MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f9911fdac209474def68080e7f6dea341390bf9fcbf72bcf73f7d111a3b328c3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments

SHA256 hash: f9911fdac209474def68080e7f6dea341390bf9fcbf72bcf73f7d111a3b328c3
SHA3-384 hash: 51c18f0390977f06db36b9bd71a08d48ddec6be8f4f141f0e2029a7bfbbb343f8b888da1abd49a4448c9965bfd839f3b
SHA1 hash: 9ef9d0c9681a17b61a01c0f48b915372a24d9d32
MD5 hash: 9077f8a7e5b4d3d548a7d5a944998bc9
humanhash: juliet-fourteen-lithium-salami
File name:WSW0
Download: download sample
File size:266 bytes
First seen:2026-06-26 05:53:12 UTC
Last seen:2026-06-26 21:31:38 UTC
File type: sh
MIME type:text/x-shellscript
ssdeep 6:hTQiFifo7FCLYzUAulNXYq9DG+NjVsNXYrkJ:VTIw7geUPiq9DGmKi2
TLSH T104D097B3A2B311B49026C831F9C6A840B0408B7E4C01E82FBF2723302F81289F9D2394
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://216.107.139.197/n/an/an/a

Intelligence


File Origin
# of uploads :
3
# of downloads :
62
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
File Type:
unix shell
First seen:
2026-06-26T02:58:00Z UTC
Last seen:
2026-06-27T20:09:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p
Status:
terminated
Behavior Graph:
%3 guuid=06be1715-2400-0000-6dd5-b83049140000 pid=5193 /usr/bin/sudo guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194 /tmp/sample.bin guuid=06be1715-2400-0000-6dd5-b83049140000 pid=5193->guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194 execve guuid=9cec2619-2400-0000-6dd5-b8304b140000 pid=5195 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=9cec2619-2400-0000-6dd5-b8304b140000 pid=5195 execve guuid=0dbe9819-2400-0000-6dd5-b8304c140000 pid=5196 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=0dbe9819-2400-0000-6dd5-b8304c140000 pid=5196 execve guuid=deba5b36-2400-0000-6dd5-b8304d140000 pid=5197 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=deba5b36-2400-0000-6dd5-b8304d140000 pid=5197 execve guuid=090aa536-2400-0000-6dd5-b8304e140000 pid=5198 /usr/bin/dash guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=090aa536-2400-0000-6dd5-b8304e140000 pid=5198 clone guuid=63ff5037-2400-0000-6dd5-b83050140000 pid=5200 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=63ff5037-2400-0000-6dd5-b83050140000 pid=5200 execve guuid=f551a537-2400-0000-6dd5-b83051140000 pid=5201 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=f551a537-2400-0000-6dd5-b83051140000 pid=5201 execve guuid=b835b353-2400-0000-6dd5-b83052140000 pid=5202 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=b835b353-2400-0000-6dd5-b83052140000 pid=5202 execve guuid=08b61854-2400-0000-6dd5-b83053140000 pid=5203 /usr/bin/dash guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=08b61854-2400-0000-6dd5-b83053140000 pid=5203 clone guuid=d4b44e56-2400-0000-6dd5-b83055140000 pid=5205 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=d4b44e56-2400-0000-6dd5-b83055140000 pid=5205 execve guuid=e886d456-2400-0000-6dd5-b83056140000 pid=5206 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=e886d456-2400-0000-6dd5-b83056140000 pid=5206 execve guuid=fed92273-2400-0000-6dd5-b83057140000 pid=5207 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=fed92273-2400-0000-6dd5-b83057140000 pid=5207 execve guuid=5308ac73-2400-0000-6dd5-b83058140000 pid=5208 /tmp/LBIL guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=5308ac73-2400-0000-6dd5-b83058140000 pid=5208 execve guuid=18a32074-2400-0000-6dd5-b8305a140000 pid=5210 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=18a32074-2400-0000-6dd5-b8305a140000 pid=5210 execve guuid=6547b474-2400-0000-6dd5-b8305b140000 pid=5211 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=6547b474-2400-0000-6dd5-b8305b140000 pid=5211 execve guuid=96156890-2400-0000-6dd5-b8305d140000 pid=5213 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=96156890-2400-0000-6dd5-b8305d140000 pid=5213 execve guuid=d732eb90-2400-0000-6dd5-b8305e140000 pid=5214 /usr/bin/dash guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=d732eb90-2400-0000-6dd5-b8305e140000 pid=5214 clone guuid=3bf7b991-2400-0000-6dd5-b83060140000 pid=5216 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=3bf7b991-2400-0000-6dd5-b83060140000 pid=5216 execve guuid=cedd1492-2400-0000-6dd5-b83061140000 pid=5217 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=cedd1492-2400-0000-6dd5-b83061140000 pid=5217 execve guuid=aee641ad-2400-0000-6dd5-b83062140000 pid=5218 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=aee641ad-2400-0000-6dd5-b83062140000 pid=5218 execve guuid=d4669cad-2400-0000-6dd5-b83063140000 pid=5219 /tmp/BNFC guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=d4669cad-2400-0000-6dd5-b83063140000 pid=5219 execve guuid=dfe6b5ad-2400-0000-6dd5-b83065140000 pid=5221 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=dfe6b5ad-2400-0000-6dd5-b83065140000 pid=5221 execve guuid=4902f9ad-2400-0000-6dd5-b83066140000 pid=5222 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=4902f9ad-2400-0000-6dd5-b83066140000 pid=5222 execve guuid=3b41f0c8-2400-0000-6dd5-b83067140000 pid=5223 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=3b41f0c8-2400-0000-6dd5-b83067140000 pid=5223 execve guuid=02353ac9-2400-0000-6dd5-b83068140000 pid=5224 /usr/bin/dash guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=02353ac9-2400-0000-6dd5-b83068140000 pid=5224 clone guuid=5bf48ccb-2400-0000-6dd5-b8306d140000 pid=5229 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=5bf48ccb-2400-0000-6dd5-b8306d140000 pid=5229 execve guuid=97ae14cc-2400-0000-6dd5-b83072140000 pid=5234 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=97ae14cc-2400-0000-6dd5-b83072140000 pid=5234 execve guuid=23e983e9-2400-0000-6dd5-b83073140000 pid=5235 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=23e983e9-2400-0000-6dd5-b83073140000 pid=5235 execve guuid=d183eae9-2400-0000-6dd5-b83074140000 pid=5236 /usr/bin/dash guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=d183eae9-2400-0000-6dd5-b83074140000 pid=5236 clone guuid=38f96feb-2400-0000-6dd5-b83076140000 pid=5238 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=38f96feb-2400-0000-6dd5-b83076140000 pid=5238 execve guuid=fc99d9eb-2400-0000-6dd5-b83077140000 pid=5239 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=fc99d9eb-2400-0000-6dd5-b83077140000 pid=5239 execve guuid=aa78500e-2500-0000-6dd5-b83078140000 pid=5240 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=aa78500e-2500-0000-6dd5-b83078140000 pid=5240 execve guuid=913f0e0f-2500-0000-6dd5-b83079140000 pid=5241 /usr/bin/dash guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=913f0e0f-2500-0000-6dd5-b83079140000 pid=5241 clone guuid=c83b9810-2500-0000-6dd5-b8307b140000 pid=5243 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=c83b9810-2500-0000-6dd5-b8307b140000 pid=5243 execve guuid=9e894211-2500-0000-6dd5-b8307c140000 pid=5244 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=9e894211-2500-0000-6dd5-b8307c140000 pid=5244 execve guuid=071b1229-2500-0000-6dd5-b8307d140000 pid=5245 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=071b1229-2500-0000-6dd5-b8307d140000 pid=5245 execve guuid=6d9aeb29-2500-0000-6dd5-b8307e140000 pid=5246 /usr/bin/dash guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=6d9aeb29-2500-0000-6dd5-b8307e140000 pid=5246 clone guuid=f3268d2c-2500-0000-6dd5-b83080140000 pid=5248 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=f3268d2c-2500-0000-6dd5-b83080140000 pid=5248 execve guuid=f1beab2d-2500-0000-6dd5-b83081140000 pid=5249 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=f1beab2d-2500-0000-6dd5-b83081140000 pid=5249 execve guuid=4a5b274c-2500-0000-6dd5-b83082140000 pid=5250 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=4a5b274c-2500-0000-6dd5-b83082140000 pid=5250 execve guuid=05c0a64c-2500-0000-6dd5-b83083140000 pid=5251 /usr/bin/dash guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=05c0a64c-2500-0000-6dd5-b83083140000 pid=5251 clone guuid=78e1df4d-2500-0000-6dd5-b83085140000 pid=5253 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=78e1df4d-2500-0000-6dd5-b83085140000 pid=5253 execve guuid=dfc8694e-2500-0000-6dd5-b83086140000 pid=5254 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=dfc8694e-2500-0000-6dd5-b83086140000 pid=5254 execve guuid=1391ae71-2500-0000-6dd5-b83087140000 pid=5255 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=1391ae71-2500-0000-6dd5-b83087140000 pid=5255 execve guuid=30510b79-2500-0000-6dd5-b83088140000 pid=5256 /usr/bin/dash guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=30510b79-2500-0000-6dd5-b83088140000 pid=5256 clone guuid=1f810886-2500-0000-6dd5-b8308a140000 pid=5258 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=1f810886-2500-0000-6dd5-b8308a140000 pid=5258 execve guuid=22227a86-2500-0000-6dd5-b8308b140000 pid=5259 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=22227a86-2500-0000-6dd5-b8308b140000 pid=5259 execve guuid=74c18cae-2500-0000-6dd5-b8308c140000 pid=5260 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=74c18cae-2500-0000-6dd5-b8308c140000 pid=5260 execve guuid=f2d220af-2500-0000-6dd5-b8308d140000 pid=5261 /usr/bin/dash guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=f2d220af-2500-0000-6dd5-b8308d140000 pid=5261 clone guuid=788dacb0-2500-0000-6dd5-b8308f140000 pid=5263 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=788dacb0-2500-0000-6dd5-b8308f140000 pid=5263 execve guuid=34a80fb1-2500-0000-6dd5-b83090140000 pid=5264 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=34a80fb1-2500-0000-6dd5-b83090140000 pid=5264 execve guuid=95d7c4cc-2500-0000-6dd5-b83091140000 pid=5265 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=95d7c4cc-2500-0000-6dd5-b83091140000 pid=5265 execve guuid=2d8d49cd-2500-0000-6dd5-b83092140000 pid=5266 /usr/bin/dash guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=2d8d49cd-2500-0000-6dd5-b83092140000 pid=5266 clone guuid=504a83ce-2500-0000-6dd5-b83094140000 pid=5268 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=504a83ce-2500-0000-6dd5-b83094140000 pid=5268 execve guuid=d2802ecf-2500-0000-6dd5-b83095140000 pid=5269 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=d2802ecf-2500-0000-6dd5-b83095140000 pid=5269 execve guuid=90a9cff0-2500-0000-6dd5-b83096140000 pid=5270 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=90a9cff0-2500-0000-6dd5-b83096140000 pid=5270 execve guuid=19bd1af1-2500-0000-6dd5-b83097140000 pid=5271 /usr/bin/dash guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=19bd1af1-2500-0000-6dd5-b83097140000 pid=5271 clone guuid=d13aa4f1-2500-0000-6dd5-b83099140000 pid=5273 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=d13aa4f1-2500-0000-6dd5-b83099140000 pid=5273 execve guuid=9161f1f1-2500-0000-6dd5-b8309a140000 pid=5274 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=9161f1f1-2500-0000-6dd5-b8309a140000 pid=5274 execve guuid=5a591b67-2600-0000-6dd5-b830a1140000 pid=5281 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=5a591b67-2600-0000-6dd5-b830a1140000 pid=5281 execve guuid=ea749a67-2600-0000-6dd5-b830a2140000 pid=5282 /usr/bin/dash guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=ea749a67-2600-0000-6dd5-b830a2140000 pid=5282 clone guuid=200e6768-2600-0000-6dd5-b830a4140000 pid=5284 /usr/bin/rm guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=200e6768-2600-0000-6dd5-b830a4140000 pid=5284 execve guuid=50d0ce68-2600-0000-6dd5-b830a5140000 pid=5285 /usr/bin/wget net send-data write-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=50d0ce68-2600-0000-6dd5-b830a5140000 pid=5285 execve guuid=7de2bf84-2600-0000-6dd5-b830ad140000 pid=5293 /usr/bin/chmod guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=7de2bf84-2600-0000-6dd5-b830ad140000 pid=5293 execve guuid=3b110f85-2600-0000-6dd5-b830ae140000 pid=5294 /usr/bin/dash guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=3b110f85-2600-0000-6dd5-b830ae140000 pid=5294 clone guuid=c73bac85-2600-0000-6dd5-b830b1140000 pid=5297 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=c73bac85-2600-0000-6dd5-b830b1140000 pid=5297 execve guuid=a481fd85-2600-0000-6dd5-b830b2140000 pid=5298 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=a481fd85-2600-0000-6dd5-b830b2140000 pid=5298 execve guuid=72bd4386-2600-0000-6dd5-b830b3140000 pid=5299 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=72bd4386-2600-0000-6dd5-b830b3140000 pid=5299 execve guuid=8ee18886-2600-0000-6dd5-b830b4140000 pid=5300 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=8ee18886-2600-0000-6dd5-b830b4140000 pid=5300 execve guuid=9ff4d586-2600-0000-6dd5-b830b5140000 pid=5301 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=9ff4d586-2600-0000-6dd5-b830b5140000 pid=5301 execve guuid=2e741b87-2600-0000-6dd5-b830b6140000 pid=5302 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=2e741b87-2600-0000-6dd5-b830b6140000 pid=5302 execve guuid=28416987-2600-0000-6dd5-b830b7140000 pid=5303 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=28416987-2600-0000-6dd5-b830b7140000 pid=5303 execve guuid=18d8b587-2600-0000-6dd5-b830b8140000 pid=5304 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=18d8b587-2600-0000-6dd5-b830b8140000 pid=5304 execve guuid=9309ff87-2600-0000-6dd5-b830b9140000 pid=5305 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=9309ff87-2600-0000-6dd5-b830b9140000 pid=5305 execve guuid=88df4388-2600-0000-6dd5-b830ba140000 pid=5306 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=88df4388-2600-0000-6dd5-b830ba140000 pid=5306 execve guuid=54ca8588-2600-0000-6dd5-b830bb140000 pid=5307 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=54ca8588-2600-0000-6dd5-b830bb140000 pid=5307 execve guuid=c7f8cb88-2600-0000-6dd5-b830bc140000 pid=5308 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=c7f8cb88-2600-0000-6dd5-b830bc140000 pid=5308 execve guuid=c3563789-2600-0000-6dd5-b830bd140000 pid=5309 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=c3563789-2600-0000-6dd5-b830bd140000 pid=5309 execve guuid=221da489-2600-0000-6dd5-b830be140000 pid=5310 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=221da489-2600-0000-6dd5-b830be140000 pid=5310 execve guuid=ec500c8a-2600-0000-6dd5-b830bf140000 pid=5311 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=ec500c8a-2600-0000-6dd5-b830bf140000 pid=5311 execve guuid=effa728a-2600-0000-6dd5-b830c0140000 pid=5312 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=effa728a-2600-0000-6dd5-b830c0140000 pid=5312 execve guuid=a00fe18a-2600-0000-6dd5-b830c1140000 pid=5313 /usr/bin/rm delete-file guuid=a907bc18-2400-0000-6dd5-b8304a140000 pid=5194->guuid=a00fe18a-2600-0000-6dd5-b830c1140000 pid=5313 execve d7be7143-8a84-51ae-b4d7-8e2f14064a79 216.107.139.197:80 guuid=0dbe9819-2400-0000-6dd5-b8304c140000 pid=5196->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=f551a537-2400-0000-6dd5-b83051140000 pid=5201->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=e886d456-2400-0000-6dd5-b83056140000 pid=5206->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=6ab4cc73-2400-0000-6dd5-b83059140000 pid=5209 /tmp/LBIL net send-data write-file zombie guuid=5308ac73-2400-0000-6dd5-b83058140000 pid=5208->guuid=6ab4cc73-2400-0000-6dd5-b83059140000 pid=5209 clone aaf9c0a7-7302-5ede-b172-9a9351bb3b01 2000:::0 guuid=6ab4cc73-2400-0000-6dd5-b83059140000 pid=5209->aaf9c0a7-7302-5ede-b172-9a9351bb3b01 con 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=6ab4cc73-2400-0000-6dd5-b83059140000 pid=5209->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 495B e0ec34da-6728-5421-bf74-e67eb37a76fd 127.0.0.1:53 guuid=6ab4cc73-2400-0000-6dd5-b83059140000 pid=5209->e0ec34da-6728-5421-bf74-e67eb37a76fd send: 495B guuid=162bb880-2400-0000-6dd5-b8305c140000 pid=5212 /usr/bin/uname guuid=6ab4cc73-2400-0000-6dd5-b83059140000 pid=5209->guuid=162bb880-2400-0000-6dd5-b8305c140000 pid=5212 execve guuid=6547b474-2400-0000-6dd5-b8305b140000 pid=5211->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=cedd1492-2400-0000-6dd5-b83061140000 pid=5217->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=4b67aead-2400-0000-6dd5-b83064140000 pid=5220 /tmp/BNFC zombie guuid=d4669cad-2400-0000-6dd5-b83063140000 pid=5219->guuid=4b67aead-2400-0000-6dd5-b83064140000 pid=5220 clone guuid=4902f9ad-2400-0000-6dd5-b83066140000 pid=5222->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=97ae14cc-2400-0000-6dd5-b83072140000 pid=5234->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=fc99d9eb-2400-0000-6dd5-b83077140000 pid=5239->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=9e894211-2500-0000-6dd5-b8307c140000 pid=5244->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=f1beab2d-2500-0000-6dd5-b83081140000 pid=5249->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=dfc8694e-2500-0000-6dd5-b83086140000 pid=5254->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=22227a86-2500-0000-6dd5-b8308b140000 pid=5259->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=34a80fb1-2500-0000-6dd5-b83090140000 pid=5264->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=d2802ecf-2500-0000-6dd5-b83095140000 pid=5269->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=9161f1f1-2500-0000-6dd5-b8309a140000 pid=5274->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B guuid=50d0ce68-2600-0000-6dd5-b830a5140000 pid=5285->d7be7143-8a84-51ae-b4d7-8e2f14064a79 send: 134B
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Threat name:
Win32.Trojan.Vigorf
Status:
Malicious
First seen:
2026-06-26 05:54:28 UTC
File Type:
Text (Shell)
AV detection:
10 of 23 (43.48%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  7/10
Tags:
antivm credential_access defense_evasion linux
Behaviour
Writes file to tmp directory
Checks CPU configuration
File and Directory Permissions Modification
Executes dropped EXE
OS Credential Dumping
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh f9911fdac209474def68080e7f6dea341390bf9fcbf72bcf73f7d111a3b328c3

(this sample)

  
Delivery method
Distributed via web download

Comments