MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7d25a8839e786d263dacb136a7e44dbb6b797762389cb944ba4f14f8cfe108bd. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 10

Intelligence 10 IOCs YARA 3 File information Comments

SHA256 hash:	7d25a8839e786d263dacb136a7e44dbb6b797762389cb944ba4f14f8cfe108bd
SHA3-384 hash:	4457be7d30b81d46132d3de965695a863df5c12f6c1f7cb7bc2dd2f7545586c80a205260f61336d94fd75ed3d8d8327e
SHA1 hash:	3ae7fcae5c6db4dd99830234fd141038c8480818
MD5 hash:	e3098a2391e0dc5579a12b1738ffc29c
humanhash:	thirteen-oklahoma-hot-mango
File name:	aarch64
Download:	download sample
File size:	509'896 bytes
First seen:	2025-06-28 04:14:42 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	6144:O/izeB+/ow3gK2lc5bvyI0vOHD6BZkDgn358cIF3RI5HkdY1FP98/8ecjfP:3BohHKTyfvOHD6ByD4WcIMkuDmEesP
TLSH	T15BB41228EE4E38C1F3D1E3B8DA0A4BB1B05B79D0D166C1B2BA41E25D95EDDDEC5D0212
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.32057.LX.BOT.UNOFFICIAL

Sanesecurity.Malware.32058.LX.BOT.UNOFFICIAL

SecuriteInfo.com.Linux.Siggen.9163.31786.24600.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=685f6c720fceda814b4693d4linux22vpnfull_triage

Tags:

n/a

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creates directories

Verdict:

Unknown

Threat level:

2.5/10

Confidence:

100%

Tags:

base64 exploit gcc lolbin remote

Link:

https://www.filescan.io/uploads/685f6c6ed6ff4da7350ca58f/reports/0e3cc4a3-fe6d-40fc-b5d5-8f1de3cbc61b/overview

Verdict:

Malicious

Uses P2P?:

true

Uses anti-vm?:

false

Architecture:

arm

Packer:

custom

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

54506

Full report:

https://elfdigest.com/brief/7d25a8839e786d263dacb136a7e44dbb6b797762389cb944ba4f14f8cfe108bd

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

type: 162.159.200.1:123
type: 130.239.18.158:6881
type: 67.215.246.10:6881
type: 176.125.139.123:6881
type: 89.207.71.47:6881
type: 188.42.55.92:6881
type: 178.69.209.93:6881
type: 159.69.106.195:6881
type: 5.187.65.136:6881
type: 218.220.225.56:6881
type: 183.102.105.212:6881
type: 78.186.49.79:6881
type: 118.221.189.165:6881
type: 176.197.51.122:6881
type: 167.224.187.61:6881
type: 162.55.230.112:6881
type: 193.233.178.62:6881
type: 152.165.56.116:6881
type: 91.107.133.147:6881
type: 24.137.73.43:6881
type: 126.143.146.49:6881
type: 75.119.138.164:6881
type: 204.12.208.37:6881
type: 23.95.192.22:6881
type: 167.99.72.189:6881
type: 54.70.174.84:6881
type: 141.98.154.145:6881
type: 191.195.108.36:6881
type: 78.137.227.56:6881
type: 192.99.3.72:6881
type: 18.188.31.0:6881
type: 54.214.105.212:6881
type: 88.12.202.17:6881
type: 178.162.174.178:28003
type: 178.162.174.236:28003
type: 178.162.173.231:28001
type: 178.162.173.96:28001
type: 5.79.73.138:28001
type: 173.230.130.111:6880
type: 45.203.154.94:6880
type: 34.235.218.124:6880
type: 130.239.18.158:8539
type: 95.168.162.161:42670
type: 195.154.185.217:24155
type: 195.20.18.136:11072
type: 45.87.251.132:28215
type: 195.154.185.217:25051
type: 5.79.80.223:28014
type: 46.232.210.43:59944
type: 178.162.174.236:28005
type: 37.27.120.51:50000
type: 135.181.238.57:50000
type: 37.27.117.183:50000
type: 37.27.117.58:50000
type: 65.108.43.34:50000
type: 37.27.103.247:50000
type: 37.27.117.246:50000
type: 178.162.173.154:28010
type: 185.177.124.176:6890
type: 178.162.174.55:28011
type: 130.239.18.158:8515
type: 178.162.173.32:28012
type: 87.207.94.229:6882
type: 54.194.124.68:6882
type: 198.13.63.132:6882
type: 94.23.215.83:6882
type: 51.75.78.69:6882
type: 188.165.201.120:6882
type: 51.38.57.57:51414
type: 185.250.204.85:33291
type: 46.232.211.15:12009
type: 146.70.237.157:34273
type: 89.67.73.128:8083
type: 185.157.247.97:8083
type: 178.162.174.147:28013
type: 39.109.151.196:17178
type: 178.162.174.171:28009
type: 178.162.174.23:28009
type: 79.127.254.91:55420
type: 95.216.102.35:62133
type: 172.218.37.202:50464
type: 212.8.251.38:14754
type: 75.172.21.76:33902
type: 175.131.74.128:7162
type: 178.162.173.134:28008
type: 121.171.157.169:32991
type: 20.214.249.216:4432
type: 190.109.33.235:9013
type: 74.15.53.18:63761
type: 173.172.212.119:31897
type: 46.232.210.238:64050
type: 159.28.169.52:51413
type: 104.175.10.75:51413
type: 180.213.10.165:51413
type: 91.108.27.67:51413
type: 82.66.148.204:51413
type: 213.240.239.48:51413
type: 140.106.14.32:51413
type: 85.175.226.179:51413
type: 192.141.245.57:60982
type: 78.30.53.19:50005
type: 115.21.179.47:40883
type: 92.91.227.139:6889
type: 77.57.217.18:6889
type: 83.87.56.210:6889
type: 217.62.167.24:6889
type: 37.117.154.150:6889
type: 24.157.88.234:41863
type: 185.107.44.27:49001
type: 49.192.68.121:49001
type: 109.237.0.51:49001
type: 185.21.217.13:63560
type: 38.75.233.140:25810
type: 38.43.107.111:7764
type: 62.198.67.58:63602
type: 112.173.167.215:40949
type: 45.9.221.16:35080
type: 51.159.104.63:8892
type: 95.211.233.229:55501
type: 185.21.216.168:62497
type: 60.152.201.234:7244
type: 99.71.99.197:52738
type: 46.232.211.247:64138
type: 45.87.251.132:28127
type: 178.162.144.2:20237
type: 121.146.209.245:41102
type: 72.21.17.33:19262
type: 59.126.194.113:60287
type: 213.230.72.37:65238
type: 84.216.43.93:37342
type: 51.190.20.14:28694
type: 188.115.160.123:39880
type: 121.151.72.228:32823
type: 187.19.184.148:21548
type: 46.232.211.203:64035
type: 212.48.240.64:33678
type: 91.168.182.146:47686
type: 89.64.84.211:6652
type: 175.134.177.68:58371
type: 185.203.56.37:49536
type: 178.162.216.19:25496
type: 121.139.234.116:8277
type: 36.14.70.120:39706
type: 111.67.209.193:7876
type: 112.164.163.157:41035
type: 185.112.157.149:45811
type: 178.162.173.4:28006
type: 185.149.91.65:51026
type: 177.149.158.80:62400
type: 5.135.178.12:50906
type: 79.147.83.34:43915
type: 149.40.59.133:64136
type: 149.40.59.133:64057
type: 149.40.59.133:64049
type: 46.232.211.167:13109
type: 109.160.98.94:20590
type: 87.220.94.66:60910
type: 211.218.38.3:7934
type: 121.164.84.149:40959
type: 5.79.98.190:49374
type: 193.123.249.239:16384
type: 152.53.52.107:10240
type: 152.53.105.61:10240
type: 194.29.101.83:10240
type: 195.170.172.38:10240
type: 152.53.104.128:10240
type: 146.59.3.81:10240
type: 189.230.218.31:49080
type: 208.87.240.21:11158
type: 213.159.77.154:11158
type: 54.39.52.64:29129
type: 206.123.150.176:6666
type: 178.162.174.78:28007
type: 59.125.214.5:54241
type: 218.158.204.127:7521
type: 210.126.87.151:33273
type: 65.108.143.34:48797
type: 195.154.185.217:24825
type: 45.87.251.178:35104
type: 137.74.200.136:60825
type: 153.178.174.61:63210
type: 54.209.131.199:6892
type: 5.135.138.216:28533
type: 183.100.145.13:33262
type: 82.215.100.147:26822
type: 176.176.101.1:40904
type: 179.57.191.125:29848
type: 189.156.240.101:4309

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/8af61784-8d9b-4186-ad0e-0eef073d556c

Behavior Graph:

Download SVG

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/d4477606-ad78-4096-ade6-25160a351789

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/7d25a8839e786d263dacb136a7e44dbb6b797762389cb944ba4f14f8cfe108bd

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7d25a8839e786d263dacb136a7e44dbb6b797762389cb944ba4f14f8cfe108bd/

Verdict:

Malicious

Link:

https://tip.neiki.dev/file/7d25a8839e786d263dacb136a7e44dbb6b797762389cb944ba4f14f8cfe108bd

Threat name:

Linux.Trojan.SAgnt

Status:

Malicious

First seen:

2025-06-28 04:15:31 UTC

File Type:

ELF64 Little (Exe)

AV detection:

15 of 24 (62.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=pus2ra46pbwsmpnmwe3kpzcnxnvxs53chcolsrf2j4kprt7bbc6q._file

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/250628-evkzqswky2/

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/2566d3f2-ee92-40e9-b4f9-2978133905b8

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/7d25a8839e786d263dacb136a7e44dbb6b797762389cb944ba4f14f8cfe108bd

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf 7d25a8839e786d263dacb136a7e44dbb6b797762389cb944ba4f14f8cfe108bd

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3558161/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample