MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6775ad82c2fc4df72d91b8e1dcb8699f445fe4bf460f39d0b9bf2d12d590d65f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6775ad82c2fc4df72d91b8e1dcb8699f445fe4bf460f39d0b9bf2d12d590d65f
SHA3-384 hash: db4ad4114c4c98a2294bb7bee4969c9b76837e82a2f63bd7e060a0d986d63ef5389d1e6766416fb7f4fcc6aac5fee44c
SHA1 hash: 335b41ff80b37178b9380d8b1e6b726649064363
MD5 hash: da926cefa9320f6655e6af83f2a91cdb
humanhash: river-lemon-timing-william
File name:kinsing_aarch64
Download: download sample
File size:2'405'237 bytes
First seen:2026-02-01 07:59:46 UTC
Last seen:2026-02-01 08:49:48 UTC
File type: elf
MIME type:application/x-executable
ssdeep 49152:Slds3UPXBQSH14vZh7pIDhG9By8uCGUGan5UPiK/K5F7XlzcKGYH0ye8nanVFfll:Slds3UPXBQSH14vZh7pIDhG9By8uCGUw
TLSH T1F7B5E7617C7E7553EACCB6347761A2ED302E76C5D9E090369EA0CEA985F0B54CE23432
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf

Intelligence

File Origin
# of uploads :
2
# of downloads :
104
Origin country :
DE DE
Vendor Threat Intelligence
Gathering data
Detection(s):
SecuriteInfo.com.Trojan.Linux.GenericKD.70456.31042.18518.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/697f0831930564ff3c818b0c/reports/cfc20cfd-c850-4f13-b391-8f75358fb939/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/6775ad82c2fc4df72d91b8e1dcb8699f445fe4bf460f39d0b9bf2d12d590d65f
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Unknown
File Type:
elf.64.le
First seen:
2026-02-01T05:50:00Z UTC
Last seen:
2026-02-01T05:52:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/6775ad82c2fc4df72d91b8e1dcb8699f445fe4bf460f39d0b9bf2d12d590d65f/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/1cd2c442-87a8-42f9-9539-4a61f63250d8
Behavior Graph:
Download SVG
%3 guuid=19616de5-1900-0000-72a6-fe4ae9090000 pid=2537 /usr/bin/sudo guuid=de530ee8-1900-0000-72a6-fe4af1090000 pid=2545 /tmp/sample.bin guuid=19616de5-1900-0000-72a6-fe4ae9090000 pid=2537->guuid=de530ee8-1900-0000-72a6-fe4af1090000 pid=2545 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/bd0a7184-0dc9-4349-b3b6-bfba9b8b8515
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1861180
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/6775ad82c2fc4df72d91b8e1dcb8699f445fe4bf460f39d0b9bf2d12d590d65f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6775ad82c2fc4df72d91b8e1dcb8699f445fe4bf460f39d0b9bf2d12d590d65f/
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2026-02-01 08:00:53 UTC
File Type:
ELF64 Little (Exe)
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=m5223awc7rg7olmrxdq5zodjt5cf7zf7iyhttufzx4wrfvmq2zpq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/260201-jwbvnset4b/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/6775ad82c2fc4df72d91b8e1dcb8699f445fe4bf460f39d0b9bf2d12d590d65f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf 6775ad82c2fc4df72d91b8e1dcb8699f445fe4bf460f39d0b9bf2d12d590d65f

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3749961/
  
Delivery method
Distributed via web download

Comments