The rising threat of Blueshell malware for Windows, Mac, and Linux users

Home » Blog » The rising threat of Blueshell malware for Windows, Mac, and Linux users

The rising threat of Blueshell malware for Windows, Mac, and Linux users

A new form of malware has emerged since the last time it gained relevance.

It goes by the name of Blueshell. Currently, attackers are using it to engage in cyberattacks in countries like Korea, Thailand, and other parts of Asia.

It targets Windows, Macintosh, and Linux operating systems. Written in GO language, the attacker targets vulnerable servers using this malware. It is mainly used by attackers to engage in other forms of attacks such as APT attacks.

It was popularized by a Chinese group named Dalbit group which used it to engage in multiple cyber attack campaigns that intended to steal information, critical data, and money.  The source code of the said malware is still available on GitHub.

Now that we have an understanding of the malware, let us dissect it technically for us to understand how it works. Blueshell malware has three configuration data – the C&C server, IP address, port number, and waiting time.

The attackers who used this in attacks used Dropper malware and then installed Blueshell malware. It executes and runs an environment variable named ‘lgdt’, decrypts, and uses it as a C&C server address.

What is a backdoor attack?

It is any form of cyber attack that, through commonly used techniques, can give high-level access to cyber attackers. It can give them more control and access to orchestrate an attack. A backdoor is also classified as a Trojan.

It is a  malicious program that pretends to be a  known and trustworthy program for delivering malware. Attackers often use backdoors created as  a result of a vulnerability that was left unattended.

Indicators of Compromise

MD5 hash

– 53271b2ab6c327a68e78a7c0bf9f4044
– 011cedd9932207ee5539895e2a1ed60a
– 31c4a3f16baa5e0437fdd4603987b812
– 9f55b31c66a01953c17eea6ace66f636
– 33129e959221bf9d5211710747fddabe
– 96ec8798bba011d5be952e0e6398795d
– b434df66d0dd15c2f5e5b2975f2cfbe2
– f4ace89337c8448f13d6eb538a79ce30
– 5e0845a9f08c1cfc7966824758b6953a
– e981219f6ba673e977c5c1771f86b189– 85a6e4448f4e5be1aa135861a2c35d35
– 1a0c704611395b53f632d4f6119ed20c
– 4eb724cc5f3d94510ba5fc8d4dba6bb6
– 47fc0ecb87c1296b860b2e10d119fc6c
– 2ed0a868520c31e27e69a0ab1a4e6 90d
– 3f022d65129238c2d34e41deba3e24d3
– 30fe6a0ba1d77e05a19d87fcf99e7ca5


– Download C2


– Upload C2



– FRP & LCX C2

hxxp://sk1.m00nlight[.]top:80 ( //MOACK_Co_LTD company server

hxxps://fk.m00nlight[.]top:443 ( //MOACK_Co_LTD company server

hxxps://aa.zxcss[.]com:443 ( //MOACK_Co_LTD company server

45.93.31[.]75:7777 //MOACK_Co_LTD company server

45.93.28[.]103:8080 //MOACK_Co_LTD company server



– Backdoor C2

45.93.31[.]75 //MOACK_Co_LTD company server


Blueshell is a Trojan malware that is being widely used globally by cybercriminals to exploit security vulnerabilities and engage in backdoor cyber-attacks that are intended to inject malware that would steal data, corrupt information, or lock up their information assets.

It is imperative that businesses that have deployed Microsoft Windows, Linux, and Mac OSes at risk of getting exposed to attacks take proactive measures to secure their businesses from the rising threat of this Trojan malware-based attack.

SharkStriker’s Endpoint Detection and Response is made to defend IT infrastructure against such backdoor attacks by providing round-the-clock security against the most sophisticated threats including malware attacks. Through a team of security experts working round the clock, we will help you make the most of all of your existing security investments with the right set of configurations.  


Experience end-to-end management
of statutory and regulatory compliance
through our dedicated service for compliance

Explore More >

Latest Post