MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f604f5c0de4e30d1af2ea3bf5e733ce27896e84fdd85970a6a5053705fd952d6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA 11 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f604f5c0de4e30d1af2ea3bf5e733ce27896e84fdd85970a6a5053705fd952d6
SHA3-384 hash: 979bd9590eb21797128497e0414bc04aee76e48c1d70a8a240a72a4d4587e04674f6ce6c6fd80266928f6f5836b57235
SHA1 hash: cdadabc9f76fe0d005299a4e1d125a7de3b768bd
MD5 hash: c3671e2243ee8d8d0245e4b6c0e16ebc
humanhash: queen-jupiter-mirror-bulldog
File name:bot.mips
Download: download sample
File size:3'200'532 bytes
First seen:2026-05-11 21:53:10 UTC
Last seen:Never
File type: elf
MIME type:application/x-sharedlib
ssdeep 24576:z+gY/SNtvj8Ti/zi2693hVw/z/dW/XX7tp956WqIg8L8PntzLQymhrn:z+43L/zit3h271Wfx6qyIrn
TLSH T119E52B03AE74CF9CF445613429B34AA167F611970BEB0747C2B4DA347FA061D492FAEA
telfhash t1d421014528380aea94f19a605c302996c257d56d79218714ff30ded21efe448f622e4f
Magika elf
Reporter abuse_ch
Tags:elf

Intelligence

File Origin
# of uploads :
1
# of downloads :
49
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.29052.TSource.UNOFFICIAL
Create hunting rule

Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
base64 expand gcc lolbin masquerade
Link:
https://www.filescan.io/uploads/6a024ff0792fe2d217af8ddb/reports/4be97678-1844-4149-912b-f3929618fdea/overview
Verdict:
Unknown
File Type:
elf.32.be
Link:
https://opentip.kaspersky.com/f604f5c0de4e30d1af2ea3bf5e733ce27896e84fdd85970a6a5053705fd952d6/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/78d7a60c-6c35-4d94-b966-c56060693608
Behavior Graph:
Download SVG
%3 guuid=3440a5a3-1800-0000-b94a-50b6ea060000 pid=1770 /usr/bin/sudo guuid=aef9f9a5-1800-0000-b94a-50b6ee060000 pid=1774 /tmp/sample.bin guuid=3440a5a3-1800-0000-b94a-50b6ea060000 pid=1770->guuid=aef9f9a5-1800-0000-b94a-50b6ee060000 pid=1774 execve
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/3553637b-c1c4-4d8d-a8bc-b128d606fb4b
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
1 / 100
Link:
https://www.joesandbox.com/analysis/1911969
Behaviour
Behavior Graph:
n/a
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/f604f5c0de4e30d1af2ea3bf5e733ce27896e84fdd85970a6a5053705fd952d6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f604f5c0de4e30d1af2ea3bf5e733ce27896e84fdd85970a6a5053705fd952d6/
Threat name:
Linux.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-05-11 21:55:44 UTC
File Type:
ELF32 Big (SO)
AV detection:
6 of 37 (16.22%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6ycplqg6jyyndlzouo7v44z44j4jn2cp3wczoctkkbjxax6zklla._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/260511-1rymbaaz9w/
Behaviour
System Network Configuration Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f604f5c0de4e30d1af2ea3bf5e733ce27896e84fdd85970a6a5053705fd952d6

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:CP_Script_Inject_Detector
Create hunting rule
Author:DiegoAnalytics
Description:Detects attempts to inject code into another process across PE, ELF, Mach-O binaries
Rule name:DetectEncryptedVariants
Create hunting rule
Author:Zinyth
Description:Detects 'encrypted' in ASCII, Unicode, base64, or hex-encoded
Rule name:elf_arm_mips_ko_so
Create hunting rule
Rule name:enterpriseapps2
Create hunting rule
Author:Tim Brown @timb_machine
Description:Enterprise apps
Rule name:Maskify_EarnifySDK_ELF
Create hunting rule
Author:Nokia Deepfield ERT
Description:Maskify/Earnify SDK - Rust native proxy+DDoS library (libearnify_sdk.so)
Reference:https://github.com/deepfield/public-research/tree/main/maskify
Rule name:ProgramLanguage_Rust
Create hunting rule
Author:albertzsigovits
Description:Application written in Rust programming language
Rule name:RANSOMWARE
Create hunting rule
Author:ToroGuitar
Rule name:Rustyloader_mem_loose
Create hunting rule
Author:James_inthe_box
Description:Corroded buerloader
Reference:https://app.any.run/tasks/83064edd-c7eb-4558-85e8-621db72b2a24
Rule name:setsockopt
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for setsockopt() red flags
Rule name:SHA512_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA384/SHA512 constants
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf f604f5c0de4e30d1af2ea3bf5e733ce27896e84fdd85970a6a5053705fd952d6

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3844950/
  
Delivery method
Distributed via web download

Comments