MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aed0071773aec987884761e1f0d78657dba1d4e20a6d4f17da90ff26c6ddf075. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 2


Intelligence 2 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aed0071773aec987884761e1f0d78657dba1d4e20a6d4f17da90ff26c6ddf075
SHA3-384 hash: 04bb1c4dd39ee95f50720d8f9edbd057577fd1275359a72a1f8cd1466158dc79e9acbce1ffa555450478bc639a0c2a50
SHA1 hash: 95bdd8b3e611e3f46f41c28681a086a019f39a32
MD5 hash: b096c0b2c0de562e23b43d0343cfe0d7
humanhash: yellow-river-kitten-august
File name:djvefcm.arm7
Download: download sample
File size:964'029 bytes
First seen:2026-05-22 00:51:52 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 24576:oYFLhpIdyUhrJeS2rYQwiOXkKEQtkPDSfeTdBPlTb1:VxsrJej+OGeTdB9l
TLSH T1E825F1A6BC829996C4C026BBFA6C9188330353BCD3E9710AED15CB3576DF48D4C3A759
Magika elf
Reporter abuse_ch
Tags:elf

Intelligence

File Origin
# of uploads :
1
# of downloads :
46
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Gathering data
Result
Verdict:
Clean
Maliciousness:
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
expand lolbin masquerade rust
Link:
https://www.filescan.io/uploads/6a0fa908efbd399b39c4e077/reports/3629d7d5-0a21-439c-8b3c-078eb9ef54ef/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/0bc167ce-c6ba-4a22-ac45-3c066b3e51ba
Behavior Graph:
Download SVG
%3 guuid=0c41f0ef-1900-0000-5ac3-f76c870c0000 pid=3207 /usr/bin/sudo guuid=2a42a5f3-1900-0000-5ac3-f76c8f0c0000 pid=3215 /tmp/sample.bin guuid=0c41f0ef-1900-0000-5ac3-f76c870c0000 pid=3207->guuid=2a42a5f3-1900-0000-5ac3-f76c8f0c0000 pid=3215 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/f00e692a-90c7-48ad-a7a2-b3a85d526da9
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
0 / 100
Link:
https://www.joesandbox.com/analysis/1917452
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/aed0071773aec987884761e1f0d78657dba1d4e20a6d4f17da90ff26c6ddf075
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aed0071773aec987884761e1f0d78657dba1d4e20a6d4f17da90ff26c6ddf075/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=v3iaof3tv3eypcchmhq7bv4gk7n2dvhcbjwu6f62sd7snrw56b2q._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
credential_access defense_evasion discovery execution persistence privilege_escalation
Link:
https://tria.ge/reports/260522-a8hz3ses6z/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
Changes its process name
Reads process memory
Creates/modifies Cron job
Enumerates running processes
Modifies init.d
Reads MAC address of network interface
Deletes itself
Runs EXE from memory
Traces itself
Unexpected DNS network traffic destination
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/aed0071773aec987884761e1f0d78657dba1d4e20a6d4f17da90ff26c6ddf075

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:ProgramLanguage_Rust
Create hunting rule
Author:albertzsigovits
Description:Application written in Rust programming language
Rule name:TH_Generic_MassHunt_Linux_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Linux malware mass-hunt rule - 2026
Reference:https://cyfare.net/

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf aed0071773aec987884761e1f0d78657dba1d4e20a6d4f17da90ff26c6ddf075

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3851501/
  
Delivery method
Distributed via web download

Comments