MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4b1ed08fb22619db0cb275baab7ae4c29ec0f99a0769406cc02343212447db3e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

SHA256 hash:	4b1ed08fb22619db0cb275baab7ae4c29ec0f99a0769406cc02343212447db3e
SHA3-384 hash:	4c48fd53b3554736addb918772b0d7fa62fadd5b2f3decbc4e48208f27b4397eaa5b18d1e26f50baa01d33eccfed5ad1
SHA1 hash:	ef77c2fb94519f1aae46697989f93cd7c1873f16
MD5 hash:	f4e2ff7535140ab51faf8548562cd7ee
humanhash:	helium-massachusetts-magazine-april
File name:	app2
Download:	download sample
Signature	CoinMiner Alert Create hunting rule
File size:	2'968'780 bytes
First seen:	2026-02-02 06:29:31 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	49152:CeYLwBBIaFzS1lJydoUi8mmOf8cLqDamlNi+iCeokgxzUCSlunTbXtLECIjSYE:CeYmBiSoUi8mzkcLeDe+iCogqVstICIo
TLSH	T17DD53305D55CAC856B73E0208404161532ABD16A2CEF2DF460BDCDAFAD82D07EFA7EC9
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	CoinMiner elf

Intelligence

---

File Origin

# of uploads :

1

# of downloads :

99

Origin country :

DE

Vendor Threat Intelligence

ACCE

Gathering data

FileScan.IO Unknown

Verdict:

Unknown

Threat level:

  0/10

Confidence:

100%

Link:

https://www.filescan.io/uploads/6980448fb6bd365f0a69b37f/reports/e33a6c29-2a09-4e5a-b41e-2f4aa488737b/overview

InQuest

Result

Gathering data

Kunai Sandbox

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/2dd56d2f-e716-4716-bec0-608f2414ab5f

Behavior Graph:

Download SVG

Intezer Unknown

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/7fe260d1-c74f-4fe7-ba34-5593972d1978

Joe Sandbox malicious

Result

Threat name:

n/a

Detection:

malicious

Classification:

evad

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1861418

Signature

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Sample deletes itself

Behaviour

Behavior Graph:

Download SVG

Nucleon Malprob Malware

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/4b1ed08fb22619db0cb275baab7ae4c29ec0f99a0769406cc02343212447db3e

CERT.PL MWDB

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4b1ed08fb22619db0cb275baab7ae4c29ec0f99a0769406cc02343212447db3e/

ReversingLabs TitaniumCloud Linux.Trojan.Multiverze

Threat name:

Linux.Trojan.Multiverze

Alert

Create hunting rule

Status:

Malicious

First seen:

2026-02-02 06:30:59 UTC

File Type:

ELF64 Little (Exe)

AV detection:

7 of 36 (19.44%)

Threat level:

  5/5

Spamhaus Hash Blocklist Suspicious file

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jmpnbd5seym5wdfsow5kw6xeykpmb6m2a5uua3gaenbscjch3m7a._file

Hatching Triage xmrig

Result

Malware family:

xmrig

Alert

Create hunting rule

Score:

  10/10

Tags:

family:xmrig antivm defense_evasion discovery execution linux miner persistence privilege_escalation upx

Link:

https://tria.ge/reports/260202-g9txasgt5h/

Behaviour

Command and Scripting Interpreter: Unix Shell

Enumerates kernel/hardware configuration

Reads runtime system information

Checks CPU configuration

Reads CPU attributes

Modifies Bash startup script

UPX packed file

Checks hardware identifiers (DMI)

Creates/modifies Cron job

Creates/modifies environment variables

Enumerates running processes

Reads hardware information

Reads list of loaded kernel modules

Deletes itself

Executes dropped EXE

XMRig Miner payload

Xmrig family

xmrig

VirusTotal

Please note that we are no longer able to provide a coverage score for Virus Total.

YOROI YOMI Legit

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/4b1ed08fb22619db0cb275baab7ae4c29ec0f99a0769406cc02343212447db3e