MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 47ff0ae9220a09bfad2a2fb1e2fa2c8ffe5e9cb0466646e2a940ac2e0cf55d04. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 8


Intelligence 8 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 47ff0ae9220a09bfad2a2fb1e2fa2c8ffe5e9cb0466646e2a940ac2e0cf55d04
SHA3-384 hash: 6cb2085a22ae16b4b06ad96c0b75d929ac90a449306916afc98c8831d081bdc35d3c0daf91117b95a01d4ace46e27656
SHA1 hash: 714a3e45bf364bfb2ae6914663bef48d18412d1b
MD5 hash: f3ce5cf045783c8c25aeff93e472cda1
humanhash: sierra-ohio-arizona-snake
File name:SecuriteInfo.com.Linux.Siggen.6241.1353.32119
Download: download sample
File size:878'824 bytes
First seen:2024-01-19 09:34:56 UTC
Last seen:2024-02-04 04:23:40 UTC
File type: elf
MIME type:application/x-sharedlib
ssdeep 24576:aR4f424TMgHBwOmA8vzHhyKD7PAzRDLZUaWX:aR4xzgHVmAIHhnD7IR+aWX
TLSH T145154B07FDA204BDD9B9C834861EA273F639B85C421176377BD85B302E25A20DF2DB95
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter SecuriteInfoCom
Tags:elf

Intelligence

File Origin
# of uploads :
2
# of downloads :
125
Origin country :
FR FR
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Siggen.6241.1353.32119.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
expand lolbin remote
Link:
https://www.filescan.io/uploads/65aa424f94d1aebfb2a653ec/reports/6c8e2253-2abc-4adc-b431-118085301055/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
not packed
Botnet:
abode-dashboard-media.s3.ap-south-1.amazonaws.com
Number of open files:
3
Number of processes launched:
2
Processes remaning?
true
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/47ff0ae9220a09bfad2a2fb1e2fa2c8ffe5e9cb0466646e2a940ac2e0cf55d04
Behaviour
Process Renaming
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Verdict:
MALICIOUS
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/cde07f16-3ef2-4447-8e41-6f6ea3ad60eb
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1377315
Signature
Multi AV Scanner detection for submitted file
Sample deletes itself
Behaviour
Behavior Graph:
Download SVG
Score:
16%
Verdict:
Benign
File Type:
ELF
Link:
https://malprob.io/report/47ff0ae9220a09bfad2a2fb1e2fa2c8ffe5e9cb0466646e2a940ac2e0cf55d04
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/47ff0ae9220a09bfad2a2fb1e2fa2c8ffe5e9cb0466646e2a940ac2e0cf55d04/
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2024-01-19 09:33:34 UTC
File Type:
ELF64 Little (SO)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=i77qv2jcbie37ljkf6y6f6rmr77f5hfqiztenyvjicwc4dhvluca._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
linux
Link:
https://tria.ge/reports/240119-lkcnyabbdq/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Changes its process name
Deletes itself
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/47ff0ae9220a09bfad2a2fb1e2fa2c8ffe5e9cb0466646e2a940ac2e0cf55d04

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:enterpriseapps2
Create hunting rule
Author:Tim Brown @timb_machine
Description:Enterprise apps
Rule name:Rustyloader_mem_loose
Create hunting rule
Author:James_inthe_box
Description:Corroded buerloader
Reference:https://app.any.run/tasks/83064edd-c7eb-4558-85e8-621db72b2a24
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf 47ff0ae9220a09bfad2a2fb1e2fa2c8ffe5e9cb0466646e2a940ac2e0cf55d04

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/2749474/
  
Delivery method
Distributed via web download

Comments