MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7cc605b5fffa1478a286c2479f7c6f947fbf1ddf44bbf72f3028b4d62bb08dcb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 2 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7cc605b5fffa1478a286c2479f7c6f947fbf1ddf44bbf72f3028b4d62bb08dcb
SHA3-384 hash: bd9ba966e7e580872ea4da6ea34c7cb0bd7d3cb3c06f1549210a9485825cad37dde2db1edf956ca60e967850fd7da143
SHA1 hash: 3600f4818a91f82a78ecd12122a266ef73039a0e
MD5 hash: 6132000f7c4750ffff67cb08be88a119
humanhash: india-river-charlie-oregon
File name:ksoftirqd0
Download: download sample
File size:1'857'364 bytes
First seen:2026-06-20 20:16:24 UTC
Last seen:2026-06-21 00:22:03 UTC
File type: elf
MIME type:application/x-executable
ssdeep 49152:zaQ4vaApkIKQkOLAba4KvkLp1IzDMnBTOyvcyDBEezZH//Uy:zwFKQkHbJKFagAJBvzZH//N
TLSH T12885330681A43749C6F36C5BA51B4AB6ABDF42037C48305F67D98D5BF8F708AE1904BB
telfhash t199b001264083b5e5128cae9b4986ae6942626e396192345c380ad39691572ab29111d2
Magika elf
Reporter BlinkzSec

Intelligence

File Origin
# of uploads :
3
# of downloads :
54
Origin country :
SE SE
Vendor Threat Intelligence
No detections
Result
Verdict:
Malware
Maliciousness:

Behaviour
Runs as daemon
Sends data to a server
Creating a file in the %temp% subdirectories
Receives data from a server
Connection attempt
Launching a process
Creating a process from a recently created file
Creating a file
Changes the time when the file was created, accessed, or modified
Changes access rights for a written file
Creates or modifies files in /cron to set up autorun
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/036d1bae-a868-4367-a646-44593b1a382a
Behavior Graph:
Download SVG
%3 guuid=57c4f96e-1f00-0000-6787-025d45140000 pid=5189 /usr/bin/sudo guuid=7417da76-1f00-0000-6787-025d46140000 pid=5190 /tmp/sample.bin write-file guuid=57c4f96e-1f00-0000-6787-025d45140000 pid=5189->guuid=7417da76-1f00-0000-6787-025d46140000 pid=5190 execve guuid=7417da76-1f00-0000-6787-025d46140000 pid=5191 /tmp/sample.bin guuid=7417da76-1f00-0000-6787-025d46140000 pid=5190->guuid=7417da76-1f00-0000-6787-025d46140000 pid=5191 clone guuid=7417da76-1f00-0000-6787-025d46140000 pid=5192 /tmp/sample.bin guuid=7417da76-1f00-0000-6787-025d46140000 pid=5190->guuid=7417da76-1f00-0000-6787-025d46140000 pid=5192 clone guuid=7417da76-1f00-0000-6787-025d46140000 pid=5193 /tmp/sample.bin guuid=7417da76-1f00-0000-6787-025d46140000 pid=5190->guuid=7417da76-1f00-0000-6787-025d46140000 pid=5193 clone guuid=7417da76-1f00-0000-6787-025d46140000 pid=5194 /tmp/sample.bin guuid=7417da76-1f00-0000-6787-025d46140000 pid=5190->guuid=7417da76-1f00-0000-6787-025d46140000 pid=5194 clone guuid=014052af-1f00-0000-6787-025d4b140000 pid=5195 /tmp/sample.bin write-file zombie guuid=7417da76-1f00-0000-6787-025d46140000 pid=5190->guuid=014052af-1f00-0000-6787-025d4b140000 pid=5195 execve guuid=014052af-1f00-0000-6787-025d4b140000 pid=5196 /tmp/sample.bin zombie guuid=014052af-1f00-0000-6787-025d4b140000 pid=5195->guuid=014052af-1f00-0000-6787-025d4b140000 pid=5196 clone guuid=014052af-1f00-0000-6787-025d4b140000 pid=5197 /tmp/sample.bin net send-data zombie guuid=014052af-1f00-0000-6787-025d4b140000 pid=5195->guuid=014052af-1f00-0000-6787-025d4b140000 pid=5197 clone guuid=014052af-1f00-0000-6787-025d4b140000 pid=5198 /tmp/sample.bin net send-data zombie guuid=014052af-1f00-0000-6787-025d4b140000 pid=5195->guuid=014052af-1f00-0000-6787-025d4b140000 pid=5198 clone guuid=014052af-1f00-0000-6787-025d4b140000 pid=5199 /tmp/sample.bin guuid=014052af-1f00-0000-6787-025d4b140000 pid=5195->guuid=014052af-1f00-0000-6787-025d4b140000 pid=5199 clone guuid=014052af-1f00-0000-6787-025d4b140000 pid=5200 /tmp/sample.bin net send-data write-file zombie guuid=014052af-1f00-0000-6787-025d4b140000 pid=5195->guuid=014052af-1f00-0000-6787-025d4b140000 pid=5200 clone guuid=014052af-1f00-0000-6787-025d4b140000 pid=5201 /tmp/sample.bin guuid=014052af-1f00-0000-6787-025d4b140000 pid=5195->guuid=014052af-1f00-0000-6787-025d4b140000 pid=5201 clone guuid=014052af-1f00-0000-6787-025d4b140000 pid=5202 /tmp/sample.bin guuid=014052af-1f00-0000-6787-025d4b140000 pid=5195->guuid=014052af-1f00-0000-6787-025d4b140000 pid=5202 clone guuid=014052af-1f00-0000-6787-025d4b140000 pid=5203 /tmp/sample.bin guuid=014052af-1f00-0000-6787-025d4b140000 pid=5195->guuid=014052af-1f00-0000-6787-025d4b140000 pid=5203 clone 4f6baed0-9587-596c-82b3-fd721afe4cc1 10.0.2.3:53 guuid=014052af-1f00-0000-6787-025d4b140000 pid=5197->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 49B c6f97088-245a-59e0-8b54-1754c96d29e4 178.236.246.159:443 guuid=014052af-1f00-0000-6787-025d4b140000 pid=5197->c6f97088-245a-59e0-8b54-1754c96d29e4 con guuid=014052af-1f00-0000-6787-025d4b140000 pid=5198->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 49B guuid=014052af-1f00-0000-6787-025d4b140000 pid=5198->c6f97088-245a-59e0-8b54-1754c96d29e4 con guuid=014052af-1f00-0000-6787-025d4b140000 pid=5200->4f6baed0-9587-596c-82b3-fd721afe4cc1 send: 98B guuid=014052af-1f00-0000-6787-025d4b140000 pid=5200->c6f97088-245a-59e0-8b54-1754c96d29e4 con guuid=a693c2d5-1f00-0000-6787-025d54140000 pid=5204 /tmp/sample.bin guuid=014052af-1f00-0000-6787-025d4b140000 pid=5200->guuid=a693c2d5-1f00-0000-6787-025d54140000 pid=5204 clone guuid=8cd713d6-1f00-0000-6787-025d55140000 pid=5205 /usr/bin/bash guuid=014052af-1f00-0000-6787-025d4b140000 pid=5200->guuid=8cd713d6-1f00-0000-6787-025d55140000 pid=5205 execve guuid=cde216d7-1f00-0000-6787-025d56140000 pid=5206 /usr/bin/bash guuid=8cd713d6-1f00-0000-6787-025d55140000 pid=5205->guuid=cde216d7-1f00-0000-6787-025d56140000 pid=5206 clone guuid=d5db27d7-1f00-0000-6787-025d57140000 pid=5207 /usr/bin/bash guuid=8cd713d6-1f00-0000-6787-025d55140000 pid=5205->guuid=d5db27d7-1f00-0000-6787-025d57140000 pid=5207 clone guuid=c6c658d7-1f00-0000-6787-025d58140000 pid=5208 /usr/bin/bash guuid=cde216d7-1f00-0000-6787-025d56140000 pid=5206->guuid=c6c658d7-1f00-0000-6787-025d58140000 pid=5208 clone
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a4c1230b-4a34-4d72-a774-2672cc9048b0
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/7cc605b5fffa1478a286c2479f7c6f947fbf1ddf44bbf72f3028b4d62bb08dcb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7cc605b5fffa1478a286c2479f7c6f947fbf1ddf44bbf72f3028b4d62bb08dcb/
Verdict:
Malicious
Threat:
Trojan.Linux.Agent
Link:
https://tip.neiki.dev/file/7cc605b5fffa1478a286c2479f7c6f947fbf1ddf44bbf72f3028b4d62bb08dcb
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ptdalnp77ikhriugyjdz67dpsr736ho7is57olzqfc2nmk5qrxfq._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery execution linux persistence privilege_escalation
Link:
https://tria.ge/reports/260620-y2jvssht5k/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
Creates/modifies Cron job
Enumerates running processes
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/7cc605b5fffa1478a286c2479f7c6f947fbf1ddf44bbf72f3028b4d62bb08dcb

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:TH_Generic_MassHunt_Linux_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Linux malware mass-hunt rule - 2026
Reference:https://cyfare.net/
Rule name:upx_antiunpack_elf32
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:UPX Anti-Unpacking technique to magic renamed for ELF32

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf 7cc605b5fffa1478a286c2479f7c6f947fbf1ddf44bbf72f3028b4d62bb08dcb

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3868307/
  
Delivery method
Distributed via web download

Comments