WordPress theme's cache folder compromised
I found a malware file uploaded on the server through WordPress's file upload feature or something else.
And sooner, it spanned to multiple locations with different file names.
It had 4,325 bytes size and a md5 hash of f6500d327f40da301cbec3779e8e4103.
And further, I detected that it was running on the server via shell script as well and doing mischievous activities.
The cache in the shell and path were something like below in "ps aux" command list:
Now the problem is:
Can I list out the files that matches the given md5 hash? Because, even if the file was renamed, the hash should be same.
I want to remove them from the server scanning entirely.