MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 198a0922f19f098abb5800a89f581aab8021e74d7b824156a3027b7f3c0e7048. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

GetShell

Vendor detections: 13

Intelligence 13 IOCs YARA 1 File information Comments

SHA256 hash:	198a0922f19f098abb5800a89f581aab8021e74d7b824156a3027b7f3c0e7048
SHA3-384 hash:	ed2267e4fbfb34e813ae32973e3f86e81bccb7e824e1809665ddca4da4f0f22e0a237caa13354ed1cc19a2704f027665
SHA1 hash:	8646c9862404a1d6090e9e883b9f6f2c53674d22
MD5 hash:	1910f33ae648a237376a60c76f2bd61a
humanhash:	golf-eleven-uncle-pip
File name:	x864433.elf
Download:	download sample
Signature	GetShell Create hunting rule
File size:	207 bytes
First seen:	2025-01-09 11:34:26 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	3:Bkkk/tMlwXll/O/slrCs4X1lFrSwfOHuuIM8IPNioOHyUvwGcVt6fE2:Btk/tMl//E2s4COuIKQXSEwhVYfE2
TLSH	T18BD08041C1529143C07CDA3975146F5F1724C22B81501F6623D56BC8CCEA9540E31F14
Magika	elf
Reporter	Joker
Tags:	backdoor elf Getshell malware trojan

Intelligence

File Origin

# of uploads :

# of downloads :

139

Origin country :

Vendor Threat Intelligence

Detection(s):

Unix.Backdoor.Metasploit-10021646-0

Verdict:

Malicious

Score:

95.7%

Link:

https://cyber-fortress.com/docs/result/index.php?id=677fb56cffdcee13ec8896eclinux22vpnfull_triage

Tags:

virus shell

Result

Verdict:

Malware

Maliciousness:

Behaviour

Connection attempt

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

anti-debug

Link:

https://www.filescan.io/uploads/677fb46a2c5819f62e5b2c20/reports/400b576c-5133-4320-b7cf-42e7d3d999c7/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

x86

Packer:

UPX

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/198a0922f19f098abb5800a89f581aab8021e74d7b824156a3027b7f3c0e7048

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Result

Verdict:

MALICIOUS

Malware family:

Meterpreter

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b2e645db-b16e-4a1e-858a-476d0a005a4d

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/1586621

Signature

Antivirus / Scanner detection for submitted sample

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/198a0922f19f098abb5800a89f581aab8021e74d7b824156a3027b7f3c0e7048

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/198a0922f19f098abb5800a89f581aab8021e74d7b824156a3027b7f3c0e7048/

Threat name:

Linux.Backdoor.GetShell

Status:

Malicious

First seen:

2025-01-09 11:35:04 UTC

File Type:

ELF32 Little (Exe)

AV detection:

18 of 24 (75.00%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=dgfasixrt4eyvo2yacuj6wa2voacdz2npobecvvdaj5x6paoobea._file

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/250109-np1bxaynas/

Verdict:

Malicious

Tags:

trojan shellcode Unix.Backdoor.Metasploit-10021646-0

YARA:

Linux_Trojan_Getshell_98d002bf stager_sock_reverse_create_socket_x86 stager_sock_reverse_try_connect_x86 stager_sock_reverse_mprotect_x86 stager_sock_reverse_failed_x86

Link:

https://app.threat.zone/submission/9d77b289-4ea2-4c51-afda-8d97c26336c1

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Getshell

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/198a0922f19f098abb5800a89f581aab8021e74d7b824156a3027b7f3c0e7048

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	Linux_Trojan_Getshell_98d002bf Create hunting rule
Author:	Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

GetShell

elf 198a0922f19f098abb5800a89f581aab8021e74d7b824156a3027b7f3c0e7048

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3395020/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample