MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8fa020bba87f1cfb0dc404178d8642a39dfbdf69fd176ce94c0f180abf772934. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8fa020bba87f1cfb0dc404178d8642a39dfbdf69fd176ce94c0f180abf772934
SHA3-384 hash: 05b393f58fc4c6a4d5d7b459a4b94f7814d8f1e6760abff307517757543a0d4c08c95a3ec3c8d0c25e3d64f55a8abe3b
SHA1 hash: 377d1ccca0c1aacd8ad5cb656a4bf022f12a40f2
MD5 hash: 8decbe8bade48de2efc5417a6818f830
humanhash: mars-december-salami-mars
File name:boatnet.arm6
Download: download sample
File size:12'576 bytes
First seen:2026-05-01 18:51:47 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 192:5cPncyjZDnkQ+WldczgNPtC4hjvgBVpjiM9GP5BzTLZhwXsgmEZx4eOP:5AncyakjvEpjiMabw8gXx4e2
TLSH T15A42F8557EC28B22D4C04278EE0F62893B235B1CF2DB771337152B58B7479B50B6B81A
telfhash t1e1e0d846ce8950dcb5e0561ad0ee77634f58fc6b74810c76b6e48ad80aa3f0be51191a
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf upx-dec


Avatar
abuse_ch
UPX decompressed file, sourced from SHA256 be02c7dd1534cacffbdd8b693613182419a26ccd2b246f3cd164356af44d3425
File size (compressed) :8'764 bytes
File size (de-compressed) :12'576 bytes
Format:linux/arm
Packed file: be02c7dd1534cacffbdd8b693613182419a26ccd2b246f3cd164356af44d3425

Intelligence

File Origin
# of uploads :
1
# of downloads :
41
Origin country :
NL NL
Vendor Threat Intelligence
Gathering data
Result
Verdict:
Clean
Maliciousness:
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
gafgyt masquerade rust
Link:
https://www.filescan.io/uploads/69f4f66e2fcb905ec279190a/reports/eb003fb6-3214-4427-981f-66f2d9786e3c/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/8fa020bba87f1cfb0dc404178d8642a39dfbdf69fd176ce94c0f180abf772934
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Gathering data
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/7ed8d8a7-f078-4519-8fb6-01577fb865f1
Behavior Graph:
Download SVG
%3
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/06b653fe-4a5c-4b22-bd22-041145f64d37
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
1 / 100
Link:
https://www.joesandbox.com/analysis/1907455
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/8fa020bba87f1cfb0dc404178d8642a39dfbdf69fd176ce94c0f180abf772934
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8fa020bba87f1cfb0dc404178d8642a39dfbdf69fd176ce94c0f180abf772934/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r6qcbo5ip4opwdoeaqly3bscuoo7xx3j7ulwz2kmb4mavp3xfe2a._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/260501-xja99sbv3y/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8fa020bba87f1cfb0dc404178d8642a39dfbdf69fd176ce94c0f180abf772934

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:TH_Generic_MassHunt_Linux_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Linux malware mass-hunt rule - 2026
Reference:https://cyfare.net/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf be02c7dd1534cacffbdd8b693613182419a26ccd2b246f3cd164356af44d3425

elf 8fa020bba87f1cfb0dc404178d8642a39dfbdf69fd176ce94c0f180abf772934

(this sample)

  
Dropped by
SHA256 be02c7dd1534cacffbdd8b693613182419a26ccd2b246f3cd164356af44d3425
  
URLhaus
https://urlhaus.abuse.ch/url/3825883/
  
Delivery method
Distributed via web download
  
Dropped by
MD5 414a53f9fa6ce5f894e2d705f591fd42

Comments