MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7063a1aee07f59809280127167b76d05329bb4e890a2f2962dae0639b6b725cc. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 6

Intelligence 6 IOCs YARA 5 File information Comments

SHA256 hash:	7063a1aee07f59809280127167b76d05329bb4e890a2f2962dae0639b6b725cc
SHA3-384 hash:	fb65f56678c7742bed965db8c76dcebc4662926d00431366f9dcce7fb197ee059121d741a1e4bda2a10811cc71b13b46
SHA1 hash:	ca99e8d186617245334ad85b1d439a8b4e19c2aa
MD5 hash:	ddff7b344f525aed6105dff2ebf1329c
humanhash:	harry-sixteen-oklahoma-glucose
File name:	etmzaya.arm7
Download:	download sample
File size:	803'353 bytes
First seen:	2026-05-14 21:56:15 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	12288:8vn0wZ9AbZB9odmONNbMbZGqu8CIa9M+2tN+e3bbkjZHKX2bhaw:8v5Z9WBbONNwbIq6Iam+e3b4jZHC2l
TLSH	T1FE05CE6AF8429951C4C525BAF63EC6DC734787BCC3DA3219ED16CA3539CF8584E38A84
telfhash	t128f00cbd63660a9cb3e38201c5e3152d48ae3621af017132cf584b7f0ca4dc1b888c30
Magika	elf
Reporter	abuse_ch
Tags:	elf

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

No detections

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file

Receives data from a server

Connection attempt

Sends data to a server

Changes access rights for a file

Creating a process from a recently created file

Launching a process

Creating a file in the %temp% directory

Deleting a recently created file

Runs as daemon

Changes access rights for a written file

Sets a written file as executable

Changes the time when the file was created, accessed, or modified

Traces processes

Substitutes an application name

Creates or modifies files in /cron to set up autorun

Deletes a system binary file

Creates or modifies files in /init.d to set up autorun

Deleting of the original file

Verdict:

Unknown

Threat level:

0/10

Confidence:

100%

Tags:

gcc masquerade rust

Link:

https://www.filescan.io/uploads/6a064528df14f1cb2ad67c11/reports/f3deefd4-699f-4878-9439-0de6524f539a/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

arm

Packer:

custom

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/7063a1aee07f59809280127167b76d05329bb4e890a2f2962dae0639b6b725cc

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Verdict:

Unknown

File Type:

elf.32.le

Link:

https://opentip.kaspersky.com/7063a1aee07f59809280127167b76d05329bb4e890a2f2962dae0639b6b725cc/results?tab=lookup

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/10a712a4-91a4-42d9-814c-8211cefd6a67

Behavior Graph:

Download SVG

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/df5c872b-8eaa-4044-ba75-b6a3341e49ea

Result

Threat name:

n/a

Detection:

clean

Classification:

n/a

Score:

1 / 100

Link:

https://www.joesandbox.com/analysis/1913769

Behaviour

Behavior Graph:

n/a

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/7063a1aee07f59809280127167b76d05329bb4e890a2f2962dae0639b6b725cc

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7063a1aee07f59809280127167b76d05329bb4e890a2f2962dae0639b6b725cc/

Threat name:

Linux.Trojan.Multiverze

Status:

Malicious

First seen:

2026-05-14 21:59:52 UTC

File Type:

ELF32 Little (Exe)

AV detection:

9 of 24 (37.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=obr2dlxap5mybeuacjywpn3nauzjxnhiscrpffrnvyddtnvxexga._file

Result

Malware family:

n/a

Score:

7/10

Tags:

credential_access defense_evasion discovery execution persistence privilege_escalation

Link:

https://tria.ge/reports/260514-1twkqsew5r/

Behaviour

Enumerates kernel/hardware configuration

Reads runtime system information

Writes file to tmp directory

Changes its process name

Reads process memory

Creates/modifies Cron job

Enumerates running processes

Modifies init.d

Reads MAC address of network interface

Deletes itself

Executes dropped EXE

Traces itself

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/7063a1aee07f59809280127167b76d05329bb4e890a2f2962dae0639b6b725cc

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	enterpriseapps2 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Enterprise apps

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses

Rule name:	ProgramLanguage_Rust Create hunting rule
Author:	albertzsigovits
Description:	Application written in Rust programming language

Rule name:	TH_Generic_MassHunt_Linux_Malware_2026_CYFARE Create hunting rule
Author:	CYFARE
Description:	Generic Linux malware mass-hunt rule - 2026
Reference:	https://cyfare.net/

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf 7063a1aee07f59809280127167b76d05329bb4e890a2f2962dae0639b6b725cc

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3846971/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample