MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e58dcb4a3ff61a26b0a52f00e854e4314cf3621363b7ef1fee882fe95103e538. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e58dcb4a3ff61a26b0a52f00e854e4314cf3621363b7ef1fee882fe95103e538
SHA3-384 hash: 8091fbbc5c7d9fe6644c5924985102e13f707870834f9eb7202c41b9f1f484869c398acbeeaec90dc08b0890f65527c6
SHA1 hash: 7cf08633f8ea4acb00102ea3b902e3865f1ed281
MD5 hash: 8313633aa4616b6dc3337ab37be74963
humanhash: burger-georgia-vegan-dakota
File name:haachama.vtuber
Download: download sample
File size:1'637'176 bytes
First seen:2025-08-18 10:58:41 UTC
Last seen:2025-08-18 14:16:53 UTC
File type: elf
MIME type:application/x-executable
ssdeep 24576:L1PuumK1g+3RaaEUTlgh917/yvrTuWH70MlOuXQRLjz6bw/pYiMaR5:L1tmaEElghvLyvPuWQdb6bipYRaR5
TLSH T13F75331418BB2E11CD74797FED4D50A683B90F869824D85B8F4BE29527AC342BF12D3B
Magika elf
Reporter abuse_ch
Tags:elf

Intelligence

File Origin
# of uploads :
3
# of downloads :
38
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Other.Malware-gen.62258629.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
packed upx
Link:
https://www.filescan.io/uploads/68a307f6419c816a6e8a5e82/reports/ff17dfc3-24ef-4bac-a977-6b7ec5ed5741/overview
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ff57160a-758c-48de-88ce-f0e86b76c819
Behavior Graph:
Download SVG
%3 guuid=27ffe600-1900-0000-9920-d41f750b0000 pid=2933 /usr/bin/sudo guuid=9daa1703-1900-0000-9920-d41f770b0000 pid=2935 /tmp/sample.bin guuid=27ffe600-1900-0000-9920-d41f750b0000 pid=2933->guuid=9daa1703-1900-0000-9920-d41f770b0000 pid=2935 execve guuid=443c4d04-1900-0000-9920-d41f7c0b0000 pid=2940 /usr/bin/dash guuid=9daa1703-1900-0000-9920-d41f770b0000 pid=2935->guuid=443c4d04-1900-0000-9920-d41f7c0b0000 pid=2940 clone
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/d907e0e8-4de1-4ee4-96e5-ae1cbf2d2bbe
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1759264
Signature
Multi AV Scanner detection for submitted file
Sample is packed with UPX
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/e58dcb4a3ff61a26b0a52f00e854e4314cf3621363b7ef1fee882fe95103e538
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e58dcb4a3ff61a26b0a52f00e854e4314cf3621363b7ef1fee882fe95103e538/
Verdict:
Malicious
Threat:
HEUR:Exploit.Linux.Netgear
Link:
https://tip.neiki.dev/file/e58dcb4a3ff61a26b0a52f00e854e4314cf3621363b7ef1fee882fe95103e538
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-08-15 00:06:54 UTC
File Type:
ELF64 Big (Exe)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4wg4wsr76yncnmfff4aoqvhegfgpgyqtmo366h7orax6suid4u4a._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
linux upx
Link:
https://tria.ge/reports/250818-m4jr2afj6y/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/3cbeb9af-84f0-4869-90af-1ce5022bdf3a
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e58dcb4a3ff61a26b0a52f00e854e4314cf3621363b7ef1fee882fe95103e538

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:SUSP_ELF_LNX_UPX_Compressed_File
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects a suspicious ELF binary with UPX compression
Reference:Internal Research
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:upx_packed_elf_v1
Create hunting rule
Author:RandomMalware

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf e58dcb4a3ff61a26b0a52f00e854e4314cf3621363b7ef1fee882fe95103e538

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3605734/
  
Delivery method
Distributed via web download

Comments