MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f4bd931a2cc3ca32f92cc6ed3315e79de61b5f09f49105b0e3205e0934ac0d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4f4bd931a2cc3ca32f92cc6ed3315e79de61b5f09f49105b0e3205e0934ac0d6
SHA3-384 hash: 9a158698b1240715831291df1a5a57497f89050247c2620a873045520607f45af3c8a82cc00b685e2fe1e2f59b277871
SHA1 hash: ce46d351ea5f1e992d0fd2ba54ab2819985ae227
MD5 hash: 7f2e0f23b5bc9cf6c6cd9c58d928e191
humanhash: butter-ten-island-black
File name:ecryptfsd
Download: download sample
File size:1'717'152 bytes
First seen:2026-05-17 15:39:35 UTC
Last seen:2026-05-17 22:22:03 UTC
File type: elf
MIME type:application/x-executable
ssdeep 24576:7ZWbJRpniq0fQ72nyqcrXtbU4dsMKO2f6hvVyeGyGmN/sWMe7o0Di2sd9zl5pP0U:7IdRpv7lPd3UNf6SjyZNUWMSb8BILkO0
TLSH T17F8533FF1A62B68A8594DFFF02112C104A6981D6EE079B13F9916378C7544E8BF2CD39
Magika elf
Reporter abuse_ch
Tags:elf UPX
File size (compressed) :1'717'152 bytes
File size (de-compressed) :6'946'995 bytes
Format:linux/mipsel
Unpacked file: e7c0729d0d60f7ee077af9606a4526c094f8c262bb858810c84d74e5b6069ed8

Intelligence

File Origin
# of uploads :
2
# of downloads :
19
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a process from a recently created file
Creating a file in the %temp% subdirectories
Runs as daemon
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
packed upx
Link:
https://www.filescan.io/uploads/6a09e177861ee596e639fe76/reports/c0f1f62a-7a4b-48c6-b84a-5a5770dc4db3/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
UPX
Botnet:
unknown
Number of open files:
7
Number of processes launched:
1
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/4f4bd931a2cc3ca32f92cc6ed3315e79de61b5f09f49105b0e3205e0934ac0d6
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2026-05-17T13:57:00Z UTC
Last seen:
2026-05-19T12:12:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/4f4bd931a2cc3ca32f92cc6ed3315e79de61b5f09f49105b0e3205e0934ac0d6/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/b6b36318-3b75-45c6-89f4-df341d477288
Behavior Graph:
Download SVG
%3 guuid=60a9c4a0-1b00-0000-f218-b0bf670b0000 pid=2919 /usr/bin/sudo guuid=ad78c4a2-1b00-0000-f218-b0bf6c0b0000 pid=2924 /tmp/sample.bin guuid=60a9c4a0-1b00-0000-f218-b0bf670b0000 pid=2919->guuid=ad78c4a2-1b00-0000-f218-b0bf6c0b0000 pid=2924 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/79a2b696-0118-4486-99ba-6bcf9be02429
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1914657
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/4f4bd931a2cc3ca32f92cc6ed3315e79de61b5f09f49105b0e3205e0934ac0d6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4f4bd931a2cc3ca32f92cc6ed3315e79de61b5f09f49105b0e3205e0934ac0d6/
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2026-05-17 15:40:54 UTC
File Type:
ELF32 Little (Exe)
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=j5f5smnczq6kgl4szrxngmk6phpgdnpqt5erawyogic6be2kydla._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery upx
Link:
https://tria.ge/reports/260517-s325waet2j/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Enumerates running processes
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/4f4bd931a2cc3ca32f92cc6ed3315e79de61b5f09f49105b0e3205e0934ac0d6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:TH_Generic_MassHunt_Linux_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Linux malware mass-hunt rule - 2026
Reference:https://cyfare.net/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf 4f4bd931a2cc3ca32f92cc6ed3315e79de61b5f09f49105b0e3205e0934ac0d6

(this sample)

elf e7c0729d0d60f7ee077af9606a4526c094f8c262bb858810c84d74e5b6069ed8

  
URLhaus
https://urlhaus.abuse.ch/url/3848857/
  
Delivery method
Distributed via web download
  
Dropping
SHA256 e7c0729d0d60f7ee077af9606a4526c094f8c262bb858810c84d74e5b6069ed8
  
Dropping
MD5 b55a9dd697f85f05b6f68608c5336858

Comments