MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 515812a0d0c1b4e089eaa40b12d1f223d38c4486813865beddc806962989573f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 515812a0d0c1b4e089eaa40b12d1f223d38c4486813865beddc806962989573f
SHA3-384 hash: 2fed3e1c2750b9ce778a0d71e50571aabd47b48a3f5828e3cffa061869aa0c63bdbb5c4fed1b41bf70cc6aef4780341f
SHA1 hash: a0a53bfea9f1abe387f8d04b9b651439a466b679
MD5 hash: 9e0a5d839a8a69f178365fd71c961f4a
humanhash: zebra-thirteen-zulu-fourteen
File name:bizy.arm6
Download: download sample
File size:1'049'071 bytes
First seen:2026-02-14 13:19:59 UTC
Last seen:2026-02-14 14:23:12 UTC
File type: elf
MIME type:application/x-executable
ssdeep 24576:VC3SCD5aVjKXpb9KyHK7nIgJtTpYIHzpquVF2TFl2w4rnglV6M:VTCNmjK5bBKLIgJtTWWz48F25l2w4rnM
TLSH T17C25339CF8DF7C62D7EF88DAF34A13894703EC5CC954D8D321232A71B121E68AE26559
Magika elf
Reporter abuse_ch
Tags:elf

Intelligence

File Origin
# of uploads :
2
# of downloads :
31
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
masquerade
Link:
https://www.filescan.io/uploads/699076962ffccda0976fb8a9/reports/5e155f18-9a29-478d-ac27-18d182a6c7c3/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
custom
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/515812a0d0c1b4e089eaa40b12d1f223d38c4486813865beddc806962989573f
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/75aa37d3-672e-4e28-8cc7-db677860b239
Behavior Graph:
Download SVG
%3 guuid=c0f625e7-1700-0000-22fc-ad37ca0b0000 pid=3018 /usr/bin/sudo guuid=252f77e9-1700-0000-22fc-ad37d30b0000 pid=3027 /tmp/sample.bin guuid=c0f625e7-1700-0000-22fc-ad37ca0b0000 pid=3018->guuid=252f77e9-1700-0000-22fc-ad37d30b0000 pid=3027 execve
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/10c38a65-e5c1-49a3-8715-2c46868a87bc
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1869517
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1869517 Sample: bizy.arm6.elf Startdate: 14/02/2026 Architecture: LINUX Score: 48 14 169.254.169.254, 80 USDOSUS Reserved 2->14 16 109.202.202.202, 80 INIT7CH Switzerland 2->16 18 3 other IPs or domains 2->18 20 Multi AV Scanner detection for submitted file 2->20 6 python3.8 dpkg 2->6         started        8 dash rm 2->8         started        10 dash cut 2->10         started        12 9 other processes 2->12 signatures3 process4
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/515812a0d0c1b4e089eaa40b12d1f223d38c4486813865beddc806962989573f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/515812a0d0c1b4e089eaa40b12d1f223d38c4486813865beddc806962989573f/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-02-14 13:20:34 UTC
File Type:
ELF32 Little (Exe)
AV detection:
5 of 36 (13.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=kfmbfigqyg2obcpkuqfrfupsepjyyregqe4glpw5zadjmkmjk47q._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
upx
Link:
https://tria.ge/reports/260214-qlam7acz6g/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf 515812a0d0c1b4e089eaa40b12d1f223d38c4486813865beddc806962989573f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3720810/
  
Delivery method
Distributed via web download

Comments