MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bd79a967f2b525faf54ffeea94bf7abb9926209dc105dd1179231a02cee83f08. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 7 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bd79a967f2b525faf54ffeea94bf7abb9926209dc105dd1179231a02cee83f08
SHA3-384 hash: e08dd321a15da39ca99580861dce117af48bafde8fc7c0a6826231a5d9fae7ab3c83a71964da7c1759d77abd06f34e08
SHA1 hash: 66dc88f4975170572131602ef9b10fd23873573c
MD5 hash: 2a519bc4a6fbcb4411494ae365837a31
humanhash: montana-fillet-artist-georgia
File name:vmtoolsd
Download: download sample
File size:2'637'660 bytes
First seen:2025-12-09 16:20:10 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 49152:PsnI6PjgskXV9MmrYyu13umqFpwZROAFoW96g1Bnb1da8v5Xn97nmP:PsncNXIRyEUIblFfsg1J7a8R9CP
TLSH T11DC53373B39D28715BAB61AAFE4023B48D51A45FF9F504B8420B73BB0D729B8DB94311
Magika elf
Reporter 1ZRR4H
Tags:180.210.220.54 elf

Intelligence

File Origin
# of uploads :
1
# of downloads :
36
Origin country :
CL CL
Vendor Threat Intelligence
No detections
Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Sends data to a server
Receives data from a server
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
vshell
Link:
https://www.filescan.io/uploads/69384c481eac7b9b76a1f216/reports/c5efceba-9eb3-4ffb-9bb0-803c3277e277/overview
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2025-12-09T04:50:00Z UTC
Last seen:
2025-12-09T13:42:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/bd79a967f2b525faf54ffeea94bf7abb9926209dc105dd1179231a02cee83f08/results?tab=lookup
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/49d809ed-50ad-406c-b0fc-d0f4a925b948
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/bd79a967f2b525faf54ffeea94bf7abb9926209dc105dd1179231a02cee83f08
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bd79a967f2b525faf54ffeea94bf7abb9926209dc105dd1179231a02cee83f08/
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-12-05 19:19:59 UTC
File Type:
ELF32 Little (Exe)
AV detection:
12 of 24 (50.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xv42sz7swus7v5kp73vjjp32xomsmie5yec52elzemnaftxih4ea._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery linux
Link:
https://tria.ge/reports/251209-ttbr1aynh1/
Behaviour
Enumerates kernel/hardware configuration
Reads runtime system information
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/ec8b2efe-42c3-4191-aa61-fff8fb29cf94
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.73
Link:
https://yomi.yoroi.company/submissions/bd79a967f2b525faf54ffeea94bf7abb9926209dc105dd1179231a02cee83f08

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:GoBinTest
Create hunting rule
Rule name:golang_binary_string
Create hunting rule
Description:Golang strings present
Rule name:ProgramLanguage_Golang
Create hunting rule
Author:albertzsigovits
Description:Application written in Golang programming language
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:UPXProtectorv10x2
Create hunting rule
Author:malware-lu
Rule name:upx_antiunpack_elf32
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:UPX Anti-Unpacking technique to magic renamed for ELF32

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments