MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0b589f65dd54849620523a9ca963884fb865fd98f5f2ab33d9bbff196e14c873. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 5


Intelligence 5 IOCs YARA 11 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0b589f65dd54849620523a9ca963884fb865fd98f5f2ab33d9bbff196e14c873
SHA3-384 hash: c329861ad7d6b6cda4d235b30f4b3b0b72e98bcf72a8b7abf0e0e2f1a99f3ecf90ba6722a19496677558d4ecf0ec7da5
SHA1 hash: e261e420b09e14ee5598b0ad8033e49e4b5849c5
MD5 hash: 9ca59b90eb1d1bd8800e3124526d5a30
humanhash: delta-tango-coffee-finch
File name:node
Download: download sample
File size:2'503'809 bytes
First seen:2025-12-08 21:56:22 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 24576:L5UrB7hxCATTSjAy9o0jzggWhQskYoOpFdKGIT5iUcwdXhZht0uoylyUIHAqFV:O17DCATmF/ggaQsF8GITZRR0uoXBV
TLSH T149C55B92FCD219FAC1BEB1328AE16B517B31B469476373D71F501AAE0A19FD86D39300
telfhash t12c43fb0c5cf11a452ac98be7dc701cc4637ad21e01a93896ad68d33d99ed2cd1db6b1f
gimphash 2b09aab40ab996d9183cac8e51e0f45a43dece82784e4a6aeec29b159f137ca0
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 d50019ac17c075f5a294b17e398775f7d77671eb9d3bed5f9ef4bc4771a39b0c
File size (compressed) :1'283'072 bytes
File size (de-compressed) :2'503'809 bytes
Format:linux/amd64
Packed file: d50019ac17c075f5a294b17e398775f7d77671eb9d3bed5f9ef4bc4771a39b0c

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
NL NL
Vendor Threat Intelligence
No detections
Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
crypt golang obfuscated
Link:
https://www.filescan.io/uploads/693749b6bba50eaf0427f231/reports/1b7a64aa-32fd-4f5d-8de3-a49de2951d1f/overview
Verdict:
Unknown
File Type:
elf.64.le
Link:
https://opentip.kaspersky.com/0b589f65dd54849620523a9ca963884fb865fd98f5f2ab33d9bbff196e14c873/results?tab=lookup
Gathering data
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
0 / 100
Link:
https://www.joesandbox.com/analysis/1829172
Behaviour
Behavior Graph:
n/a
Score:
95%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/0b589f65dd54849620523a9ca963884fb865fd98f5f2ab33d9bbff196e14c873
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0b589f65dd54849620523a9ca963884fb865fd98f5f2ab33d9bbff196e14c873/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2023-01-04 14:01:46 UTC
File Type:
ELF64 Little (Exe)
AV detection:
5 of 38 (13.16%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=bnmj6zo5kscjmicshkoksy4ij64gl7my6xzkwm6zxp7rs3quzbzq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery linux
Link:
https://tria.ge/reports/251208-1t1jpahl8v/
Behaviour
Enumerates kernel/hardware configuration
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/f52b04ad-daf6-4791-91a1-545b226c7352
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.29
Link:
https://yomi.yoroi.company/submissions/0b589f65dd54849620523a9ca963884fb865fd98f5f2ab33d9bbff196e14c873

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DetectGoMethodSignatures
Create hunting rule
Author:Wyatt Tauber
Description:Detects Go method signatures in unpacked Go binaries
Rule name:Detect_Go_GOMAXPROCS
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata
Rule name:enterpriseunix2
Create hunting rule
Author:Tim Brown @timb_machine
Description:Enterprise UNIX
Rule name:GoBinTest
Create hunting rule
Rule name:golang
Create hunting rule
Rule name:golang_binary_string
Create hunting rule
Description:Golang strings present
Rule name:golang_duffcopy_amd64
Create hunting rule
Rule name:identity_golang
Create hunting rule
Author:Eric Yocam
Description:find Golang malware
Rule name:ProgramLanguage_Golang
Create hunting rule
Author:albertzsigovits
Description:Application written in Golang programming language
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

375f69563dfaac29d44378f401ed3bc6

elf d50019ac17c075f5a294b17e398775f7d77671eb9d3bed5f9ef4bc4771a39b0c

elf 0b589f65dd54849620523a9ca963884fb865fd98f5f2ab33d9bbff196e14c873

(this sample)

  
Dropped by
SHA256 d50019ac17c075f5a294b17e398775f7d77671eb9d3bed5f9ef4bc4771a39b0c
  
Dropped by
MD5 26d3b38dcc8e9e4d28ba24f5dfbcb790

Comments