MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f81bba00dd8c8e14833309be50a422240168801eb61e3da87636a659883fe15e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f81bba00dd8c8e14833309be50a422240168801eb61e3da87636a659883fe15e
SHA3-384 hash: e8fdcf53c213ff9905b2d6c99566be637ff5b84255f9e259629d0fb36d10c1e9624417a41d879f3c4cae4aee0421d1df
SHA1 hash: 8127fb7381f0cffd15a4074918a257ec5c9ddc1f
MD5 hash: 52a34e2268f33da39c41c313d8050103
humanhash: montana-william-skylark-quiet
File name:kinsing_aarch64
Download: download sample
File size:2'120'060 bytes
First seen:2026-02-12 01:12:11 UTC
Last seen:2026-02-12 02:20:51 UTC
File type: elf
MIME type:application/x-executable
ssdeep 49152:Slds3UPXBQSH14vZh7pIDhG9By8uCGUGan5UPiK/K5F7XlzcKGYH0ye8nanVFfl5:Slds3UPXBQSH14vZh7pIDhG9By8uCGUm
TLSH T1F3A5E7217C7EB553E9CCB6347761A2ED302E76C5D9E090369EA0CEA985F4B54CE23432
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf

Intelligence

File Origin
# of uploads :
2
# of downloads :
77
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
SecuriteInfo.com.Trojan.Linux.GenericKD.70456.23795.32370.UNOFFICIAL
Create hunting rule

Result
Verdict:
Clean
Maliciousness:
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/f81bba00dd8c8e14833309be50a422240168801eb61e3da87636a659883fe15e
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Unknown
File Type:
elf.64.le
First seen:
2026-02-11T23:36:00Z UTC
Last seen:
2026-02-11T23:50:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/f81bba00dd8c8e14833309be50a422240168801eb61e3da87636a659883fe15e/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/35b3fc39-92a6-4eaa-8d1a-488e981c1b2c
Behavior Graph:
Download SVG
%3
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/b26ccf8c-5d85-40eb-bd5e-fb2437e949f9
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1868032
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/f81bba00dd8c8e14833309be50a422240168801eb61e3da87636a659883fe15e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f81bba00dd8c8e14833309be50a422240168801eb61e3da87636a659883fe15e/
Threat name:
Linux.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2026-02-12 01:12:30 UTC
File Type:
ELF64 Little (Exe)
AV detection:
8 of 24 (33.33%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7an3uag5rshbjaztbg7fbjbceqawraa6wypd3kdwg2tftcb74fpa._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/260212-bkl79sez9d/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/f81bba00dd8c8e14833309be50a422240168801eb61e3da87636a659883fe15e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf f81bba00dd8c8e14833309be50a422240168801eb61e3da87636a659883fe15e

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3749961/
  
Delivery method
Distributed via web download

Comments