MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e70e052c9cb4db4760f3666de065e1c5e63cdd659566651c36eb3abc340f4151. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e70e052c9cb4db4760f3666de065e1c5e63cdd659566651c36eb3abc340f4151
SHA3-384 hash: 908ebb596cb5c11a3dcc630e49c3128351cce2049156900192b6e4ddabd9023cbd44fc33e7057ce6f9a8b85e866851d9
SHA1 hash: 86195f9cbd08aca3890f459a2abbb44e02d09bdc
MD5 hash: bf9695d24a197d32d376722f635a0bbd
humanhash: lactose-echo-uranus-kentucky
File name:dlr.arm5
Download: download sample
File size:1'168 bytes
First seen:2025-07-20 03:33:51 UTC
Last seen:2025-07-20 05:26:47 UTC
File type: elf
MIME type:application/x-executable
ssdeep 24:JKD4llMRgP9qD0at6EooGhnrUlFSy4VzLCkIdsx2wRGIUC1uNfW:JKMTFqDPtGrkFSy4VzLyIUCQNu
TLSH T11F21CE96A7E35D17CD840237DCEF5B14E322BE84859EF903E31252151C3F20A1F22149
telfhash t19f900224424f44549a804241e0dd66018ed0e3131125289007d0444014033206005141
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf

Intelligence

File Origin
# of uploads :
3
# of downloads :
14
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.523.25936.8217.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/687c63c619132d98488352d1/reports/eff878c3-6846-4882-878f-330dce5a47eb/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/e70e052c9cb4db4760f3666de065e1c5e63cdd659566651c36eb3abc340f4151
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/58bd8b4d-321f-420b-84bc-9518bdcb2b74
Behavior Graph:
Download SVG
%3 guuid=c07354f4-1900-0000-d4c5-c85b40080000 pid=2112 /usr/bin/sudo guuid=f66418f6-1900-0000-d4c5-c85b45080000 pid=2117 /tmp/sample.bin guuid=c07354f4-1900-0000-d4c5-c85b40080000 pid=2112->guuid=f66418f6-1900-0000-d4c5-c85b45080000 pid=2117 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/88f7530d-234a-4f25-b982-55426656eb60
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1740296
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/e70e052c9cb4db4760f3666de065e1c5e63cdd659566651c36eb3abc340f4151
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e70e052c9cb4db4760f3666de065e1c5e63cdd659566651c36eb3abc340f4151/
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-07-20 03:22:17 UTC
File Type:
ELF32 Little (Exe)
AV detection:
14 of 24 (58.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=44hakle4wtnuoyhtmzw6azpbyxtdzxlfsvtgkhbw5m5lynapifiq._file
Result
Malware family:
n/a
Score:
  5/10
Tags:
upx
Link:
https://tria.ge/reports/250720-d4zzksgl2y/
Behaviour
UPX packed file
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/7c30f5a1-54e1-41d6-b48a-495c4f717e70
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e70e052c9cb4db4760f3666de065e1c5e63cdd659566651c36eb3abc340f4151

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:Linux_Generic_Threat_81aa5579
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf e70e052c9cb4db4760f3666de065e1c5e63cdd659566651c36eb3abc340f4151

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3586061/
  
Delivery method
Distributed via web download

Comments