MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 214b4b60c9bbeab17f68bf41e8aae76170c2bd3647659916537eb7bf65ca7879. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Kinsing


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 214b4b60c9bbeab17f68bf41e8aae76170c2bd3647659916537eb7bf65ca7879
SHA3-384 hash: e29ed4ad67e15987a0c5264394d6cb3927ceb1e61f9742f0177b34ef3f8d663c3b6f3547e5d97642703603f48d2641d0
SHA1 hash: 8ac60253ab92c90106faddfa438371e8bbb365eb
MD5 hash: a6415654a289d4e2a7793f1463738696
humanhash: item-crazy-mountain-minnesota
File name:kinsing_aarch64
Download: download sample
Signature Kinsing
Create hunting rule
File size:459'992 bytes
First seen:2026-01-05 12:43:50 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 12288:Sld0eWZ3vWpZPXBQSHka4yegeNMok2/saPS/9HIBirkh7pNCDhGtrGGNy8uCg9Us:Sld0B3vWrPXBQSH14vgeNMok2/saPS/9
TLSH T18AA40751BDBFB453D6CEF6357731A6D9302F7284D0A1A035CAE1CA9846F5BA88E13132
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf Kinsing

Intelligence

File Origin
# of uploads :
1
# of downloads :
48
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/695bb21a148c21e830f072ea/reports/b7059dca-d7e9-4929-bc0b-466808e12655/overview
Verdict:
Unknown
File Type:
elf.64.le
First seen:
2026-01-05T13:15:00Z UTC
Last seen:
2026-01-05T13:27:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/214b4b60c9bbeab17f68bf41e8aae76170c2bd3647659916537eb7bf65ca7879/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/f815788b-f544-4a32-9ddd-fd8989f9dff7
Behavior Graph:
Download SVG
%3 guuid=c87c0aa7-1a00-0000-0b10-c345c00a0000 pid=2752 /usr/bin/sudo guuid=8e4e87aa-1a00-0000-0b10-c345c40a0000 pid=2756 /tmp/sample.bin guuid=c87c0aa7-1a00-0000-0b10-c345c00a0000 pid=2752->guuid=8e4e87aa-1a00-0000-0b10-c345c40a0000 pid=2756 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/4af37e45-02ff-4e51-8c94-578530e68197
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
1 / 100
Link:
https://www.joesandbox.com/analysis/1844858
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/214b4b60c9bbeab17f68bf41e8aae76170c2bd3647659916537eb7bf65ca7879
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/214b4b60c9bbeab17f68bf41e8aae76170c2bd3647659916537eb7bf65ca7879/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-01-05 12:44:24 UTC
File Type:
ELF64 Little (Exe)
AV detection:
5 of 24 (20.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=effuwygjxpvlc73ix5a6rkxhmfymfpjwi5szsfstp2336zokpb4q._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/260106-g9mszsdx6d/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/24650fda-21d2-490b-99be-f6a6884a20ab
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.80
Link:
https://yomi.yoroi.company/submissions/214b4b60c9bbeab17f68bf41e8aae76170c2bd3647659916537eb7bf65ca7879

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Kinsing

elf 214b4b60c9bbeab17f68bf41e8aae76170c2bd3647659916537eb7bf65ca7879

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3749961/
  
Delivery method
Distributed via web download

Comments