MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 77ba2321d72d3be96b2d49651939c8f781cd3d75d97eae94bda7b024b4000486. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 3


Intelligence 3 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 77ba2321d72d3be96b2d49651939c8f781cd3d75d97eae94bda7b024b4000486
SHA3-384 hash: fa3389b1f513047a9a84a11f38a40aade0aa9c8ef3064f9c043265ec3ff7db0a147fbb0574c7c67933634bbf4ebcc2f0
SHA1 hash: 7f63c403c9b36183e654da67daf95a4296ef35d2
MD5 hash: 665d381b2f44a1fcafab27003980ff3d
humanhash: uniform-lake-network-red
File name:l_mips
Download: download sample
File size:682'956 bytes
First seen:2026-04-25 12:39:57 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 12288:gkzt4D63sL86M5N6hjVLYaNa7CgdP2Ds0e/9IzWWhWWWJWWWRE8ptYLMZNI3aPjw:Lx4D63w8/5IhZLYaNMdPos0e/yWWhWWA
TLSH T158E46B627711DFB1D354C67009F3C75146E521A20AE251CAB27CC7287A52A2E7E2FEF8
Magika elf
Reporter abuse_ch
Tags:elf

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Result
Verdict:
Clean
Maliciousness:

Behaviour
Connection attempt
Runs as daemon
Gathering data
Verdict:
Unknown
File Type:
elf.32.be
Link:
https://opentip.kaspersky.com/77ba2321d72d3be96b2d49651939c8f781cd3d75d97eae94bda7b024b4000486/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ce5a8b6e-d98c-481e-b42a-0a44f2687ba4
Behavior Graph:
Download SVG
%3 guuid=549aad21-1b00-0000-bde4-58cbf20a0000 pid=2802 /usr/bin/sudo guuid=0c2a2224-1b00-0000-bde4-58cbf40a0000 pid=2804 /tmp/sample.bin guuid=549aad21-1b00-0000-bde4-58cbf20a0000 pid=2802->guuid=0c2a2224-1b00-0000-bde4-58cbf40a0000 pid=2804 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/cfebb481-0476-4bd2-ac32-844a7f4b03be
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
2 / 100
Link:
https://www.joesandbox.com/analysis/1904629
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/77ba2321d72d3be96b2d49651939c8f781cd3d75d97eae94bda7b024b4000486
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/77ba2321d72d3be96b2d49651939c8f781cd3d75d97eae94bda7b024b4000486/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o65cgioxfu56s2znjfsrsooi66a42plv3f7k5ff5u6ycjnaaasda._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/260425-pwk18scv2l/
Behaviour
System Network Configuration Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/77ba2321d72d3be96b2d49651939c8f781cd3d75d97eae94bda7b024b4000486

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:F01_s1ckrule
Create hunting rule
Author:s1ckb017
Rule name:ldpreload
Create hunting rule
Author:xorseed
Reference:https://stuff.rop.io/
Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:malwareelf55503
Create hunting rule
Rule name:TH_Generic_MassHunt_Linux_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Linux malware mass-hunt rule - 2026
Reference:https://cyfare.net/
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf 77ba2321d72d3be96b2d49651939c8f781cd3d75d97eae94bda7b024b4000486

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3825161/
  
Delivery method
Distributed via web download

Comments