MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 845ade32207c427b414b345b06d31944cd02457b632c78c43e31a031f30cc20a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 845ade32207c427b414b345b06d31944cd02457b632c78c43e31a031f30cc20a
SHA3-384 hash: 04f312d82e24f89a32822217dc1f7f9ddc01c6abf116d693e665e643afc12bd97673cb4e294f6ed68beb3912fe9bfabd
SHA1 hash: fae5d08121e60fe0359e84596775bf62d02f2533
MD5 hash: 3e97ad183c44be321d84407fa4b8f62c
humanhash: grey-victor-alanine-oven
File name:kswapd0
Download: download sample
File size:1'689'072 bytes
First seen:2026-06-21 06:05:39 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 49152:RW1Gm3TUw3AqOOtXAg7T9W6STda6dhfebg/WPr8Qm2:Rn/ZQN7TY6EdZdVFSrNm2
TLSH T119753339F11E57D2ED46B3FC929DA3983FFA8C0661EBD187851596304602233B387A93
Magika unknown
Reporter BlinkzSec
Tags:UPX
File size (compressed) :1'689'072 bytes
File size (de-compressed) :6'946'995 bytes
Format:linux/mips
Unpacked file: 0b404fdf117cd7f7c3e7d6b84a8cb94d84c2443a5ee3894cfe620a6885ab273a

Intelligence

File Origin
# of uploads :
1
# of downloads :
49
Origin country :
FR FR
Vendor Threat Intelligence
No detections
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Changes the time when the file was created, accessed, or modified
Changes access rights for a written file
Runs as daemon
Sends data to a server
Creating a file in the %temp% subdirectories
Receives data from a server
Connection attempt
Launching a process
Creating a process from a recently created file
Creates or modifies files in /cron to set up autorun
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/cbc6781a-a889-43f9-bc79-8b288b136b75
Behavior Graph:
Download SVG
%3 guuid=a3597842-1f00-0000-0f0b-f00947140000 pid=5191 /usr/bin/sudo guuid=37df7a45-1f00-0000-0f0b-f00948140000 pid=5192 /tmp/sample.bin guuid=a3597842-1f00-0000-0f0b-f00947140000 pid=5191->guuid=37df7a45-1f00-0000-0f0b-f00948140000 pid=5192 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/ddab8653-88a4-4df9-904b-c919bec13517
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/845ade32207c427b414b345b06d31944cd02457b632c78c43e31a031f30cc20a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/845ade32207c427b414b345b06d31944cd02457b632c78c43e31a031f30cc20a/
Verdict:
Malicious
Threat:
Trojan.Linux.Agent
Link:
https://tip.neiki.dev/file/845ade32207c427b414b345b06d31944cd02457b632c78c43e31a031f30cc20a
Threat name:
Linux.PUA.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-06-21 05:56:45 UTC
File Type:
ELF32 Big (Exe)
AV detection:
4 of 36 (11.11%)
Threat level:
  1/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qrnn4mraprbhwqklgrnqnuyzitgqerl3mmwhrrb6ggqdd4ymyifa._file
Result
Malware family:
n/a
Score:
  6/10
Tags:
discovery execution persistence privilege_escalation upx
Link:
https://tria.ge/reports/260621-gt82aabw5k/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Creates/modifies Cron job
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/845ade32207c427b414b345b06d31944cd02457b632c78c43e31a031f30cc20a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:TH_Generic_MassHunt_Linux_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Linux malware mass-hunt rule - 2026
Reference:https://cyfare.net/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf 845ade32207c427b414b345b06d31944cd02457b632c78c43e31a031f30cc20a

(this sample)

elf 0b404fdf117cd7f7c3e7d6b84a8cb94d84c2443a5ee3894cfe620a6885ab273a

  
Dropping
SHA256 0b404fdf117cd7f7c3e7d6b84a8cb94d84c2443a5ee3894cfe620a6885ab273a
  
Dropping
MD5 fcd0805772e1e5882c3b50b6c41b7f74
  
URLhaus
https://urlhaus.abuse.ch/url/3868643/
  
Delivery method
Distributed via web download

Comments