MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 34c8d2216dd1d4e016d8a8fe498dbd4141270b24982e2a5067bf9fe4287c0030. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 34c8d2216dd1d4e016d8a8fe498dbd4141270b24982e2a5067bf9fe4287c0030
SHA3-384 hash: 4764806fa714b63d43e606a250ee48dcb063407cf7684b76eddb8496384e6aa6ef5db23098080874cf62390d9bcbff8e
SHA1 hash: 029a4efb3265acd7cac8405eb60cb5c1b5c9dfc0
MD5 hash: da435b468388da710589e5caf644cbea
humanhash: may-nuts-maryland-sink
File name:34c8d2216dd1d4e016d8a8fe498dbd4141270b24982e2a5067bf9fe4287c0030
Download: download sample
File size:41'216 bytes
First seen:2026-06-26 16:28:15 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:GfI4zlmuIruFUZ+47HU49oc2UIFCPI1St0MLjcHVXIbJ3GA:ABEZ57049bI8PGQDLoVXIkA
TLSH T15703F1946FB047CBC985AC3E0E9C2739E7B95602BB01503183E45229D773CD2E6B73A6
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter c2hunter
Tags:elf wraith

Intelligence

File Origin
# of uploads :
1
# of downloads :
61
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Unix.Dropper.Coinminer-7640564-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
dropper
Link:
https://www.filescan.io/uploads/6a3ea8a761566961a57488da/reports/70918715-3e66-4cf5-ba8b-fb98e44e9e57/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
UPX
Botnet:
unknown
Number of open files:
0
Number of processes launched:
1
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/34c8d2216dd1d4e016d8a8fe498dbd4141270b24982e2a5067bf9fe4287c0030
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/4ab6c008-60aa-4db0-860a-03b7d4329112
Behavior Graph:
Download SVG
%3 guuid=d6e2ec4f-1900-0000-ed06-c26f2d140000 pid=5165 /usr/bin/sudo guuid=eec9aa52-1900-0000-ed06-c26f2e140000 pid=5166 /tmp/sample.bin guuid=d6e2ec4f-1900-0000-ed06-c26f2d140000 pid=5165->guuid=eec9aa52-1900-0000-ed06-c26f2e140000 pid=5166 execve
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/c3d06015-97df-41a7-9c60-ac7978152696
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/34c8d2216dd1d4e016d8a8fe498dbd4141270b24982e2a5067bf9fe4287c0030
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/34c8d2216dd1d4e016d8a8fe498dbd4141270b24982e2a5067bf9fe4287c0030/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/34c8d2216dd1d4e016d8a8fe498dbd4141270b24982e2a5067bf9fe4287c0030
Threat name:
Linux.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2026-06-26 16:29:43 UTC
File Type:
ELF32 Big (Exe)
AV detection:
7 of 36 (19.44%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gteneiln2hkoafwyvd7etdn5ifasoczetaxcuudhx6p6ikd4aaya._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
upx
Link:
https://tria.ge/reports/260626-tysajsdt9m/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/34c8d2216dd1d4e016d8a8fe498dbd4141270b24982e2a5067bf9fe4287c0030

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Packer_Patched_UPX_62e11c64
Create hunting rule
Author:Elastic Security
Reference:https://cujo.com/upx-anti-unpacking-techniques-in-iot-malware/
Rule name:TH_Generic_MassHunt_Linux_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Linux malware mass-hunt rule - 2026
Reference:https://cyfare.net/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments