MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0a80e0900beccc1856deffc4cd575a78ddba01775bd1d6922dec849b6b556e13. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 3 File information Comments

SHA256 hash:	0a80e0900beccc1856deffc4cd575a78ddba01775bd1d6922dec849b6b556e13
SHA3-384 hash:	5cbc8ca6164b087a0222209611496396082cf3d32c80d4250e32b7a7889b355b3f68591080a0b3dc67ffe8ec345eb9b1
SHA1 hash:	6d5404c5916fb856711649ed08094f4ce9372ce0
MD5 hash:	b16f70c680af7d41ebb3108e4469a9a7
humanhash:	sixteen-asparagus-three-nitrogen
File name:	i686
Download:	download sample
File size:	587'764 bytes
First seen:	2025-07-10 17:21:57 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	12288:5D+Azf/CVCW3ISw+hRNb3W/aTyA9VV/cZWLnR98V+:5D+AznCVNIZ+vNbG/WYWrR98V
TLSH	T1BEC42241EAB7C0F2F65349320103E7BF8F33C9099165D2A6D742F661EDB1B42469E66C
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.32058.LX.BOT.UNOFFICIAL

Sanesecurity.Malware.31951.LX.BOT.UNOFFICIAL

Verdict:

Malicious

Score:

70%

Link:

https://cyber-fortress.com/docs/result/index.php?id=686ff6c8c9eb974737681e9flinux22vpnfull_triage

Tags:

shellcode

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the %temp% directory

Opens a port

Changes access rights for a written file

Sends data to a server

Creating a file

Receives data from a server

Changes the time when the file was created, accessed, or modified

Creates directories

Collects information on the CPU

Launching a process

Connection attempt

DNS request

Locks files

Creating a process from a recently created file

Runs as daemon

Creates or modifies files in /cron to set up autorun

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

exploit gcc rust

Link:

https://www.filescan.io/uploads/686ff6dd80b46be06e9e479c/reports/8163922d-a4b0-4f3a-9035-b3f2113559ac/overview

Verdict:

Malicious

Uses P2P?:

true

Uses anti-vm?:

true

Architecture:

x86

Packer:

custom

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/0a80e0900beccc1856deffc4cd575a78ddba01775bd1d6922dec849b6b556e13

Behaviour

Anti-VM

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

type: 162.159.200.123:123
type: 130.239.18.158:6881
type: 67.215.246.10:6881
type: 73.208.41.226:6881
type: 178.22.197.239:6881
type: 89.179.246.14:6881
type: 188.42.55.92:6881
type: 185.153.44.188:6881
type: 193.233.183.191:6881
type: 107.212.21.41:6881
type: 84.122.119.142:6881
type: 77.106.75.130:6881
type: 31.135.124.94:6881
type: 178.22.193.37:6881
type: 93.123.206.101:6881
type: 193.84.113.165:6881
type: 213.65.186.172:6881
type: 176.193.116.28:6881
type: 176.125.139.123:6881
type: 89.207.71.47:6881
type: 94.198.238.197:6881
type: 87.250.201.28:6881
type: 176.110.255.81:6881
type: 88.10.12.84:6881
type: 88.178.41.139:6881
type: 83.151.205.134:6881
type: 81.3.136.22:6881
type: 108.198.210.246:6881
type: 109.184.202.90:6881
type: 178.193.174.97:6881
type: 218.238.204.234:6881
type: 185.236.203.118:6881
type: 195.234.77.161:6881
type: 81.165.58.145:6881
type: 216.49.34.185:6881
type: 72.220.191.96:6881
type: 54.214.62.31:6881
type: 88.124.202.236:6881
type: 185.84.191.55:6881
type: 31.148.138.20:6881
type: 142.171.58.199:6881
type: 216.241.143.206:6881
type: 54.214.62.55:6881
type: 144.217.72.98:6881
type: 13.58.27.33:6881
type: 80.72.68.81:6881
type: 142.171.125.191:6881
type: 51.15.117.118:6881
type: 35.163.251.58:6881
type: 213.146.140.195:6881
type: 77.106.120.130:6881
type: 18.220.82.190:6881
type: 18.221.7.72:6881
type: 176.176.222.248:6881
type: 80.99.117.199:6881
type: 78.96.107.194:6881
type: 82.194.180.48:6881
type: 18.218.241.3:6881
type: 192.99.3.72:6881
type: 82.168.62.152:6881
type: 188.90.169.20:51413
type: 82.5.154.186:51413
type: 185.141.26.214:51413
type: 84.70.175.7:51413
type: 188.165.240.175:51413
type: 77.225.59.18:51413
type: 117.82.199.139:51413
type: 78.46.40.120:51413
type: 158.69.227.149:51413
type: 176.38.48.33:51413
type: 90.11.42.127:51413
type: 188.32.90.136:51413
type: 87.217.144.23:51413
type: 90.90.75.134:51413
type: 179.9.27.173:21834
type: 45.87.251.11:28127
type: 126.56.193.116:18000
type: 78.154.14.80:48568
type: 130.239.18.158:8508
type: 217.121.231.94:59625
type: 162.251.63.120:10033
type: 130.239.18.158:8524
type: 95.168.162.161:42670
type: 130.239.18.158:8515
type: 183.83.254.39:20347
type: 137.74.95.13:49999
type: 169.150.223.207:15041
type: 45.203.206.46:6880
type: 173.230.130.111:6880
type: 167.172.248.254:8081
type: 176.31.183.108:59197
type: 163.172.96.194:49258
type: 62.210.204.143:21414
type: 5.79.122.80:28013
type: 109.236.83.141:27728
type: 51.210.254.243:11211
type: 178.162.173.76:28005
type: 178.162.174.65:28004
type: 178.162.174.43:28004
type: 46.232.211.167:13109
type: 178.162.173.110:28012
type: 37.27.103.252:50000
type: 62.217.190.135:50000
type: 37.27.117.115:50000
type: 162.55.85.169:50000
type: 37.27.119.244:50000
type: 135.181.227.244:50000
type: 135.181.238.57:50000
type: 37.27.107.125:50000
type: 72.21.17.91:64322
type: 46.232.211.96:25109
type: 178.162.174.163:28003
type: 178.162.173.218:28003
type: 178.162.174.178:28003
type: 51.159.14.182:33893
type: 178.162.173.32:28000
type: 23.94.134.189:6998
type: 144.217.75.141:49160
type: 156.34.19.51:28649
type: 85.243.127.72:48893
type: 81.224.32.71:41513
type: 75.131.42.20:33054
type: 185.183.34.96:6886
type: 81.171.22.85:28016
type: 114.34.138.206:51417
type: 196.39.71.102:31646
type: 178.162.173.67:28007
type: 178.162.174.96:28007
type: 178.162.174.70:28007
type: 78.71.144.25:56242
type: 94.63.62.255:54134
type: 173.225.242.215:3209
type: 70.50.50.39:10868
type: 62.210.85.149:34368
type: 73.199.179.20:29722
type: 101.111.0.186:58485
type: 185.21.217.9:63256
type: 69.197.131.210:24464
type: 216.255.201.199:55756
type: 45.87.251.132:28129
type: 95.94.99.184:55615
type: 178.162.173.89:28008
type: 119.207.45.78:7719
type: 47.55.186.232:56038
type: 178.162.173.231:28001
type: 178.162.174.149:28001
type: 130.239.18.158:8539
type: 178.162.174.222:28014
type: 69.50.95.40:12089
type: 23.158.56.120:16009
type: 39.111.202.5:25699
type: 23.158.56.120:16079
type: 109.201.152.174:37066
type: 1.163.197.107:21488
type: 200.53.195.188:16204
type: 195.154.176.209:8673
type: 70.53.212.236:30840
type: 46.232.210.23:64171
type: 91.177.33.115:48602
type: 200.126.196.98:30629
type: 190.192.218.55:12141
type: 43.251.27.243:19151
type: 89.1.165.139:20887
type: 130.239.18.158:8521
type: 5.79.77.36:58767
type: 181.116.129.32:31793
type: 79.112.1.56:20209
type: 50.39.182.14:35018
type: 79.132.24.50:48839
type: 45.87.250.238:49680
type: 213.108.220.240:37559
type: 185.149.91.51:51068
type: 193.32.16.161:50171
type: 45.231.201.71:19730
type: 88.97.213.109:21140
type: 2.49.252.233:46923
type: 220.72.103.228:32829
type: 51.159.104.68:8025
type: 178.162.173.172:28002
type: 188.165.246.140:53529
type: 82.77.54.58:14082
type: 95.168.168.160:46167
type: 46.232.211.201:58042
type: 95.211.216.138:23835
type: 42.2.133.149:7184
type: 212.231.118.17:13187
type: 185.236.203.118:6882
type: 188.165.201.82:6882
type: 119.147.123.114:6882
type: 178.116.216.45:42667
type: 60.65.162.185:21255
type: 168.227.174.208:2089
type: 118.45.127.197:32917
type: 143.177.203.50:56301
type: 79.131.210.229:39198
type: 45.131.79.64:64068
type: 196.89.163.116:38621
type: 47.162.31.207:6890
type: 143.202.171.142:57818
type: 73.106.184.130:38805
type: 79.184.3.43:50630
type: 175.177.48.47:47146
type: 79.129.240.47:33056
type: 46.149.95.104:15242
type: 88.227.89.191:24497
type: 93.173.113.192:61666
type: 178.244.152.45:19951
type: 109.236.91.11:6888
type: 177.23.118.248:50321
type: 78.83.50.36:45289
type: 54.39.107.165:16481
type: 37.14.0.242:30652
type: 88.97.197.202:65521
type: 84.54.180.41:14836
type: 37.228.212.251:31714
type: 220.82.91.48:57220
type: 217.182.77.243:9527
type: 176.58.227.35:28673
type: 106.220.172.108:2161
type: 188.165.244.171:51760
type: 72.219.157.166:3712
type: 38.25.68.230:62478
type: 149.102.177.189:5881
type: 65.108.143.34:48612
type: 82.155.140.73:4658
type: 220.79.132.20:40819
type: 188.4.57.154:49817
type: 194.29.101.83:10240
type: 54.39.52.64:48853
type: 54.39.52.64:54510
type: 54.38.92.16:28245
type: 37.34.204.195:33527
type: 110.14.50.34:32705
type: 51.159.104.76:7186
type: 161.142.154.56:15232
type: 176.174.99.44:32180
type: 185.21.217.11:58437
type: 86.25.228.94:26581
type: 130.239.18.158:8500
type: 195.201.179.130:16309
type: 162.251.63.78:10089
type: 90.221.4.207:21579
type: 23.158.56.119:10039
type: 23.162.56.55:10025
type: 172.111.38.128:10056
type: 37.48.89.182:49213

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/fe441f9d-36ba-45fb-9c1b-869c57ceebfb

Behavior Graph:

Download SVG

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/7d8297a7-e420-412a-88aa-999dc87d038e

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/0a80e0900beccc1856deffc4cd575a78ddba01775bd1d6922dec849b6b556e13

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/0a80e0900beccc1856deffc4cd575a78ddba01775bd1d6922dec849b6b556e13/

Verdict:

Malicious

Threat:

Linux.Trojan.Multiverze

Link:

https://tip.neiki.dev/file/0a80e0900beccc1856deffc4cd575a78ddba01775bd1d6922dec849b6b556e13

Threat name:

Linux.Trojan.Multiverze

Status:

Malicious

First seen:

2025-07-10 17:22:18 UTC

File Type:

ELF32 Little (Exe)

AV detection:

15 of 23 (65.22%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=bkaobeal5tgbqvw677cm2v22pdo3ualxlpi5nern5scjw22vnyjq._file

Result

Malware family:

n/a

Score:

7/10

Tags:

antivm defense_evasion discovery execution linux persistence privilege_escalation

Link:

https://tria.ge/reports/250710-vxnfmsxtas/

Behaviour

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

Checks CPU configuration

Checks hardware identifiers (DMI)

Creates/modifies Cron job

Enumerates running processes

Reads MAC address of network interface

Reads hardware information

Renames itself

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/eee36608-34a4-4196-bbdb-e0efbd7df9a2

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.20

Link:

https://yomi.yoroi.company/submissions/0a80e0900beccc1856deffc4cd575a78ddba01775bd1d6922dec849b6b556e13

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf 0a80e0900beccc1856deffc4cd575a78ddba01775bd1d6922dec849b6b556e13

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3558224/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample