MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ca921bbc5a33fa64d3a5bea672110c98f863bdc76cad7a58f1a832a8fc3fffd3. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ca921bbc5a33fa64d3a5bea672110c98f863bdc76cad7a58f1a832a8fc3fffd3
SHA3-384 hash: bbe136d73079a166205f70032bd8acf682bb6d55494699b9428d22abf9c5a7a60a0d2c3324948a966fb6dfa7bc06e437
SHA1 hash: cc64831cccc30727378b2f51f9df8f0bff47c0ae
MD5 hash: 2fadb45adcdf1eda542ac1cc538fe6a9
humanhash: arizona-network-alanine-connecticut
File name:zero.mipsel
Download: download sample
File size:45'868 bytes
First seen:2026-06-15 14:53:10 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:Ro7dKYM4YoWIN3x9YPxRWXBZ5abH3IskUoWqUtmL9Q5uougZLWWBQ8l:mdKr2W64+n5QH33kUo96mJO/Q8l
TLSH T1F723F17B9A94325FDA3C3EBE42A71B333E5018D863D99B498B505881F77089B79C2819
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf UPX
File size (compressed) :45'868 bytes
File size (de-compressed) :144'176 bytes
Format:linux/mipsel
Unpacked file: 5c2a5902a9dd0e9dad5fa98343224604ef2654a85208ada366144e166d5fb739

Intelligence

File Origin
# of uploads :
1
# of downloads :
75
Origin country :
DE DE
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/96072e6e-d77f-46d0-873f-2d1686ff3a3a/
Result
Verdict:
Malware
Maliciousness:

Behaviour
Opens a port
Connection attempt
Runs as daemon
Substitutes an application name
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
packed upx
Link:
https://www.filescan.io/uploads/6a3011ecbf16337e43c7646d/reports/3e79ab50-7641-409b-a9ba-c8571c4da2d4/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/6656f8a2-f193-4fd8-a93a-8a6a52417457
Behavior Graph:
Download SVG
%3 guuid=6d1642dd-1800-0000-5260-6cc9700d0000 pid=3440 /usr/bin/sudo guuid=043c19df-1800-0000-5260-6cc9760d0000 pid=3446 /tmp/sample.bin guuid=6d1642dd-1800-0000-5260-6cc9700d0000 pid=3440->guuid=043c19df-1800-0000-5260-6cc9760d0000 pid=3446 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/944b685c-ca45-49fb-9b88-44820c8ae1de
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1928107
Signature
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Suricata IDS alerts for network traffic
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/ca921bbc5a33fa64d3a5bea672110c98f863bdc76cad7a58f1a832a8fc3fffd3
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ca921bbc5a33fa64d3a5bea672110c98f863bdc76cad7a58f1a832a8fc3fffd3/
Gathering data
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=zkjbxpc2gp5gju5fx2theeimtd4ghpohnswxuwhrvazkr7b777jq._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
discovery upx
Link:
https://tria.ge/reports/260615-r9kzhab18w/
Behaviour
Reads runtime system information
System Network Configuration Discovery
Changes its process name
Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_ELF_LNX_UPX_Compressed_File
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects a suspicious ELF binary with UPX compression
Reference:Internal Research
Rule name:TH_Generic_MassHunt_Linux_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Linux malware mass-hunt rule - 2026
Reference:https://cyfare.net/
Rule name:upx_packed_elf_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf ca921bbc5a33fa64d3a5bea672110c98f863bdc76cad7a58f1a832a8fc3fffd3

(this sample)

elf 5c2a5902a9dd0e9dad5fa98343224604ef2654a85208ada366144e166d5fb739

  
URLhaus
https://urlhaus.abuse.ch/url/3857192/
  
Delivery method
Distributed via web download
  
Dropping
SHA256 5c2a5902a9dd0e9dad5fa98343224604ef2654a85208ada366144e166d5fb739
  
Dropping
MD5 297192945976f1aa2e0f516b52edad3c

Comments