MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fe76c6c965dc7d0be02f485bd7fa1876a5597e9548fb6612ce0ef3ee98061860. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fe76c6c965dc7d0be02f485bd7fa1876a5597e9548fb6612ce0ef3ee98061860
SHA3-384 hash: 3e000489db8e230dfb4e82b6afb85802d694e40383c1ddd61c4da72ee869fce551d1f9f95b12f6d4a64408ecad9a848f
SHA1 hash: dd5d8972ed3be4bb59bb4e54c296c6ac9229912e
MD5 hash: 9e4dda47da60681bd97353db552963ac
humanhash: fix-november-spaghetti-eight
File name:ohshit.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:2'970 bytes
First seen:2025-07-12 05:54:37 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 48:v+7Z7N7h+Q6G+gozP+AKW+6oU+767o7U+ff3b+p9R+2cg+tpV+oSO+8+C+vfT+HA:v+7Z7N7h+Q6G+gozP+AKW+6oU+767o7w
TLSH T1745191C542644C3D2C67EA13E6F642383482A5629EE17F95DBC4BEF93B8ED143248753
Magika shell
Reporter abuse_ch
Tags:mirai sh
URLMalware sample (SHA256 hash)SignatureTags
http://104.164.104.15/hiddenbin/boatnet.x861f5d03c5318947ab738e23a68b37e0626786af55a80eedc8d062136cd0ef1843 Miraielf mirai ua-wget
http://104.164.104.15/hiddenbin/boatnet.mipsbdc6bd5c9dfd922972d884b211b6f4c77941d42d0880dacd694baa1709846f8f Miraielf mirai ua-wget
http://104.164.104.15/hiddenbin/boatnet.arc9766ebb23b426170c310a2c8cc30aad8859d1f7fd77c18414af5e41b553f8262 Miraielf mirai ua-wget
http://104.164.104.15/hiddenbin/boatnet.i468n/an/aelf ua-wget
http://104.164.104.15/hiddenbin/boatnet.i686n/an/aelf ua-wget
http://104.164.104.15/hiddenbin/boatnet.x86_64n/an/aelf ua-wget
http://104.164.104.15/hiddenbin/boatnet.mpsl14d0d85738a4aabfcb9132d638ced96fd52f26606a588efb196ddb2eb348a27d Miraielf mirai ua-wget
http://104.164.104.15/hiddenbin/boatnet.armf3adc8c087398203b3b2707a0a495871351024669e5b004736b0e5165e0896a6 Miraielf mirai ua-wget
http://104.164.104.15/hiddenbin/boatnet.arm50729ef02769920beb437f560b20f9e0ffd42c6d1897bda24036bbb5f0ead26c2 Miraielf mirai ua-wget
http://104.164.104.15/hiddenbin/boatnet.arm6c71dce36e1bfb040b6ed1b47a9bcad03fb3cd76eae743e6a0dd2f5eb1d9ef283 Miraielf mirai ua-wget
http://104.164.104.15/hiddenbin/boatnet.arm73c8340230b57d8a58b506f8a4aa805023ccd6a27ad5513ccedf9a17d95c9b558 Miraielf mirai ua-wget
http://104.164.104.15/hiddenbin/boatnet.ppc725b11382108ecbf7f502fb72af99a113fa59d00e62e58c351ef5df875b5b636 Miraielf mirai ua-wget
http://104.164.104.15/hiddenbin/boatnet.spc138224c13af0de8c8ed274f2644976102b0e41f3f5f7523e58b6364406fd7e85 Miraielf mirai ua-wget
http://104.164.104.15/hiddenbin/boatnet.m68k34a673dd99a858d01f92650a1fe20cf8927064ee0f448dca9a570ebde6d13bdd Miraielf mirai ua-wget
http://104.164.104.15/hiddenbin/boatnet.sh46f5aafc550615a7446b2bc08cff02a7b42763b3ce2e66130f8c1b9aa7d67483a Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
22
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6871f8e0900df8e7f86a0a96linux22vpnfull_triage
Tags:
trojandownloader downloader agent
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/2b6be4f9-677e-4d97-a358-34215737aa6d
Behavior Graph:
Download SVG
%3 guuid=bc6b16a0-1a00-0000-111a-063a120c0000 pid=3090 /usr/bin/sudo guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096 /tmp/sample.bin guuid=bc6b16a0-1a00-0000-111a-063a120c0000 pid=3090->guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096 execve guuid=15ddf3a2-1a00-0000-111a-063a1b0c0000 pid=3099 /usr/bin/wget net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=15ddf3a2-1a00-0000-111a-063a1b0c0000 pid=3099 execve guuid=7e0a0db7-1a00-0000-111a-063a460c0000 pid=3142 /usr/bin/curl net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=7e0a0db7-1a00-0000-111a-063a460c0000 pid=3142 execve guuid=3896d8cf-1a00-0000-111a-063a690c0000 pid=3177 /usr/bin/cat guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=3896d8cf-1a00-0000-111a-063a690c0000 pid=3177 execve guuid=5b3736d0-1a00-0000-111a-063a6a0c0000 pid=3178 /usr/bin/chmod guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=5b3736d0-1a00-0000-111a-063a6a0c0000 pid=3178 execve guuid=f28390d0-1a00-0000-111a-063a6b0c0000 pid=3179 /tmp/WTF net guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=f28390d0-1a00-0000-111a-063a6b0c0000 pid=3179 execve guuid=f7f8dfd0-1a00-0000-111a-063a6f0c0000 pid=3183 /usr/bin/wget net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=f7f8dfd0-1a00-0000-111a-063a6f0c0000 pid=3183 execve guuid=d5fbd7e5-1a00-0000-111a-063a840c0000 pid=3204 /usr/bin/curl net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=d5fbd7e5-1a00-0000-111a-063a840c0000 pid=3204 execve guuid=d2d7abfb-1a00-0000-111a-063a950c0000 pid=3221 /usr/bin/bash guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=d2d7abfb-1a00-0000-111a-063a950c0000 pid=3221 clone guuid=7970dafb-1a00-0000-111a-063a960c0000 pid=3222 /usr/bin/chmod guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=7970dafb-1a00-0000-111a-063a960c0000 pid=3222 execve guuid=9eba3dfc-1a00-0000-111a-063a970c0000 pid=3223 /tmp/WTF net guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=9eba3dfc-1a00-0000-111a-063a970c0000 pid=3223 execve guuid=18c89dfc-1a00-0000-111a-063a9b0c0000 pid=3227 /usr/bin/wget net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=18c89dfc-1a00-0000-111a-063a9b0c0000 pid=3227 execve guuid=fef2871b-1b00-0000-111a-063ac70c0000 pid=3271 /usr/bin/curl net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=fef2871b-1b00-0000-111a-063ac70c0000 pid=3271 execve guuid=674edc3c-1b00-0000-111a-063a0e0d0000 pid=3342 /usr/bin/bash guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=674edc3c-1b00-0000-111a-063a0e0d0000 pid=3342 clone guuid=2cc71d3d-1b00-0000-111a-063a0f0d0000 pid=3343 /usr/bin/chmod guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=2cc71d3d-1b00-0000-111a-063a0f0d0000 pid=3343 execve guuid=b4887b3d-1b00-0000-111a-063a100d0000 pid=3344 /tmp/WTF net guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=b4887b3d-1b00-0000-111a-063a100d0000 pid=3344 execve guuid=d80bd33d-1b00-0000-111a-063a140d0000 pid=3348 /usr/bin/wget net send-data guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=d80bd33d-1b00-0000-111a-063a140d0000 pid=3348 execve guuid=2125284c-1b00-0000-111a-063a2e0d0000 pid=3374 /usr/bin/curl net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=2125284c-1b00-0000-111a-063a2e0d0000 pid=3374 execve guuid=a702cd5c-1b00-0000-111a-063a4a0d0000 pid=3402 /usr/bin/bash guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=a702cd5c-1b00-0000-111a-063a4a0d0000 pid=3402 clone guuid=5e39ef5c-1b00-0000-111a-063a4c0d0000 pid=3404 /usr/bin/chmod guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=5e39ef5c-1b00-0000-111a-063a4c0d0000 pid=3404 execve guuid=91fd515d-1b00-0000-111a-063a4e0d0000 pid=3406 /tmp/WTF net guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=91fd515d-1b00-0000-111a-063a4e0d0000 pid=3406 execve guuid=25d9b75d-1b00-0000-111a-063a530d0000 pid=3411 /usr/bin/wget net send-data guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=25d9b75d-1b00-0000-111a-063a530d0000 pid=3411 execve guuid=1a32766b-1b00-0000-111a-063a720d0000 pid=3442 /usr/bin/curl net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=1a32766b-1b00-0000-111a-063a720d0000 pid=3442 execve guuid=d79ac07b-1b00-0000-111a-063a9a0d0000 pid=3482 /usr/bin/bash guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=d79ac07b-1b00-0000-111a-063a9a0d0000 pid=3482 clone guuid=2ec2db7b-1b00-0000-111a-063a9c0d0000 pid=3484 /usr/bin/chmod guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=2ec2db7b-1b00-0000-111a-063a9c0d0000 pid=3484 execve guuid=ed48417c-1b00-0000-111a-063a9d0d0000 pid=3485 /tmp/WTF net guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=ed48417c-1b00-0000-111a-063a9d0d0000 pid=3485 execve guuid=f8649c7c-1b00-0000-111a-063aa20d0000 pid=3490 /usr/bin/wget net send-data guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=f8649c7c-1b00-0000-111a-063aa20d0000 pid=3490 execve guuid=8c8d178a-1b00-0000-111a-063abd0d0000 pid=3517 /usr/bin/curl net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=8c8d178a-1b00-0000-111a-063abd0d0000 pid=3517 execve guuid=45d7fb9b-1b00-0000-111a-063ad60d0000 pid=3542 /usr/bin/bash guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=45d7fb9b-1b00-0000-111a-063ad60d0000 pid=3542 clone guuid=5444309c-1b00-0000-111a-063ad70d0000 pid=3543 /usr/bin/chmod guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=5444309c-1b00-0000-111a-063ad70d0000 pid=3543 execve guuid=8192bf9c-1b00-0000-111a-063ad90d0000 pid=3545 /tmp/WTF net guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=8192bf9c-1b00-0000-111a-063ad90d0000 pid=3545 execve guuid=5c56279d-1b00-0000-111a-063add0d0000 pid=3549 /usr/bin/wget net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=5c56279d-1b00-0000-111a-063add0d0000 pid=3549 execve guuid=8a4c60b1-1b00-0000-111a-063a000e0000 pid=3584 /usr/bin/curl net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=8a4c60b1-1b00-0000-111a-063a000e0000 pid=3584 execve guuid=3d5d9bc6-1b00-0000-111a-063a320e0000 pid=3634 /usr/bin/bash guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=3d5d9bc6-1b00-0000-111a-063a320e0000 pid=3634 clone guuid=a393c4c6-1b00-0000-111a-063a340e0000 pid=3636 /usr/bin/chmod guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=a393c4c6-1b00-0000-111a-063a340e0000 pid=3636 execve guuid=a0ec32c7-1b00-0000-111a-063a360e0000 pid=3638 /tmp/WTF net guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=a0ec32c7-1b00-0000-111a-063a360e0000 pid=3638 execve guuid=89839bc7-1b00-0000-111a-063a3a0e0000 pid=3642 /usr/bin/wget net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=89839bc7-1b00-0000-111a-063a3a0e0000 pid=3642 execve guuid=26e9cada-1b00-0000-111a-063a6c0e0000 pid=3692 /usr/bin/curl net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=26e9cada-1b00-0000-111a-063a6c0e0000 pid=3692 execve guuid=1f19a2ee-1b00-0000-111a-063aa70e0000 pid=3751 /usr/bin/bash guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=1f19a2ee-1b00-0000-111a-063aa70e0000 pid=3751 clone guuid=1fc7c0ee-1b00-0000-111a-063aa80e0000 pid=3752 /usr/bin/chmod guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=1fc7c0ee-1b00-0000-111a-063aa80e0000 pid=3752 execve guuid=100c19ef-1b00-0000-111a-063aab0e0000 pid=3755 /tmp/WTF net guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=100c19ef-1b00-0000-111a-063aab0e0000 pid=3755 execve guuid=42a091ef-1b00-0000-111a-063ab30e0000 pid=3763 /usr/bin/wget net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=42a091ef-1b00-0000-111a-063ab30e0000 pid=3763 execve guuid=017d1a03-1c00-0000-111a-063af50e0000 pid=3829 /usr/bin/curl net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=017d1a03-1c00-0000-111a-063af50e0000 pid=3829 execve guuid=83bb8118-1c00-0000-111a-063a410f0000 pid=3905 /usr/bin/bash guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=83bb8118-1c00-0000-111a-063a410f0000 pid=3905 clone guuid=6edcb018-1c00-0000-111a-063a420f0000 pid=3906 /usr/bin/chmod guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=6edcb018-1c00-0000-111a-063a420f0000 pid=3906 execve guuid=08121219-1c00-0000-111a-063a440f0000 pid=3908 /tmp/WTF net guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=08121219-1c00-0000-111a-063a440f0000 pid=3908 execve guuid=acb86b19-1c00-0000-111a-063a490f0000 pid=3913 /usr/bin/wget net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=acb86b19-1c00-0000-111a-063a490f0000 pid=3913 execve guuid=c9507e2c-1c00-0000-111a-063a880f0000 pid=3976 /usr/bin/curl net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=c9507e2c-1c00-0000-111a-063a880f0000 pid=3976 execve guuid=c7900b43-1c00-0000-111a-063ace0f0000 pid=4046 /usr/bin/bash guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=c7900b43-1c00-0000-111a-063ace0f0000 pid=4046 clone guuid=16ba3443-1c00-0000-111a-063acf0f0000 pid=4047 /usr/bin/chmod guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=16ba3443-1c00-0000-111a-063acf0f0000 pid=4047 execve guuid=492aaf43-1c00-0000-111a-063ad10f0000 pid=4049 /tmp/WTF net guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=492aaf43-1c00-0000-111a-063ad10f0000 pid=4049 execve guuid=eb0a1744-1c00-0000-111a-063ad50f0000 pid=4053 /usr/bin/wget net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=eb0a1744-1c00-0000-111a-063ad50f0000 pid=4053 execve guuid=fda44d5e-1c00-0000-111a-063a21100000 pid=4129 /usr/bin/curl net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=fda44d5e-1c00-0000-111a-063a21100000 pid=4129 execve guuid=e1b99f7b-1c00-0000-111a-063a8d100000 pid=4237 /usr/bin/bash guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=e1b99f7b-1c00-0000-111a-063a8d100000 pid=4237 clone guuid=f09bc17b-1c00-0000-111a-063a8e100000 pid=4238 /usr/bin/chmod guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=f09bc17b-1c00-0000-111a-063a8e100000 pid=4238 execve guuid=88d6117c-1c00-0000-111a-063a8f100000 pid=4239 /tmp/WTF net guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=88d6117c-1c00-0000-111a-063a8f100000 pid=4239 execve guuid=416b547c-1c00-0000-111a-063a95100000 pid=4245 /usr/bin/wget net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=416b547c-1c00-0000-111a-063a95100000 pid=4245 execve guuid=3df1338f-1c00-0000-111a-063ae3100000 pid=4323 /usr/bin/curl net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=3df1338f-1c00-0000-111a-063ae3100000 pid=4323 execve guuid=36a2cea5-1c00-0000-111a-063a35110000 pid=4405 /usr/bin/bash guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=36a2cea5-1c00-0000-111a-063a35110000 pid=4405 clone guuid=e49ce9a5-1c00-0000-111a-063a36110000 pid=4406 /usr/bin/chmod guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=e49ce9a5-1c00-0000-111a-063a36110000 pid=4406 execve guuid=4fae8da6-1c00-0000-111a-063a38110000 pid=4408 /tmp/WTF net guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=4fae8da6-1c00-0000-111a-063a38110000 pid=4408 execve guuid=fc6b0ba7-1c00-0000-111a-063a3d110000 pid=4413 /usr/bin/wget net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=fc6b0ba7-1c00-0000-111a-063a3d110000 pid=4413 execve guuid=ea681ec5-1c00-0000-111a-063a9e110000 pid=4510 /usr/bin/curl net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=ea681ec5-1c00-0000-111a-063a9e110000 pid=4510 execve guuid=806a5ef2-1c00-0000-111a-063ada110000 pid=4570 /usr/bin/bash guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=806a5ef2-1c00-0000-111a-063ada110000 pid=4570 clone guuid=362f75f2-1c00-0000-111a-063adb110000 pid=4571 /usr/bin/chmod guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=362f75f2-1c00-0000-111a-063adb110000 pid=4571 execve guuid=a56110f3-1c00-0000-111a-063ae1110000 pid=4577 /tmp/WTF net guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=a56110f3-1c00-0000-111a-063ae1110000 pid=4577 execve guuid=2e228df3-1c00-0000-111a-063ae5110000 pid=4581 /usr/bin/wget net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=2e228df3-1c00-0000-111a-063ae5110000 pid=4581 execve guuid=8651310d-1d00-0000-111a-063a12120000 pid=4626 /usr/bin/curl net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=8651310d-1d00-0000-111a-063a12120000 pid=4626 execve guuid=8083f628-1d00-0000-111a-063a72120000 pid=4722 /usr/bin/bash guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=8083f628-1d00-0000-111a-063a72120000 pid=4722 clone guuid=645c1229-1d00-0000-111a-063a73120000 pid=4723 /usr/bin/chmod guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=645c1229-1d00-0000-111a-063a73120000 pid=4723 execve guuid=aec46a29-1d00-0000-111a-063a75120000 pid=4725 /tmp/WTF net guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=aec46a29-1d00-0000-111a-063a75120000 pid=4725 execve guuid=a42caa29-1d00-0000-111a-063a7a120000 pid=4730 /usr/bin/wget net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=a42caa29-1d00-0000-111a-063a7a120000 pid=4730 execve guuid=048d2343-1d00-0000-111a-063ae0120000 pid=4832 /usr/bin/curl net send-data write-file guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=048d2343-1d00-0000-111a-063ae0120000 pid=4832 execve guuid=952b8c5d-1d00-0000-111a-063a24130000 pid=4900 /usr/bin/bash guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=952b8c5d-1d00-0000-111a-063a24130000 pid=4900 clone guuid=0f13b45d-1d00-0000-111a-063a26130000 pid=4902 /usr/bin/chmod guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=0f13b45d-1d00-0000-111a-063a26130000 pid=4902 execve guuid=e68b205e-1d00-0000-111a-063a28130000 pid=4904 /tmp/WTF net guuid=9a936fa2-1a00-0000-111a-063a180c0000 pid=3096->guuid=e68b205e-1d00-0000-111a-063a28130000 pid=4904 execve 8597c678-19f5-53fc-90aa-87e81ecf04ca 104.164.104.15:80 guuid=15ddf3a2-1a00-0000-111a-063a1b0c0000 pid=3099->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 150B guuid=7e0a0db7-1a00-0000-111a-063a460c0000 pid=3142->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 99B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=f28390d0-1a00-0000-111a-063a6b0c0000 pid=3179->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=1417c6d0-1a00-0000-111a-063a6c0c0000 pid=3180 /tmp/WTF guuid=f28390d0-1a00-0000-111a-063a6b0c0000 pid=3179->guuid=1417c6d0-1a00-0000-111a-063a6c0c0000 pid=3180 clone guuid=143accd0-1a00-0000-111a-063a6d0c0000 pid=3181 /tmp/WTF guuid=f28390d0-1a00-0000-111a-063a6b0c0000 pid=3179->guuid=143accd0-1a00-0000-111a-063a6d0c0000 pid=3181 clone guuid=8795d0d0-1a00-0000-111a-063a6e0c0000 pid=3182 /tmp/WTF net send-data zombie guuid=f28390d0-1a00-0000-111a-063a6b0c0000 pid=3179->guuid=8795d0d0-1a00-0000-111a-063a6e0c0000 pid=3182 clone guuid=8795d0d0-1a00-0000-111a-063a6e0c0000 pid=3182->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 8ae28af7-0778-54f2-8dc2-23581a75fc20 104.164.104.15:3778 guuid=8795d0d0-1a00-0000-111a-063a6e0c0000 pid=3182->8ae28af7-0778-54f2-8dc2-23581a75fc20 send: 7B guuid=f7f8dfd0-1a00-0000-111a-063a6f0c0000 pid=3183->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 151B guuid=d5fbd7e5-1a00-0000-111a-063a840c0000 pid=3204->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 100B guuid=9eba3dfc-1a00-0000-111a-063a970c0000 pid=3223->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e74d7afc-1a00-0000-111a-063a980c0000 pid=3224 /tmp/WTF guuid=9eba3dfc-1a00-0000-111a-063a970c0000 pid=3223->guuid=e74d7afc-1a00-0000-111a-063a980c0000 pid=3224 clone guuid=9bb57efc-1a00-0000-111a-063a990c0000 pid=3225 /tmp/WTF guuid=9eba3dfc-1a00-0000-111a-063a970c0000 pid=3223->guuid=9bb57efc-1a00-0000-111a-063a990c0000 pid=3225 clone guuid=8ee982fc-1a00-0000-111a-063a9a0c0000 pid=3226 /tmp/WTF net send-data zombie guuid=9eba3dfc-1a00-0000-111a-063a970c0000 pid=3223->guuid=8ee982fc-1a00-0000-111a-063a9a0c0000 pid=3226 clone guuid=8ee982fc-1a00-0000-111a-063a9a0c0000 pid=3226->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=8ee982fc-1a00-0000-111a-063a9a0c0000 pid=3226->8ae28af7-0778-54f2-8dc2-23581a75fc20 send: 7B guuid=18c89dfc-1a00-0000-111a-063a9b0c0000 pid=3227->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 150B guuid=fef2871b-1b00-0000-111a-063ac70c0000 pid=3271->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 99B guuid=b4887b3d-1b00-0000-111a-063a100d0000 pid=3344->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=57e6b33d-1b00-0000-111a-063a110d0000 pid=3345 /tmp/WTF guuid=b4887b3d-1b00-0000-111a-063a100d0000 pid=3344->guuid=57e6b33d-1b00-0000-111a-063a110d0000 pid=3345 clone guuid=233db73d-1b00-0000-111a-063a120d0000 pid=3346 /tmp/WTF guuid=b4887b3d-1b00-0000-111a-063a100d0000 pid=3344->guuid=233db73d-1b00-0000-111a-063a120d0000 pid=3346 clone guuid=f981bb3d-1b00-0000-111a-063a130d0000 pid=3347 /tmp/WTF net send-data zombie guuid=b4887b3d-1b00-0000-111a-063a100d0000 pid=3344->guuid=f981bb3d-1b00-0000-111a-063a130d0000 pid=3347 clone guuid=f981bb3d-1b00-0000-111a-063a130d0000 pid=3347->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f981bb3d-1b00-0000-111a-063a130d0000 pid=3347->8ae28af7-0778-54f2-8dc2-23581a75fc20 send: 7B guuid=d80bd33d-1b00-0000-111a-063a140d0000 pid=3348->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 151B guuid=2125284c-1b00-0000-111a-063a2e0d0000 pid=3374->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 100B guuid=91fd515d-1b00-0000-111a-063a4e0d0000 pid=3406->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=21c2945d-1b00-0000-111a-063a4f0d0000 pid=3407 /tmp/WTF guuid=91fd515d-1b00-0000-111a-063a4e0d0000 pid=3406->guuid=21c2945d-1b00-0000-111a-063a4f0d0000 pid=3407 clone guuid=25c9995d-1b00-0000-111a-063a500d0000 pid=3408 /tmp/WTF guuid=91fd515d-1b00-0000-111a-063a4e0d0000 pid=3406->guuid=25c9995d-1b00-0000-111a-063a500d0000 pid=3408 clone guuid=a117a35d-1b00-0000-111a-063a510d0000 pid=3409 /tmp/WTF net send-data zombie guuid=91fd515d-1b00-0000-111a-063a4e0d0000 pid=3406->guuid=a117a35d-1b00-0000-111a-063a510d0000 pid=3409 clone guuid=a117a35d-1b00-0000-111a-063a510d0000 pid=3409->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a117a35d-1b00-0000-111a-063a510d0000 pid=3409->8ae28af7-0778-54f2-8dc2-23581a75fc20 send: 7B guuid=25d9b75d-1b00-0000-111a-063a530d0000 pid=3411->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 151B guuid=1a32766b-1b00-0000-111a-063a720d0000 pid=3442->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 100B guuid=ed48417c-1b00-0000-111a-063a9d0d0000 pid=3485->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=4cc2797c-1b00-0000-111a-063a9f0d0000 pid=3487 /tmp/WTF guuid=ed48417c-1b00-0000-111a-063a9d0d0000 pid=3485->guuid=4cc2797c-1b00-0000-111a-063a9f0d0000 pid=3487 clone guuid=e1c1807c-1b00-0000-111a-063aa00d0000 pid=3488 /tmp/WTF guuid=ed48417c-1b00-0000-111a-063a9d0d0000 pid=3485->guuid=e1c1807c-1b00-0000-111a-063aa00d0000 pid=3488 clone guuid=dd6d857c-1b00-0000-111a-063aa10d0000 pid=3489 /tmp/WTF net send-data zombie guuid=ed48417c-1b00-0000-111a-063a9d0d0000 pid=3485->guuid=dd6d857c-1b00-0000-111a-063aa10d0000 pid=3489 clone guuid=dd6d857c-1b00-0000-111a-063aa10d0000 pid=3489->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=dd6d857c-1b00-0000-111a-063aa10d0000 pid=3489->8ae28af7-0778-54f2-8dc2-23581a75fc20 send: 7B guuid=f8649c7c-1b00-0000-111a-063aa20d0000 pid=3490->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 153B guuid=8c8d178a-1b00-0000-111a-063abd0d0000 pid=3517->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 102B guuid=8192bf9c-1b00-0000-111a-063ad90d0000 pid=3545->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=09b0049d-1b00-0000-111a-063ada0d0000 pid=3546 /tmp/WTF guuid=8192bf9c-1b00-0000-111a-063ad90d0000 pid=3545->guuid=09b0049d-1b00-0000-111a-063ada0d0000 pid=3546 clone guuid=17a50b9d-1b00-0000-111a-063adb0d0000 pid=3547 /tmp/WTF guuid=8192bf9c-1b00-0000-111a-063ad90d0000 pid=3545->guuid=17a50b9d-1b00-0000-111a-063adb0d0000 pid=3547 clone guuid=eb61109d-1b00-0000-111a-063adc0d0000 pid=3548 /tmp/WTF net send-data zombie guuid=8192bf9c-1b00-0000-111a-063ad90d0000 pid=3545->guuid=eb61109d-1b00-0000-111a-063adc0d0000 pid=3548 clone guuid=eb61109d-1b00-0000-111a-063adc0d0000 pid=3548->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=eb61109d-1b00-0000-111a-063adc0d0000 pid=3548->8ae28af7-0778-54f2-8dc2-23581a75fc20 send: 7B guuid=5c56279d-1b00-0000-111a-063add0d0000 pid=3549->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 151B guuid=8a4c60b1-1b00-0000-111a-063a000e0000 pid=3584->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 100B guuid=a0ec32c7-1b00-0000-111a-063a360e0000 pid=3638->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e18383c7-1b00-0000-111a-063a370e0000 pid=3639 /tmp/WTF guuid=a0ec32c7-1b00-0000-111a-063a360e0000 pid=3638->guuid=e18383c7-1b00-0000-111a-063a370e0000 pid=3639 clone guuid=010188c7-1b00-0000-111a-063a380e0000 pid=3640 /tmp/WTF guuid=a0ec32c7-1b00-0000-111a-063a360e0000 pid=3638->guuid=010188c7-1b00-0000-111a-063a380e0000 pid=3640 clone guuid=eb5f8cc7-1b00-0000-111a-063a390e0000 pid=3641 /tmp/WTF net send-data zombie guuid=a0ec32c7-1b00-0000-111a-063a360e0000 pid=3638->guuid=eb5f8cc7-1b00-0000-111a-063a390e0000 pid=3641 clone guuid=eb5f8cc7-1b00-0000-111a-063a390e0000 pid=3641->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=eb5f8cc7-1b00-0000-111a-063a390e0000 pid=3641->8ae28af7-0778-54f2-8dc2-23581a75fc20 send: 7B guuid=89839bc7-1b00-0000-111a-063a3a0e0000 pid=3642->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 150B guuid=26e9cada-1b00-0000-111a-063a6c0e0000 pid=3692->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 99B guuid=100c19ef-1b00-0000-111a-063aab0e0000 pid=3755->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=46e975ef-1b00-0000-111a-063aae0e0000 pid=3758 /tmp/WTF guuid=100c19ef-1b00-0000-111a-063aab0e0000 pid=3755->guuid=46e975ef-1b00-0000-111a-063aae0e0000 pid=3758 clone guuid=05e67def-1b00-0000-111a-063ab00e0000 pid=3760 /tmp/WTF guuid=100c19ef-1b00-0000-111a-063aab0e0000 pid=3755->guuid=05e67def-1b00-0000-111a-063ab00e0000 pid=3760 clone guuid=e2c382ef-1b00-0000-111a-063ab10e0000 pid=3761 /tmp/WTF net send-data zombie guuid=100c19ef-1b00-0000-111a-063aab0e0000 pid=3755->guuid=e2c382ef-1b00-0000-111a-063ab10e0000 pid=3761 clone guuid=e2c382ef-1b00-0000-111a-063ab10e0000 pid=3761->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=e2c382ef-1b00-0000-111a-063ab10e0000 pid=3761->8ae28af7-0778-54f2-8dc2-23581a75fc20 send: 7B guuid=42a091ef-1b00-0000-111a-063ab30e0000 pid=3763->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 151B guuid=017d1a03-1c00-0000-111a-063af50e0000 pid=3829->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 100B guuid=08121219-1c00-0000-111a-063a440f0000 pid=3908->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=a0955719-1c00-0000-111a-063a460f0000 pid=3910 /tmp/WTF guuid=08121219-1c00-0000-111a-063a440f0000 pid=3908->guuid=a0955719-1c00-0000-111a-063a460f0000 pid=3910 clone guuid=f05e5b19-1c00-0000-111a-063a470f0000 pid=3911 /tmp/WTF guuid=08121219-1c00-0000-111a-063a440f0000 pid=3908->guuid=f05e5b19-1c00-0000-111a-063a470f0000 pid=3911 clone guuid=2f0e5f19-1c00-0000-111a-063a480f0000 pid=3912 /tmp/WTF net send-data zombie guuid=08121219-1c00-0000-111a-063a440f0000 pid=3908->guuid=2f0e5f19-1c00-0000-111a-063a480f0000 pid=3912 clone guuid=2f0e5f19-1c00-0000-111a-063a480f0000 pid=3912->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2f0e5f19-1c00-0000-111a-063a480f0000 pid=3912->8ae28af7-0778-54f2-8dc2-23581a75fc20 send: 7B guuid=acb86b19-1c00-0000-111a-063a490f0000 pid=3913->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 151B guuid=c9507e2c-1c00-0000-111a-063a880f0000 pid=3976->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 100B guuid=492aaf43-1c00-0000-111a-063ad10f0000 pid=4049->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=3420f343-1c00-0000-111a-063ad20f0000 pid=4050 /tmp/WTF guuid=492aaf43-1c00-0000-111a-063ad10f0000 pid=4049->guuid=3420f343-1c00-0000-111a-063ad20f0000 pid=4050 clone guuid=d0d6f743-1c00-0000-111a-063ad30f0000 pid=4051 /tmp/WTF guuid=492aaf43-1c00-0000-111a-063ad10f0000 pid=4049->guuid=d0d6f743-1c00-0000-111a-063ad30f0000 pid=4051 clone guuid=c399fc43-1c00-0000-111a-063ad40f0000 pid=4052 /tmp/WTF net send-data zombie guuid=492aaf43-1c00-0000-111a-063ad10f0000 pid=4049->guuid=c399fc43-1c00-0000-111a-063ad40f0000 pid=4052 clone guuid=c399fc43-1c00-0000-111a-063ad40f0000 pid=4052->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=c399fc43-1c00-0000-111a-063ad40f0000 pid=4052->8ae28af7-0778-54f2-8dc2-23581a75fc20 send: 7B guuid=eb0a1744-1c00-0000-111a-063ad50f0000 pid=4053->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 151B guuid=fda44d5e-1c00-0000-111a-063a21100000 pid=4129->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 100B guuid=88d6117c-1c00-0000-111a-063a8f100000 pid=4239->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=25bf417c-1c00-0000-111a-063a92100000 pid=4242 /tmp/WTF guuid=88d6117c-1c00-0000-111a-063a8f100000 pid=4239->guuid=25bf417c-1c00-0000-111a-063a92100000 pid=4242 clone guuid=d9bc447c-1c00-0000-111a-063a93100000 pid=4243 /tmp/WTF guuid=88d6117c-1c00-0000-111a-063a8f100000 pid=4239->guuid=d9bc447c-1c00-0000-111a-063a93100000 pid=4243 clone guuid=2a764b7c-1c00-0000-111a-063a94100000 pid=4244 /tmp/WTF net send-data zombie guuid=88d6117c-1c00-0000-111a-063a8f100000 pid=4239->guuid=2a764b7c-1c00-0000-111a-063a94100000 pid=4244 clone guuid=2a764b7c-1c00-0000-111a-063a94100000 pid=4244->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=2a764b7c-1c00-0000-111a-063a94100000 pid=4244->8ae28af7-0778-54f2-8dc2-23581a75fc20 send: 7B guuid=416b547c-1c00-0000-111a-063a95100000 pid=4245->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 150B guuid=3df1338f-1c00-0000-111a-063ae3100000 pid=4323->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 99B guuid=4fae8da6-1c00-0000-111a-063a38110000 pid=4408->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6825d7a6-1c00-0000-111a-063a39110000 pid=4409 /tmp/WTF guuid=4fae8da6-1c00-0000-111a-063a38110000 pid=4408->guuid=6825d7a6-1c00-0000-111a-063a39110000 pid=4409 clone guuid=e1d7dca6-1c00-0000-111a-063a3a110000 pid=4410 /tmp/WTF guuid=4fae8da6-1c00-0000-111a-063a38110000 pid=4408->guuid=e1d7dca6-1c00-0000-111a-063a3a110000 pid=4410 clone guuid=fff8e2a6-1c00-0000-111a-063a3b110000 pid=4411 /tmp/WTF net send-data zombie guuid=4fae8da6-1c00-0000-111a-063a38110000 pid=4408->guuid=fff8e2a6-1c00-0000-111a-063a3b110000 pid=4411 clone guuid=fff8e2a6-1c00-0000-111a-063a3b110000 pid=4411->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=fff8e2a6-1c00-0000-111a-063a3b110000 pid=4411->8ae28af7-0778-54f2-8dc2-23581a75fc20 send: 7B guuid=fc6b0ba7-1c00-0000-111a-063a3d110000 pid=4413->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 150B guuid=ea681ec5-1c00-0000-111a-063a9e110000 pid=4510->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 99B guuid=a56110f3-1c00-0000-111a-063ae1110000 pid=4577->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=d93d6ff3-1c00-0000-111a-063ae2110000 pid=4578 /tmp/WTF guuid=a56110f3-1c00-0000-111a-063ae1110000 pid=4577->guuid=d93d6ff3-1c00-0000-111a-063ae2110000 pid=4578 clone guuid=028374f3-1c00-0000-111a-063ae3110000 pid=4579 /tmp/WTF guuid=a56110f3-1c00-0000-111a-063ae1110000 pid=4577->guuid=028374f3-1c00-0000-111a-063ae3110000 pid=4579 clone guuid=32a77ef3-1c00-0000-111a-063ae4110000 pid=4580 /tmp/WTF net send-data zombie guuid=a56110f3-1c00-0000-111a-063ae1110000 pid=4577->guuid=32a77ef3-1c00-0000-111a-063ae4110000 pid=4580 clone guuid=32a77ef3-1c00-0000-111a-063ae4110000 pid=4580->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=32a77ef3-1c00-0000-111a-063ae4110000 pid=4580->8ae28af7-0778-54f2-8dc2-23581a75fc20 send: 7B guuid=2e228df3-1c00-0000-111a-063ae5110000 pid=4581->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 151B guuid=8651310d-1d00-0000-111a-063a12120000 pid=4626->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 100B guuid=aec46a29-1d00-0000-111a-063a75120000 pid=4725->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=030f9729-1d00-0000-111a-063a76120000 pid=4726 /tmp/WTF guuid=aec46a29-1d00-0000-111a-063a75120000 pid=4725->guuid=030f9729-1d00-0000-111a-063a76120000 pid=4726 clone guuid=f8929c29-1d00-0000-111a-063a77120000 pid=4727 /tmp/WTF guuid=aec46a29-1d00-0000-111a-063a75120000 pid=4725->guuid=f8929c29-1d00-0000-111a-063a77120000 pid=4727 clone guuid=cd86a029-1d00-0000-111a-063a78120000 pid=4728 /tmp/WTF net send-data zombie guuid=aec46a29-1d00-0000-111a-063a75120000 pid=4725->guuid=cd86a029-1d00-0000-111a-063a78120000 pid=4728 clone guuid=cd86a029-1d00-0000-111a-063a78120000 pid=4728->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=cd86a029-1d00-0000-111a-063a78120000 pid=4728->8ae28af7-0778-54f2-8dc2-23581a75fc20 send: 7B guuid=a42caa29-1d00-0000-111a-063a7a120000 pid=4730->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 150B guuid=048d2343-1d00-0000-111a-063ae0120000 pid=4832->8597c678-19f5-53fc-90aa-87e81ecf04ca send: 99B guuid=e68b205e-1d00-0000-111a-063a28130000 pid=4904->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=3988645e-1d00-0000-111a-063a2a130000 pid=4906 /tmp/WTF guuid=e68b205e-1d00-0000-111a-063a28130000 pid=4904->guuid=3988645e-1d00-0000-111a-063a2a130000 pid=4906 clone guuid=c42e6a5e-1d00-0000-111a-063a2b130000 pid=4907 /tmp/WTF guuid=e68b205e-1d00-0000-111a-063a28130000 pid=4904->guuid=c42e6a5e-1d00-0000-111a-063a2b130000 pid=4907 clone guuid=113e725e-1d00-0000-111a-063a2c130000 pid=4908 /tmp/WTF net send-data zombie guuid=e68b205e-1d00-0000-111a-063a28130000 pid=4904->guuid=113e725e-1d00-0000-111a-063a2c130000 pid=4908 clone guuid=113e725e-1d00-0000-111a-063a2c130000 pid=4908->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=113e725e-1d00-0000-111a-063a2c130000 pid=4908->8ae28af7-0778-54f2-8dc2-23581a75fc20 send: 7B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/fe76c6c965dc7d0be02f485bd7fa1876a5597e9548fb6612ce0ef3ee98061860
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fe76c6c965dc7d0be02f485bd7fa1876a5597e9548fb6612ce0ef3ee98061860/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-07-12 05:55:37 UTC
File Type:
Text (Shell)
AV detection:
24 of 38 (63.16%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7z3mnslf3r6qxybpjbn5p6qyo2svs7uvjd5wmewob3z65gagdbqa._file
Result
Malware family:
mirai
Create hunting rule
Score:
  10/10
Tags:
family:mirai botnet:lzrd antivm botnet defense_evasion discovery linux upx
Link:
https://tria.ge/reports/250712-gmq7wswzhy/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Checks CPU configuration
UPX packed file
Enumerates running processes
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Modifies Watchdog functionality
Mirai
Mirai family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.16
Link:
https://yomi.yoroi.company/submissions/fe76c6c965dc7d0be02f485bd7fa1876a5597e9548fb6612ce0ef3ee98061860

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Shellscript_Downloader
Create hunting rule
Author:albertzsigovits
Description:Generic Approach to Shellscript downloaders

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh fe76c6c965dc7d0be02f485bd7fa1876a5597e9548fb6612ce0ef3ee98061860

(this sample)

Mirai

elf 1f5d03c5318947ab738e23a68b37e0626786af55a80eedc8d062136cd0ef1843

  
URLhaus
https://urlhaus.abuse.ch/url/3581746/
  
Delivery method
Distributed via web download
  
Dropping
MD5 884097983321cb94eb3aab1fd370b3a4
  
Dropping
SHA256 1f5d03c5318947ab738e23a68b37e0626786af55a80eedc8d062136cd0ef1843

Comments