MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ed067b60e16d6356ab24a01472867615fd2be4da4574cdf266e92dd976c497fb. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ed067b60e16d6356ab24a01472867615fd2be4da4574cdf266e92dd976c497fb
SHA3-384 hash: 465030e040122a7fa7376a1cd767a093fc05935091515d92a3363210f43a5c14dbda4ee0a349fcb65c190bd8a9b08efe
SHA1 hash: 5995d7dfaf54fd64a1de4c0e45e7907535632ac5
MD5 hash: 1c928629cf24e6fcaa388f3f1e87e494
humanhash: floor-paris-undress-orange
File name:dlr.arm
Download: download sample
File size:1'140 bytes
First seen:2025-08-07 12:28:40 UTC
Last seen:2025-08-07 23:00:08 UTC
File type: elf
MIME type:application/x-executable
ssdeep 24:Jx/0WqY3D5KjEoKGxrrUlFSs0VzLCkIdZIZOIQlVNfi:JxxN3DMFrkFSsCzLcIIN6
TLSH T18721EA57ABE79D27CC540233DCEB6310E329BE89858EF023E75212121C6F21A1F21189
telfhash t180900224864f44909a901785d08976018ec0d3231115289006d0984014437106015141
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf

Intelligence

File Origin
# of uploads :
4
# of downloads :
23
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.DownLoader.523.16849.10669.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/68949cbf397fd3ce6fa0c1b2/reports/6b663b2f-3958-46f1-886b-7459aa2daac8/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/ed067b60e16d6356ab24a01472867615fd2be4da4574cdf266e92dd976c497fb
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/7a57c9c9-0215-43d0-8c8f-d2b7ae9458fa
Behavior Graph:
Download SVG
%3 guuid=460a26b2-1a00-0000-3560-3e6f860c0000 pid=3206 /usr/bin/sudo guuid=5a736cb5-1a00-0000-3560-3e6f880c0000 pid=3208 /tmp/sample.bin guuid=460a26b2-1a00-0000-3560-3e6f860c0000 pid=3206->guuid=5a736cb5-1a00-0000-3560-3e6f880c0000 pid=3208 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/0fbc0850-190c-4a42-8b91-f75bebcdbac7
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1752293
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1752293 Sample: dlr.arm.elf Startdate: 07/08/2025 Architecture: LINUX Score: 48 14 169.254.169.254, 80 USDOSUS Reserved 2->14 16 109.202.202.202, 80 INIT7CH Switzerland 2->16 18 3 other IPs or domains 2->18 20 Multi AV Scanner detection for submitted file 2->20 6 python3.8 dpkg 2->6         started        8 dash rm 2->8         started        10 dash rm 2->10         started        12 dlr.arm.elf 2->12         started        signatures3 process4
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/ed067b60e16d6356ab24a01472867615fd2be4da4574cdf266e92dd976c497fb
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ed067b60e16d6356ab24a01472867615fd2be4da4574cdf266e92dd976c497fb/
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-08-07 12:24:44 UTC
File Type:
ELF32 Little (Exe)
AV detection:
22 of 36 (61.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5udhwyhbnvrvnkzeuakhfbtwcx6sxzg2iv2m34tg5ew5s5wes75q._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/250807-pqc4fahk61/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/c5f0a1f2-0bdc-45f0-bddc-461cbfa5a839
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ed067b60e16d6356ab24a01472867615fd2be4da4574cdf266e92dd976c497fb

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf ed067b60e16d6356ab24a01472867615fd2be4da4574cdf266e92dd976c497fb

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3598398/
  
Delivery method
Distributed via web download

Comments