560 /tmp/WTF guuid=918e7ea2-1800-0000-b008-8322e50d0000 pid=3557->guuid=2f3baba2-1800-0000-b008-8322e80d0000 pid=3560 clone guuid=53d0aea2-1800-0000-b008-8322e90d0000 pid=3561 /tmp/WTF net send-data zombie guuid=918e7ea2-1800-0000-b008-8322e50d0000 pid=3557->guuid=53d0aea2-1800-0000-b008-8322e90d0000 pid=3561 clone guuid=53d0aea2-1800-0000-b008-8322e90d0000 pid=3561->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=53d0aea2-1800-0000-b008-8322e90d0000 pid=3561->2fca0933-c3ab-506f-8cbb-29bc1399b9fe send: 7B guuid=fc43b7a2-1800-0000-b008-8322ea0d0000 pid=3562->6d08a444-25df-59bb-8189-2d2180e3769f send: 149B guuid=156422a7-1800-0000-b008-8322ee0d0000 pid=3566->6d08a444-25df-59bb-8189-2d2180e3769f send: 98B guuid=c8d805af-1800-0000-b008-8322f70d0000 pid=3575->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=840f4caf-1800-0000-b008-8322f80d0000 pid=3576 /tmp/WTF guuid=c8d805af-1800-0000-b008-8322f70d0000 pid=3575->guuid=840f4caf-1800-0000-b008-8322f80d0000 pid=3576 clone guuid=47d051af-1800-0000-b008-8322f90d0000 pid=3577 /tmp/WTF guuid=c8d805af-1800-0000-b008-8322f70d0000 pid=3575->guuid=47d051af-1800-0000-b008-8322f90d0000 pid=3577 clone guuid=ff2c56af-1800-0000-b008-8322fa0d0000 pid=3578 /tmp/WTF net send-data zombie guuid=c8d805af-1800-0000-b008-8322f70d0000 pid=3575->guuid=ff2c56af-1800-0000-b008-8322fa0d0000 pid=3578 clone guuid=ff2c56af-1800-0000-b008-8322fa0d0000 pid=3578->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=ff2c56af-1800-0000-b008-8322fa0d0000 pid=3578->2fca0933-c3ab-506f-8cbb-29bc1399b9fe send: 7B guuid=812d65af-1800-0000-b008-8322fb0d0000 pid=3579->6d08a444-25df-59bb-8189-2d2180e3769f send: 149B guuid=29479db4-1800-0000-b008-8322fc0d0000 pid=3580->6d08a444-25df-59bb-8189-2d2180e3769f send: 98B guuid=9f4662bc-1800-0000-b008-8322040e0000 pid=3588->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=90c5adbc-1800-0000-b008-8322060e0000 pid=3590 /tmp/WTF guuid=9f4662bc-1800-0000-b008-8322040e0000 pid=3588->guuid=90c5adbc-1800-0000-b008-8322060e0000 pid=3590 clone guuid=da8ab3bc-1800-0000-b008-8322070e0000 pid=3591 /tmp/WTF guuid=9f4662bc-1800-0000-b008-8322040e0000 pid=3588->guuid=da8ab3bc-1800-0000-b008-8322070e0000 pid=3591 clone guuid=bb1eb8bc-1800-0000-b008-8322080e0000 pid=3592 /tmp/WTF net send-data zombie guuid=9f4662bc-1800-0000-b008-8322040e0000 pid=3588->guuid=bb1eb8bc-1800-0000-b008-8322080e0000 pid=3592 clone guuid=bb1eb8bc-1800-0000-b008-8322080e0000 pid=3592->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=bb1eb8bc-1800-0000-b008-8322080e0000 pid=3592->2fca0933-c3ab-506f-8cbb-29bc1399b9fe send: 7B guuid=8a5edabc-1800-0000-b008-8322090e0000 pid=3593->6d08a444-25df-59bb-8189-2d2180e3769f send: 149B guuid=2874fcbf-1800-0000-b008-8322110e0000 pid=3601->6d08a444-25df-59bb-8189-2d2180e3769f send: 98B guuid=35b408c8-1800-0000-b008-8322220e0000 pid=3618->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=347134c8-1800-0000-b008-8322230e0000 pid=3619 /tmp/WTF guuid=35b408c8-1800-0000-b008-8322220e0000 pid=3618->guuid=347134c8-1800-0000-b008-8322230e0000 pid=3619 clone guuid=66f837c8-1800-0000-b008-8322240e0000 pid=3620 /tmp/WTF guuid=35b408c8-1800-0000-b008-8322220e0000 pid=3618->guuid=66f837c8-1800-0000-b008-8322240e0000 pid=3620 clone guuid=35c73bc8-1800-0000-b008-8322250e0000 pid=3621 /tmp/WTF net send-data zombie guuid=35b408c8-1800-0000-b008-8322220e0000 pid=3618->guuid=35c73bc8-1800-0000-b008-8322250e0000 pid=3621 clone guuid=35c73bc8-1800-0000-b008-8322250e0000 pid=3621->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=35c73bc8-1800-0000-b008-8322250e0000 pid=3621->2fca0933-c3ab-506f-8cbb-29bc1399b9fe send: 7B guuid=c02946c8-1800-0000-b008-8322270e0000 pid=3623->6d08a444-25df-59bb-8189-2d2180e3769f send: 148B guuid=fff2e8cb-1800-0000-b008-8322300e0000 pid=3632->6d08a444-25df-59bb-8189-2d2180e3769f send: 97B guuid=51d6d9d2-1800-0000-b008-8322470e0000 pid=3655->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=1f4713d3-1800-0000-b008-8322480e0000 pid=3656 /tmp/WTF guuid=51d6d9d2-1800-0000-b008-8322470e0000 pid=3655->guuid=1f4713d3-1800-0000-b008-8322480e0000 pid=3656 clone guuid=47dd17d3-1800-0000-b008-8322490e0000 pid=3657 /tmp/WTF guuid=51d6d9d2-1800-0000-b008-8322470e0000 pid=3655->guuid=47dd17d3-1800-0000-b008-8322490e0000 pid=3657 clone guuid=43bc1ad3-1800-0000-b008-83224a0e0000 pid=3658 /tmp/WTF net send-data zombie guuid=51d6d9d2-1800-0000-b008-8322470e0000 pid=3655->guuid=43bc1ad3-1800-0000-b008-83224a0e0000 pid=3658 clone guuid=43bc1ad3-1800-0000-b008-83224a0e0000 pid=3658->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=43bc1ad3-1800-0000-b008-83224a0e0000 pid=3658->2fca0933-c3ab-506f-8cbb-29bc1399b9fe send: 12B guuid=83b324d3-1800-0000-b008-83224b0e0000 pid=3659->6d08a444-25df-59bb-8189-2d2180e3769f send: 148B guuid=c8b68ed8-1800-0000-b008-8322560e0000 pid=3670->6d08a444-25df-59bb-8189-2d2180e3769f send: 97B guuid=61c3bce0-1800-0000-b008-8322680e0000 pid=3688->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=3bba10e1-1800-0000-b008-8322690e0000 pid=3689 /tmp/WTF guuid=61c3bce0-1800-0000-b008-8322680e0000 pid=3688->guuid=3bba10e1-1800-0000-b008-8322690e0000 pid=3689 clone guuid=790e19e1-1800-0000-b008-83226a0e0000 pid=3690 /tmp/WTF guuid=61c3bce0-1800-0000-b008-8322680e0000 pid=3688->guuid=790e19e1-1800-0000-b008-83226a0e0000 pid=3690 clone guuid=518724e1-1800-0000-b008-83226b0e0000 pid=3691 /tmp/WTF net send-data zombie guuid=61c3bce0-1800-0000-b008-8322680e0000 pid=3688->guuid=518724e1-1800-0000-b008-83226b0e0000 pid=3691 clone guuid=518724e1-1800-0000-b008-83226b0e0000 pid=3691->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=518724e1-1800-0000-b008-83226b0e0000 pid=3691->2fca0933-c3ab-506f-8cbb-29bc1399b9fe send: 7B guuid=a7b337e1-1800-0000-b008-83226c0e0000 pid=3692->6d08a444-25df-59bb-8189-2d2180e3769f send: 149B guuid=a939f0e6-1800-0000-b008-8322730e0000 pid=3699->6d08a444-25df-59bb-8189-2d2180e3769f send: 98B guuid=d7e06ff0-1800-0000-b008-8322880e0000 pid=3720->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9b4db5f0-1800-0000-b008-8322890e0000 pid=3721 /tmp/WTF guuid=d7e06ff0-1800-0000-b008-8322880e0000 pid=3720->guuid=9b4db5f0-1800-0000-b008-8322890e0000 pid=3721 clone guuid=62c7bbf0-1800-0000-b008-83228a0e0000 pid=3722 /tmp/WTF guuid=d7e06ff0-1800-0000-b008-8322880e0000 pid=3720->guuid=62c7bbf0-1800-0000-b008-83228a0e0000 pid=3722 clone guuid=6b8cc4f0-1800-0000-b008-83228b0e0000 pid=3723 /tmp/WTF net send-data zombie guuid=d7e06ff0-1800-0000-b008-8322880e0000 pid=3720->guuid=6b8cc4f0-1800-0000-b008-83228b0e0000 pid=3723 clone guuid=6b8cc4f0-1800-0000-b008-83228b0e0000 pid=3723->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6b8cc4f0-1800-0000-b008-83228b0e0000 pid=3723->2fca0933-c3ab-506f-8cbb-29bc1399b9fe send: 7B guuid=8dfae7f0-1800-0000-b008-83228c0e0000 pid=3724->6d08a444-25df-59bb-8189-2d2180e3769f send: 148B guuid=dd6547f6-1800-0000-b008-83228d0e0000 pid=3725->6d08a444-25df-59bb-8189-2d2180e3769f send: 97B guuid=def0c800-1900-0000-b008-8322a10e0000 pid=3745->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=79a82301-1900-0000-b008-8322a30e0000 pid=3747 /tmp/WTF guuid=def0c800-1900-0000-b008-8322a10e0000 pid=3745->guuid=79a82301-1900-0000-b008-8322a30e0000 pid=3747 clone guuid=00e72901-1900-0000-b008-8322a40e0000 pid=3748 /tmp/WTF guuid=def0c800-1900-0000-b008-8322a10e0000 pid=3745->guuid=00e72901-1900-0000-b008-8322a40e0000 pid=3748 clone guuid=d3ed2f01-1900-0000-b008-8322a50e0000 pid=3749 /tmp/WTF net send-data zombie guuid=def0c800-1900-0000-b008-8322a10e0000 pid=3745->guuid=d3ed2f01-1900-0000-b008-8322a50e0000 pid=3749 clone guuid=d3ed2f01-1900-0000-b008-8322a50e0000 pid=3749->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d3ed2f01-1900-0000-b008-8322a50e0000 pid=3749->2fca0933-c3ab-506f-8cbb-29bc1399b9fe send: 7B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f19598deddf930da7e84172ea0a6bb8568a18a610e5bfb36183be1dbba5cd456
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f19598deddf930da7e84172ea0a6bb8568a18a610e5bfb36183be1dbba5cd456/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-07-17 20:52:17 UTC
File Type:
Text (Shell)
AV detection:
18 of 24 (75.00%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6gkzrxw57eynu7uec4xkbjv3qvukdctbbzn7wnqyhpq5xos42rla._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/250717-zntzaasjv9/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/f19598deddf930da7e84172ea0a6bb8568a18a610e5bfb36183be1dbba5cd456

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh f19598deddf930da7e84172ea0a6bb8568a18a610e5bfb36183be1dbba5cd456

(this sample)

Mirai

elf 1675c26d3dbc855c34d495a9669e13fd716e35bc7ea2cafdfd5b606586b64a75

  
URLhaus
https://urlhaus.abuse.ch/url/3585118/
  
Delivery method
Distributed via web download
  
Dropping
MD5 7931fae0f28f9e5254c4fff3d79ec173
  
Dropping
SHA256 1675c26d3dbc855c34d495a9669e13fd716e35bc7ea2cafdfd5b606586b64a75

Comments