MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a6212c039c3ad17c76441ec03e5ee863c00ae92b36712c52876133976c333d18. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a6212c039c3ad17c76441ec03e5ee863c00ae92b36712c52876133976c333d18
SHA3-384 hash: 2f857027709aeba5295e76c9899cc509a7b8446904e983dd5089ce6c0896521ebd397a1c8b857875a3df4d81a9f1b322
SHA1 hash: 44a4f3089e5fbccc77f6b12fe6fc4ccc5d922b7c
MD5 hash: 33b7c16babeabfb796e44f3b140c08ec
humanhash: oklahoma-april-delaware-east
File name:kinsing_aarch64
Download: download sample
File size:764'082 bytes
First seen:2026-01-22 21:44:39 UTC
Last seen:2026-01-23 15:56:09 UTC
File type: elf
MIME type:application/x-executable
ssdeep 12288:Sld0eWZ3vWpZPXBQSHka4yegeNMok2/saPS/9HIBirkh7pNCDhGtrGGNy8uCg9Uz:Sld0B3vWrPXBQSH14vgeNMok2/saPS/y
TLSH T14BF4E7117D7EB453EACDF6347722A2D9301F7684D5E59036DEA0CAA986F4B64CE23032
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf

Intelligence

File Origin
# of uploads :
2
# of downloads :
73
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/69729a8b55805a763ff11e3e/reports/e35f49cf-4530-4f57-9c18-738eca24e345/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/a6212c039c3ad17c76441ec03e5ee863c00ae92b36712c52876133976c333d18
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Unknown
File Type:
elf.64.le
First seen:
2026-01-22T20:00:00Z UTC
Last seen:
2026-01-22T23:13:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/a6212c039c3ad17c76441ec03e5ee863c00ae92b36712c52876133976c333d18/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/fbc908bf-58c4-490f-bbbf-7033397a088f
Behavior Graph:
Download SVG
%3 guuid=7c6118c8-1600-0000-0eb1-2afe660c0000 pid=3174 /usr/bin/sudo guuid=b2f7bfc9-1600-0000-0eb1-2afe6a0c0000 pid=3178 /tmp/sample.bin guuid=7c6118c8-1600-0000-0eb1-2afe660c0000 pid=3174->guuid=b2f7bfc9-1600-0000-0eb1-2afe6a0c0000 pid=3178 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/a25da8b0-738d-4b09-833e-40b979ce68f1
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1856089
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1856089 Sample: kinsing_aarch64.elf Startdate: 22/01/2026 Architecture: LINUX Score: 48 14 169.254.169.254, 80 USDOSUS Reserved 2->14 16 109.202.202.202, 80 INIT7CH Switzerland 2->16 18 3 other IPs or domains 2->18 20 Multi AV Scanner detection for submitted file 2->20 6 python3.8 dpkg 2->6         started        8 dash rm 2->8         started        10 dash rm 2->10         started        12 kinsing_aarch64.elf 2->12         started        signatures3 process4
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/a6212c039c3ad17c76441ec03e5ee863c00ae92b36712c52876133976c333d18
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a6212c039c3ad17c76441ec03e5ee863c00ae92b36712c52876133976c333d18/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-01-22 21:46:11 UTC
File Type:
ELF64 Little (Exe)
AV detection:
5 of 36 (13.89%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uyqsya44hlixy5sed3ad4xximpaav2jlgzysyuuhmezzo3bthuma._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/260122-1mfwpsfz9e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a6212c039c3ad17c76441ec03e5ee863c00ae92b36712c52876133976c333d18

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf a6212c039c3ad17c76441ec03e5ee863c00ae92b36712c52876133976c333d18

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3749961/
  
Delivery method
Distributed via web download

Comments