MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 021508ebb8328c6eda82c2c02045dfad8e0b4e9ea6a70f602d5915747d59f1c8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 9

Intelligence 9 IOCs YARA 5 File information Comments

SHA256 hash:	021508ebb8328c6eda82c2c02045dfad8e0b4e9ea6a70f602d5915747d59f1c8
SHA3-384 hash:	b4eb6a50b63e8b058019e2cd15163315f35ad2d3634d80073bb852851a665a7fc68496a74f6e4640c4d9ff8a43d6c74b
SHA1 hash:	ab536b4b0e7ec4a33bfeb456c7e73a38bbfc0a08
MD5 hash:	67489a8786fbea433679b458d232736e
humanhash:	nineteen-fourteen-eight-arizona
File name:	amd64
Download:	download sample
File size:	482'032 bytes
First seen:	2025-05-27 06:06:03 UTC
Last seen:	2025-05-27 06:35:54 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	12288:iD6LPBCvMk0O9na1M80cLt9i5aIaTtpc4W:2+QGO9naz0Szi5anTtR
TLSH	T141A41212E290D8FEC4DAC070469FD27BFD76BC544234BC6B6198F7322B3AE601B16A55
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.Siggen.9080.26283.17957.UNOFFICIAL

Verdict:

Clean

Score:

84.2%

Link:

https://cyber-fortress.com/docs/result/index.php?id=68355790acf88f5815e77757linux22vpnfull_triage

Tags:

n/a

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creates directories

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

exploit gcc lolbin remote

Link:

https://www.filescan.io/uploads/68355661fd02ed5e058981a7/reports/6973e8d7-3af9-49d1-8a99-4e5079cf50e1/overview

Verdict:

Malicious

Uses P2P?:

true

Uses anti-vm?:

true

Architecture:

x86

Packer:

custom

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

35663

Full report:

https://elfdigest.com/brief/021508ebb8328c6eda82c2c02045dfad8e0b4e9ea6a70f602d5915747d59f1c8

Behaviour

Anti-VM

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

type: 162.159.200.123:123
type: 130.239.18.158:6881
type: 67.215.246.10:6881
type: 178.69.209.93:6881
type: 63.247.211.162:6881
type: 5.14.160.243:6881
type: 62.112.10.78:6881
type: 195.154.107.101:6881
type: 82.64.46.191:6881
type: 90.21.112.116:6881
type: 77.51.55.26:6881
type: 90.154.18.178:6881
type: 176.221.6.220:6881
type: 178.183.166.202:6881
type: 176.193.231.215:6881
type: 86.97.68.69:6881
type: 46.138.248.66:6881
type: 91.179.249.244:6881
type: 208.181.135.130:6881
type: 82.0.131.185:6881
type: 95.66.217.20:6881
type: 45.154.86.83:6881
type: 1.120.230.194:6881
type: 65.21.161.59:6881
type: 91.228.118.135:6881
type: 94.198.132.109:6881
type: 184.162.30.202:6881
type: 70.187.206.25:6881
type: 95.221.5.131:6881
type: 89.22.226.106:6881
type: 39.60.122.170:6881
type: 121.223.136.29:6881
type: 123.193.156.3:6881
type: 99.156.137.251:6881
type: 13.58.27.33:6881
type: 35.167.186.212:6881
type: 54.214.62.31:6881
type: 75.119.138.164:6881
type: 106.153.151.218:6881
type: 205.178.20.172:6881
type: 54.214.62.55:6881
type: 54.70.174.84:6881
type: 18.221.7.72:6881
type: 197.188.169.166:6881
type: 42.200.85.56:6881
type: 88.171.135.41:6881
type: 116.48.157.76:6881
type: 220.132.156.234:6881
type: 62.169.27.65:6881
type: 107.141.251.202:6881
type: 184.22.234.145:6881
type: 85.166.234.97:6881
type: 130.239.18.158:8524
type: 130.239.18.158:8515
type: 89.67.70.124:51413
type: 37.187.18.193:51413
type: 118.154.235.34:51413
type: 212.47.245.119:51413
type: 67.11.100.162:51413
type: 185.158.114.210:51413
type: 86.57.236.42:51413
type: 188.126.76.79:51413
type: 31.187.231.45:51413
type: 213.178.38.41:51413
type: 119.164.125.109:51413
type: 61.165.12.134:51413
type: 93.51.18.111:51413
type: 171.25.166.252:51413
type: 128.199.55.15:51413
type: 81.97.33.241:51413
type: 60.246.165.150:51413
type: 84.242.169.193:51413
type: 86.2.87.171:51413
type: 83.229.115.27:51413
type: 37.187.117.25:51413
type: 49.12.107.14:51413
type: 5.135.162.73:51413
type: 46.50.168.131:51413
type: 148.153.170.2:6880
type: 18.117.31.166:6880
type: 185.196.61.240:6880
type: 3.93.32.237:6880
type: 45.203.151.67:6880
type: 45.203.212.2:6880
type: 45.203.207.46:6880
type: 195.154.233.74:6880
type: 3.141.159.213:6880
type: 3.128.149.181:6880
type: 3.12.65.135:6880
type: 3.23.220.99:6880
type: 3.13.250.68:6880
type: 45.203.152.88:6880
type: 178.162.173.105:28003
type: 178.162.173.91:28003
type: 83.149.98.184:28014
type: 178.162.174.98:28014
type: 185.203.56.50:61573
type: 37.48.118.87:28001
type: 130.239.18.158:8500
type: 178.162.173.108:28011
type: 94.75.225.104:28011
type: 178.162.174.43:28010
type: 213.227.152.67:28010
type: 178.162.173.161:28010
type: 95.211.240.110:53440
type: 51.112.110.177:20895
type: 91.122.34.149:51415
type: 37.48.64.31:28000
type: 213.227.134.137:28000
type: 178.162.173.222:28000
type: 178.162.173.9:28012
type: 37.120.210.219:53601
type: 221.163.45.229:26881
type: 72.21.17.41:16254
type: 95.53.179.226:49001
type: 80.208.57.79:49001
type: 176.59.5.23:49001
type: 109.165.106.203:49001
type: 5.143.178.87:49001
type: 23.158.56.120:18075
type: 185.183.32.101:6883
type: 89.22.226.106:6883
type: 23.162.56.55:10097
type: 172.111.38.128:26012
type: 72.21.17.20:64094
type: 69.50.95.40:12075
type: 162.251.63.120:10061
type: 23.158.56.120:12094
type: 178.162.173.9:28009
type: 95.211.217.139:28009
type: 45.91.209.204:54058
type: 163.172.43.20:59976
type: 192.34.59.75:30301
type: 178.162.174.180:28013
type: 185.21.217.20:51296
type: 45.87.251.132:28056
type: 46.4.229.134:50528
type: 176.222.253.106:2921
type: 178.33.233.79:8999
type: 62.210.113.113:8999
type: 32.216.172.31:8999
type: 62.210.205.201:8999
type: 195.201.179.130:16309
type: 130.239.18.158:8580
type: 130.239.18.158:8513
type: 130.239.18.158:8516
type: 45.152.209.221:63220
type: 178.162.148.95:10172
type: 89.149.235.158:30132
type: 87.212.227.104:54145
type: 185.149.91.29:51016
type: 193.32.16.54:37185
type: 85.175.216.5:37185
type: 37.48.118.87:28002
type: 178.162.173.25:28002
type: 81.171.6.42:28005
type: 5.79.69.185:28006
type: 185.203.56.25:58210
type: 37.48.71.178:28007
type: 178.162.173.218:28007
type: 178.162.173.214:28007
type: 188.226.210.44:5060
type: 95.179.127.133:2309
type: 178.162.174.43:28004
type: 178.162.173.109:28004
type: 180.176.190.126:52830
type: 95.168.162.147:9987
type: 37.48.111.162:4570
type: 81.161.123.105:24672
type: 188.165.195.203:52012
type: 85.148.63.81:49670
type: 201.190.251.91:46098
type: 95.215.238.154:21606
type: 185.185.1.148:31282
type: 45.26.150.17:26225
type: 101.100.163.87:60682
type: 61.60.145.202:6889
type: 89.27.57.219:6889
type: 46.28.93.165:6889
type: 36.14.4.229:6889
type: 42.2.77.84:6889
type: 185.203.56.57:21346
type: 5.167.251.150:20519
type: 86.49.251.137:62259
type: 27.94.239.184:14289
type: 185.203.56.58:10258
type: 187.36.30.152:15117
type: 87.138.155.21:49019
type: 219.77.141.213:10954
type: 103.214.4.104:65218
type: 185.203.56.57:15288
type: 95.27.8.39:2191
type: 46.232.210.214:64115
type: 105.155.81.17:19946
type: 176.31.183.108:58332
type: 169.150.251.167:64056
type: 31.44.35.11:7500
type: 45.83.94.84:13346
type: 46.232.210.48:63477
type: 184.99.53.68:28595
type: 45.131.79.44:64076
type: 179.0.95.128:19516
type: 162.157.150.170:33563
type: 86.174.160.150:32000
type: 5.165.38.8:32000
type: 186.122.8.126:3084
type: 89.134.19.109:57840
type: 81.86.183.83:52890
type: 118.41.217.103:38601
type: 152.53.45.107:6884
type: 78.142.231.133:6767
type: 69.94.41.208:36559
type: 91.235.102.200:26044
type: 124.244.89.48:7582
type: 178.162.174.219:28008
type: 77.79.174.149:48284
type: 188.165.242.169:52024
type: 37.48.89.140:1069
type: 89.143.226.97:34554
type: 5.165.212.224:46935
type: 84.49.196.54:14087
type: 5.135.138.99:5261
type: 54.209.131.199:6992
type: 69.50.95.40:10069
type: 185.203.56.67:64578
type: 23.158.56.120:14013
type: 54.38.92.16:36455
type: 194.29.101.83:10240
type: 195.170.172.38:10240
type: 146.59.3.81:10240
type: 54.39.107.165:37178
type: 72.21.17.82:56807
type: 69.50.95.40:10033
type: 14.1.247.19:6096
type: 162.55.243.114:2910
type: 183.90.171.122:40865
type: 37.228.207.107:51297
type: 176.63.27.211:10601
type: 179.250.184.44:20729
type: 188.165.244.11:59773
type: 95.139.237.19:20625
type: 46.4.250.108:61705
type: 89.139.36.233:53982
type: 96.37.216.177:15389
type: 97.135.30.232:60126
type: 188.187.128.51:46188
type: 185.94.190.197:55466
type: 169.150.223.240:64122
type: 87.126.208.78:41090
type: 5.39.85.50:55277
type: 83.139.170.215:2049
type: 31.23.87.76:44154
type: 109.134.97.157:50923
type: 178.66.158.207:17461
type: 58.143.148.106:57956
type: 91.222.219.17:1152
type: 81.187.251.45:4242
type: 93.156.219.165:37711
type: 78.31.150.137:42705
type: 176.211.148.84:48236
type: 131.226.99.92:54916
type: 49.205.150.143:37512
type: 222.137.201.20:50000
type: 115.48.62.111:50000
type: 95.217.120.87:50000
type: 142.132.200.42:50000
type: 173.255.255.4:54013
type: 173.95.146.29:58997
type: 46.232.210.104:58202
type: 98.52.8.61:41969
type: 5.39.85.155:52593
type: 71.231.51.44:49166
type: 208.87.240.21:11162
type: 119.18.28.220:42000
type: 152.53.45.107:7084
type: 178.162.173.206:28015
type: 185.15.38.76:4634
type: 218.212.151.160:65000
type: 46.232.211.229:58071
type: 61.92.149.111:61767
type: 164.132.162.3:50128
type: 37.48.88.155:30172
type: 222.4.8.213:53566
type: 59.138.214.58:42478
type: 78.139.112.249:2079
type: 121.75.179.95:64153
type: 185.203.56.53:25305
type: 176.115.122.54:3877
type: 188.163.102.223:22437
type: 193.168.178.247:11302
type: 31.58.51.146:6988
type: 5.135.178.41:57981
type: 169.150.223.39:47955
type: 176.213.107.20:20630
type: 93.44.116.178:48268
type: 31.43.171.43:37905
type: 184.162.208.175:56377
type: 82.103.112.113:55335
type: 94.180.189.120:54035
type: 157.143.60.157:61917
type: 5.79.85.89:64158
type: 37.228.204.116:35445
type: 188.165.231.77:50699
type: 95.82.83.87:27496
type: 95.216.100.173:43708
type: 201.51.207.121:38786
type: 95.216.100.173:54834
type: 49.205.100.103:3118
type: 201.18.194.184:48556
type: 73.158.171.132:32430

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/be23f978-1cf0-48ac-825f-9796e69388b9

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/021508ebb8328c6eda82c2c02045dfad8e0b4e9ea6a70f602d5915747d59f1c8

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/021508ebb8328c6eda82c2c02045dfad8e0b4e9ea6a70f602d5915747d59f1c8/

Threat name:

Linux.Trojan.Generic

Status:

Suspicious

First seen:

2025-05-27 06:06:25 UTC

File Type:

ELF64 Little (Exe)

AV detection:

16 of 38 (42.11%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=aikqr25ygkgg5wucylacaro7vwhawtu6u2tq6ybnlekxi7kz6hea._file

Result

Malware family:

n/a

Score:

6/10

Tags:

antivm defense_evasion discovery execution linux persistence privilege_escalation

Link:

https://tria.ge/reports/250527-gtxm9ayzcv/

Behaviour

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

Checks CPU configuration

Checks hardware identifiers (DMI)

Creates/modifies Cron job

Enumerates running processes

Reads MAC address of network interface

Reads hardware information

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/441c0819-27da-4f94-b8b8-7b25c0e1cd8f

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.20

Link:

https://yomi.yoroi.company/submissions/021508ebb8328c6eda82c2c02045dfad8e0b4e9ea6a70f602d5915747d59f1c8

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	enterpriseapps2 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Enterprise apps

Rule name:	enterpriseunix2 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Enterprise UNIX

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf 021508ebb8328c6eda82c2c02045dfad8e0b4e9ea6a70f602d5915747d59f1c8

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3550686/

Delivery method

Distributed via web download

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings

ID	Title	Severity
CHECK_PIE	Missing Position-Independent Executable (PIE) Protection	high

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample