MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6f05e0818ca6375d0fcc9fae96d16a7a979bdf8d4f85df652654e11c2ca21249. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Ladvix


Vendor detections: 11


Intelligence 11 IOCs YARA 15 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6f05e0818ca6375d0fcc9fae96d16a7a979bdf8d4f85df652654e11c2ca21249
SHA3-384 hash: 8d3d6412654c3abb9577cc29029d05d1aeae34e9acdbcca689f85b2d64950993063ea27338ab974547bc292300a14f1c
SHA1 hash: aae69bb3c738fe2488a0b2fff28e4b677592d175
MD5 hash: 8b52820dd085bd5d8efa6570862e000e
humanhash: football-orange-cup-harry
File name:boss
Download: download sample
Signature Ladvix
Create hunting rule
File size:2'391'513 bytes
First seen:2026-06-17 08:01:08 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 49152:Jv+UKkhbC5+b30qpW9ZlUIyoVWPR+tWTl3Ad7M+y:J25ViRX3AZMP
TLSH T1A7B57C077CE119AAC0AA93328DB651A2BBB1FC490B7123D72E50B3782F727D45E35794
telfhash t1952362416ce71e9a19c61367bc381ad613afe04f086a75296f64c37029eb08c553fb7e
gimphash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf Ladvix

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Linux.DownLoader.2773.12066.12231.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Collects information on the OS
Changes the time when the file was created, accessed, or modified
Creating a file in the %temp% directory
Sends data to a server
Receives data from a server
Collects information on the CPU
Removes directories
Locks files
Deletes a file
Connection attempt
Launching a process
Manages services
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 bash golang lolbin reconnaissance
Link:
https://www.filescan.io/uploads/6a3254b33d2a0c6df8ecf840/reports/90fcd71d-6f5f-4dbb-a09a-2e508f39ec44/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
custom
Botnet:
unknown
Number of open files:
10
Number of processes launched:
6
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/6f05e0818ca6375d0fcc9fae96d16a7a979bdf8d4f85df652654e11c2ca21249
Behaviour
Persistence
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Adware
File Type:
elf.64.le
First seen:
2026-06-09T03:26:00Z UTC
Last seen:
2026-06-09T05:40:00Z UTC
Hits:
~10
Detections:
not-a-virus:HEUR:Downloader.Linux.Agent.gen
Link:
https://opentip.kaspersky.com/6f05e0818ca6375d0fcc9fae96d16a7a979bdf8d4f85df652654e11c2ca21249/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/c28c5abf-3043-457c-8054-8d14082fff5f
Behavior Graph:
Download SVG
%3 guuid=0b25a570-2200-0000-344a-2d5c00070000 pid=1792 /usr/bin/sudo guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798 /tmp/sample.bin write-config guuid=0b25a570-2200-0000-344a-2d5c00070000 pid=1792->guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798 execve guuid=40441173-2200-0000-344a-2d5c06070000 pid=1807 /tmp/sample.bin guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=40441173-2200-0000-344a-2d5c06070000 pid=1807 clone guuid=40441173-2200-0000-344a-2d5c06070000 pid=1808 /tmp/sample.bin guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=40441173-2200-0000-344a-2d5c06070000 pid=1808 clone guuid=40441173-2200-0000-344a-2d5c06070000 pid=1809 /tmp/sample.bin guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=40441173-2200-0000-344a-2d5c06070000 pid=1809 clone guuid=40441173-2200-0000-344a-2d5c06070000 pid=1810 /tmp/sample.bin guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=40441173-2200-0000-344a-2d5c06070000 pid=1810 clone guuid=40441173-2200-0000-344a-2d5c06070000 pid=1811 /tmp/sample.bin guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=40441173-2200-0000-344a-2d5c06070000 pid=1811 clone guuid=d64c5d78-2200-0000-344a-2d5c14070000 pid=1812 /tmp/sample.bin guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=d64c5d78-2200-0000-344a-2d5c14070000 pid=1812 clone guuid=94556778-2200-0000-344a-2d5c15070000 pid=1813 /usr/bin/uname guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=94556778-2200-0000-344a-2d5c15070000 pid=1813 execve guuid=64140e79-2200-0000-344a-2d5c18070000 pid=1816 /usr/bin/chmod guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=64140e79-2200-0000-344a-2d5c18070000 pid=1816 execve guuid=52ab489e-2200-0000-344a-2d5c54070000 pid=1876 /usr/bin/systemctl guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=52ab489e-2200-0000-344a-2d5c54070000 pid=1876 execve guuid=c714bef2-2200-0000-344a-2d5ccf070000 pid=1999 /usr/bin/systemctl guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=c714bef2-2200-0000-344a-2d5ccf070000 pid=1999 execve guuid=21beea36-2300-0000-344a-2d5c42080000 pid=2114 /usr/bin/systemctl guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=21beea36-2300-0000-344a-2d5c42080000 pid=2114 execve guuid=d80b073e-2300-0000-344a-2d5c54080000 pid=2132 /usr/bin/pgrep guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=d80b073e-2300-0000-344a-2d5c54080000 pid=2132 execve guuid=297e2d45-2300-0000-344a-2d5c60080000 pid=2144 /usr/bin/bash guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=297e2d45-2300-0000-344a-2d5c60080000 pid=2144 execve guuid=75866847-2300-0000-344a-2d5c6a080000 pid=2154 /usr/bin/bash guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=75866847-2300-0000-344a-2d5c6a080000 pid=2154 execve guuid=03685e48-2300-0000-344a-2d5c6c080000 pid=2156 /usr/bin/rm delete-file guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=03685e48-2300-0000-344a-2d5c6c080000 pid=2156 execve guuid=2e3dee4a-2300-0000-344a-2d5c72080000 pid=2162 /usr/bin/bash zombie guuid=40441173-2200-0000-344a-2d5c06070000 pid=1798->guuid=2e3dee4a-2300-0000-344a-2d5c72080000 pid=2162 execve guuid=52fd547a-2200-0000-344a-2d5c1d070000 pid=1821 /usr/bin/curl net send-data write-file guuid=64140e79-2200-0000-344a-2d5c18070000 pid=1816->guuid=52fd547a-2200-0000-344a-2d5c1d070000 pid=1821 execve a633da7e-6415-55fb-93ef-5ee209767fd5 2.57.241.243:80 guuid=52fd547a-2200-0000-344a-2d5c1d070000 pid=1821->a633da7e-6415-55fb-93ef-5ee209767fd5 send: 82B guuid=ab08e645-2300-0000-344a-2d5c63080000 pid=2147 /usr/bin/rm delete-file guuid=297e2d45-2300-0000-344a-2d5c60080000 pid=2144->guuid=ab08e645-2300-0000-344a-2d5c63080000 pid=2147 execve guuid=0fcdd946-2300-0000-344a-2d5c67080000 pid=2151 /usr/bin/rm delete-file guuid=297e2d45-2300-0000-344a-2d5c60080000 pid=2144->guuid=0fcdd946-2300-0000-344a-2d5c67080000 pid=2151 execve guuid=9e812247-2300-0000-344a-2d5c68080000 pid=2152 /usr/bin/rm guuid=297e2d45-2300-0000-344a-2d5c60080000 pid=2144->guuid=9e812247-2300-0000-344a-2d5c68080000 pid=2152 execve guuid=5901434b-2300-0000-344a-2d5c74080000 pid=2164 /usr/bin/bash zombie guuid=2e3dee4a-2300-0000-344a-2d5c72080000 pid=2162->guuid=5901434b-2300-0000-344a-2d5c74080000 pid=2164 clone guuid=1f685c4b-2300-0000-344a-2d5c75080000 pid=2165 /usr/bin/wget net send-data write-file guuid=5901434b-2300-0000-344a-2d5c74080000 pid=2164->guuid=1f685c4b-2300-0000-344a-2d5c75080000 pid=2165 execve guuid=27af3d4e-2300-0000-344a-2d5c7d080000 pid=2173 /usr/bin/curl net send-data write-file guuid=5901434b-2300-0000-344a-2d5c74080000 pid=2164->guuid=27af3d4e-2300-0000-344a-2d5c7d080000 pid=2173 execve guuid=a8082651-2300-0000-344a-2d5c85080000 pid=2181 /usr/bin/chmod guuid=5901434b-2300-0000-344a-2d5c74080000 pid=2164->guuid=a8082651-2300-0000-344a-2d5c85080000 pid=2181 execve guuid=61888b51-2300-0000-344a-2d5c87080000 pid=2183 /usr/bin/bash guuid=5901434b-2300-0000-344a-2d5c74080000 pid=2164->guuid=61888b51-2300-0000-344a-2d5c87080000 pid=2183 clone ba1fb6e1-666d-58e6-bb35-2cb60c3c5a49 94.26.106.195:80 guuid=1f685c4b-2300-0000-344a-2d5c75080000 pid=2165->ba1fb6e1-666d-58e6-bb35-2cb60c3c5a49 send: 133B guuid=27af3d4e-2300-0000-344a-2d5c7d080000 pid=2173->ba1fb6e1-666d-58e6-bb35-2cb60c3c5a49 send: 82B guuid=0a96b151-2300-0000-344a-2d5c88080000 pid=2184 /usr/bin/curl net send-data write-file guuid=61888b51-2300-0000-344a-2d5c87080000 pid=2183->guuid=0a96b151-2300-0000-344a-2d5c88080000 pid=2184 execve guuid=7f07b163-2300-0000-344a-2d5ca6080000 pid=2214 /usr/bin/wget net send-data write-file guuid=61888b51-2300-0000-344a-2d5c87080000 pid=2183->guuid=7f07b163-2300-0000-344a-2d5ca6080000 pid=2214 execve guuid=00ca057a-2300-0000-344a-2d5cd5080000 pid=2261 /usr/bin/chmod guuid=61888b51-2300-0000-344a-2d5c87080000 pid=2183->guuid=00ca057a-2300-0000-344a-2d5cd5080000 pid=2261 execve guuid=5d825c7a-2300-0000-344a-2d5cd7080000 pid=2263 /var/tmp/cli write-file zombie guuid=61888b51-2300-0000-344a-2d5c87080000 pid=2183->guuid=5d825c7a-2300-0000-344a-2d5cd7080000 pid=2263 execve guuid=0a96b151-2300-0000-344a-2d5c88080000 pid=2184->ba1fb6e1-666d-58e6-bb35-2cb60c3c5a49 send: 80B guuid=7f07b163-2300-0000-344a-2d5ca6080000 pid=2214->ba1fb6e1-666d-58e6-bb35-2cb60c3c5a49 send: 131B guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2585 /tmp/fileCcay7y write-file guuid=5d825c7a-2300-0000-344a-2d5cd7080000 pid=2263->guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2585 execve guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2587 /tmp/fileCcay7y net send-data guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2585->guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2587 clone guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2588 /tmp/fileCcay7y send-data guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2585->guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2588 clone guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2589 /tmp/fileCcay7y net guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2585->guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2589 clone guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2590 /tmp/fileCcay7y net send-data guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2585->guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2590 clone guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2591 /tmp/fileCcay7y dns send-data guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2585->guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2591 clone guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2593 /tmp/fileCcay7y dns send-data guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2585->guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2593 clone 4bfc8a36-7dba-5499-9fad-8ebf11b08714 srv19.traffmonetizer.com:769 guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2587->4bfc8a36-7dba-5499-9fad-8ebf11b08714 send: 300B 253ec59a-6bd7-5caa-9cb8-d19ef46b6867 blnc.traffmonetizer.com:443 guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2587->253ec59a-6bd7-5caa-9cb8-d19ef46b6867 send: 509B guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2588->4bfc8a36-7dba-5499-9fad-8ebf11b08714 send: 1011865B 134ee2af-6955-512b-9548-715cf04fe813 srv19.traffmonetizer.com:711 guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2588->134ee2af-6955-512b-9548-715cf04fe813 send: 4B guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2589->253ec59a-6bd7-5caa-9cb8-d19ef46b6867 con guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2590->4bfc8a36-7dba-5499-9fad-8ebf11b08714 send: 42816B 367ec811-92be-5e01-ba58-bb9b2e995b97 srv19.traffmonetizer.com:80 guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2590->367ec811-92be-5e01-ba58-bb9b2e995b97 send: 110B 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2591->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 82B guuid=81e5af0b-2400-0000-344a-2d5c190a0000 pid=2593->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 84B
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/8eee02b2-f9ed-458e-b25e-9cdb858219d0
Result
Threat name:
Ladvix, Xmrig
Create hunting rule
Detection:
malicious
Classification:
troj.evad.mine
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1929209
Signature
Antivirus detection for dropped file
Deletes system log files
Detected Stratum mining protocol
Drops files in suspicious directories
Executes the "crontab" command typically for achieving persistence
Executes the "iptables" command to insert, remove and/or manipulate rules
Found strings related to Crypto-Mining
Found Tor onion address
Malicious sample detected (through community Yara rule)
Modifies the '.bashrc' or '.bash_profile' file typically for persisting actions
Protects files from modification
Sample deletes itself
Sample reads /proc/mounts (often used for finding a writable filesystem)
Sample tries to persist itself using cron
Sample tries to set files in /etc globally writable
Tries to load the MSR kernel module used for reading/writing to CPUs model specific register
Writes to CPU model specific registers (MSR) (e.g. miners improve performance by disabling HW prefetcher)
Yara detected Ladvix
Yara detected Xmrig cryptocurrency miner
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1929209 Sample: boss.elf Startdate: 17/06/2026 Architecture: LINUX Score: 100 137 141.94.96.71 OVHFR France 2->137 139 2.57.241.243, 49800, 49802, 49812 TRUNKNETWORKS-ASSC Singapore 2->139 141 4 other IPs or domains 2->141 151 Malicious sample detected (through community Yara rule) 2->151 153 Antivirus detection for dropped file 2->153 155 Yara detected Ladvix 2->155 157 3 other signatures 2->157 12 systemd log 2->12         started        16 boss.elf 2->16         started        18 gdm3 gdm-session-worker 2->18         started        20 11 other processes 2->20 signatures3 process4 file5 135 /usr/log, ELF 12->135 dropped 185 Sample tries to set files in /etc globally writable 12->185 22 log sh 12->22         started        24 log sh 12->24         started        26 log sh 12->26         started        36 41 other processes 12->36 28 boss.elf bash 16->28         started        30 boss.elf bash chmod 16->30         started        38 9 other processes 16->38 32 gdm-session-worker gdm-x-session 18->32         started        34 accounts-daemon language-validate 20->34         started        signatures6 process7 process8 40 sh crontab 22->40         started        44 sh useradd 24->44         started        46 sh log 26->46         started        48 bash 28->48         started        50 bash curl 30->50         started        54 3 other processes 32->54 52 language-validate language-options 34->52         started        56 47 other processes 36->56 58 3 other processes 38->58 file9 129 /var/spool/cron/crontabs/tmp.8EXr60, ASCII 40->129 dropped 163 Sample tries to persist itself using cron 40->163 165 Executes the "crontab" command typically for achieving persistence 40->165 131 /home/systemd/.bashrc, ASCII 44->131 dropped 167 Modifies the '.bashrc' or '.bash_profile' file typically for persisting actions 44->167 73 8 other processes 44->73 169 Found strings related to Crypto-Mining 46->169 60 log 46->60         started        63 bash 48->63         started        75 3 other processes 48->75 133 /usr/bin/log, ELF 50->133 dropped 171 Drops files in suspicious directories 50->171 65 language-options sh 52->65         started        67 dbus-run-session dbus-daemon 54->67         started        69 dbus-run-session gnome-session gnome-session-binary 54->69         started        71 Xorg sh 54->71         started        173 Protects files from modification 56->173 175 Sample deletes itself 56->175 77 28 other processes 56->77 177 Deletes system log files 58->177 signatures10 process11 signatures12 179 Writes to CPU model specific registers (MSR) (e.g. miners improve performance by disabling HW prefetcher) 60->179 79 log sh 60->79         started        81 bash cli 63->81         started        91 3 other processes 63->91 93 2 other processes 65->93 181 Sample reads /proc/mounts (often used for finding a writable filesystem) 67->181 85 dbus-daemon 67->85         started        95 7 other processes 67->95 97 3 other processes 69->97 87 sh xkbcomp 71->87         started        183 Executes the "iptables" command to insert, remove and/or manipulate rules 77->183 89 ip6tables modprobe 77->89         started        process13 file14 99 sh modprobe 79->99         started        121 /usr/bin/ls, ELF 81->121 dropped 123 /tmp/fileCezwLa, ELF 81->123 dropped 143 Sample tries to set files in /etc globally writable 81->143 145 Drops files in suspicious directories 81->145 147 Sample tries to persist itself using cron 81->147 102 cli fileCezwLa 81->102         started        104 dbus-daemon at-spi-bus-launcher 85->104         started        125 /var/tmp/cli.1, ELF 91->125 dropped 127 /var/tmp/cli, ELF 91->127 dropped 106 dbus-daemon false 95->106         started        108 dbus-daemon false 95->108         started        110 dbus-daemon false 95->110         started        116 4 other processes 95->116 149 Sample reads /proc/mounts (often used for finding a writable filesystem) 97->149 112 gnome-session-check-accelerated gnome-session-check-accelerated-gl-helper 97->112         started        114 gnome-session-check-accelerated gnome-session-check-accelerated-gles-helper 97->114         started        signatures15 process16 signatures17 159 Tries to load the MSR kernel module used for reading/writing to CPUs model specific register 99->159 118 at-spi-bus-launcher dbus-daemon 104->118         started        process18 signatures19 161 Sample reads /proc/mounts (often used for finding a writable filesystem) 118->161
Score:
97%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/6f05e0818ca6375d0fcc9fae96d16a7a979bdf8d4f85df652654e11c2ca21249
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6f05e0818ca6375d0fcc9fae96d16a7a979bdf8d4f85df652654e11c2ca21249/
Verdict:
Malicious
Threat:
Family.MIRAI
Link:
https://tip.neiki.dev/file/6f05e0818ca6375d0fcc9fae96d16a7a979bdf8d4f85df652654e11c2ca21249
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=n4c6bammuy3v2d6mt6xjnulkpklzxx4nj6c56zjgktqrylfccjeq._file
Result
Malware family:
ladvix
Create hunting rule
Score:
  10/10
Tags:
family:ladvix defense_evasion discovery execution infector linux persistence privilege_escalation trojan
Link:
https://tria.ge/reports/260617-jxjxnscw8n/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
System Network Configuration Discovery
Writes file to tmp directory
Changes its process name
Reads CPU attributes
Creates/modifies Cron job
Deletes log files
Enumerates running processes
Modifies systemd
Write file to user bin folder
Writes file to system bin folder
File and Directory Permissions Modification
Executes dropped EXE
Family: Ladvix
Malware family:
XMRig
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/6f05e0818ca6/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.19
Link:
https://yomi.yoroi.company/submissions/6f05e0818ca6375d0fcc9fae96d16a7a979bdf8d4f85df652654e11c2ca21249

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DetectGoMethodSignatures
Create hunting rule
Author:Wyatt Tauber
Description:Detects Go method signatures in unpacked Go binaries
Rule name:Detect_Go_GOMAXPROCS
Create hunting rule
Author:Obscurity Labs LLC
Description:Detects Go binaries by the presence of runtime.GOMAXPROCS in the runtime metadata
Rule name:F01_s1ckrule
Create hunting rule
Author:s1ckb017
Rule name:GoBinTest
Create hunting rule
Rule name:golang
Create hunting rule
Rule name:golang_binary_string
Create hunting rule
Description:Golang strings present
Rule name:golang_duffcopy_amd64
Create hunting rule
Rule name:Golang_Find_CSC846
Create hunting rule
Author:Ashar Siddiqui
Description:Find Go Signatuers
Rule name:Golang_Find_CSC846_Simple
Create hunting rule
Author:Ashar Siddiqui
Description:Find Go Signatuers
Rule name:identity_golang
Create hunting rule
Author:Eric Yocam
Description:find Golang malware
Rule name:ProgramLanguage_Golang
Create hunting rule
Author:albertzsigovits
Description:Application written in Golang programming language
Rule name:Suspicious_Golang_Binary
Create hunting rule
Author:Tim Machac
Description:Triage: Golang-compiled binary with suspicious OS/persistence/network strings (not family-specific)
Rule name:TH_Generic_MassHunt_Linux_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Linux malware mass-hunt rule - 2026
Reference:https://cyfare.net/
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Ladvix

sh 6f2f464e992c5ae5bd5e94ed236e6d30ff82985dfdfa68c87df10195e75000af

Ladvix

elf 6f05e0818ca6375d0fcc9fae96d16a7a979bdf8d4f85df652654e11c2ca21249

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3866135/
  
Delivery method
Distributed via web download
  
Dropped by
SHA256 6f2f464e992c5ae5bd5e94ed236e6d30ff82985dfdfa68c87df10195e75000af
  
Dropped by
MD5 55edb851f0df88c83a14f27bf9f308a6
  
URLhaus
https://urlhaus.abuse.ch/url/3865719/

Comments