MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fa10ddd4612c5870b5903feac91e2ee155471ee9e8ccbc74d19fce715ae8a2e5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 8

Intelligence 8 IOCs YARA 3 File information Comments

SHA256 hash:	fa10ddd4612c5870b5903feac91e2ee155471ee9e8ccbc74d19fce715ae8a2e5
SHA3-384 hash:	6e5ad95e67a96862f7d1e80ec3f573bf1debb6fd3c3de84c7440393989ce1f29cffe1d605f5123dce98ff0e10d455519
SHA1 hash:	5282629b9f591152b17478f75b582713eafaaedc
MD5 hash:	09a6f3159c0a39095f14fd497a50bb15
humanhash:	massachusetts-uranus-arkansas-alpha
File name:	aarch64
Download:	download sample
File size:	509'896 bytes
First seen:	2025-07-13 05:20:56 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	6144:O/izeB+/ow3gK2lc5bvyI0vOHD6BZkDgn358cIF3RI5HkdY1FP98/8ecjfP:3BohHKTyfvOHD6ByD4WcIMkuDmEesP
TLSH	T132B41228EE4E3891F3D1E3B8DA0A4BB1B05B7DD0C166C1B2BA41E25D95EDDDEC5D0212
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika	elf
Reporter	abuse_ch
Tags:	elf

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.32057.LX.BOT.UNOFFICIAL

Sanesecurity.Malware.32058.LX.BOT.UNOFFICIAL

Verdict:

Clean

Score:

99.9%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6873424bc9eb97473768a6aelinux22vpnfull_triage

Tags:

n/a

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creates directories

Verdict:

Unknown

Threat level:

0/10

Confidence:

100%

Tags:

exploit gcc lolbin packed remote

Link:

https://www.filescan.io/uploads/6873424912edf4d3152add18/reports/deaaf651-b148-48cf-8909-e2b590e8178d/overview

Verdict:

Malicious

Uses P2P?:

true

Uses anti-vm?:

false

Architecture:

arm

Packer:

custom

Botnet:

unknown

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/fa10ddd4612c5870b5903feac91e2ee155471ee9e8ccbc74d19fce715ae8a2e5

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

type: 162.159.200.123:123
type: 130.239.18.158:6881
type: 67.215.246.10:6881
type: 87.197.188.206:6881
type: 185.246.34.49:6881
type: 5.167.107.63:6881
type: 89.88.140.192:6881
type: 95.221.254.44:6881
type: 95.233.57.39:6881
type: 220.137.186.113:6881
type: 111.95.216.129:6881
type: 213.174.232.178:6881
type: 91.86.139.57:6881
type: 84.67.158.17:6881
type: 79.164.106.118:6881
type: 114.253.243.135:6881
type: 207.204.228.9:6881
type: 175.203.161.152:6881
type: 135.19.153.132:6881
type: 186.128.30.67:6881
type: 187.251.215.190:6881
type: 115.50.156.34:6881
type: 84.247.141.118:6881
type: 142.171.125.191:6881
type: 202.21.11.250:6881
type: 75.158.220.234:6881
type: 41.135.93.132:6881
type: 170.64.212.53:6881
type: 18.191.2.28:6881
type: 18.188.31.0:6881
type: 192.227.221.84:6881
type: 54.194.137.170:6881
type: 5.158.110.128:6881
type: 54.214.105.212:6881
type: 54.214.62.31:6881
type: 51.222.32.203:6881
type: 82.56.56.225:6881
type: 45.179.80.65:6881
type: 137.103.164.219:6881
type: 67.171.197.164:6881
type: 130.239.18.158:8580
type: 195.154.233.74:6880
type: 45.203.154.72:6880
type: 45.203.154.67:6880
type: 34.235.218.124:6880
type: 3.16.242.66:6880
type: 147.135.11.99:6880
type: 18.190.107.194:6880
type: 173.230.130.111:6880
type: 130.239.18.158:8516
type: 178.162.173.91:28003
type: 178.162.173.32:28003
type: 130.239.18.158:8597
type: 130.239.18.158:8513
type: 130.239.18.158:8524
type: 135.181.227.244:50000
type: 135.181.238.113:50000
type: 142.132.203.57:50000
type: 37.27.119.252:50000
type: 37.27.117.175:50000
type: 65.21.128.211:50000
type: 37.27.117.125:50000
type: 37.27.117.60:50000
type: 178.162.174.1:28007
type: 178.162.174.11:28007
type: 45.87.250.224:50171
type: 212.7.202.40:28030
type: 89.149.200.92:28081
type: 195.154.222.93:51413
type: 85.195.240.18:51413
type: 87.205.127.160:51413
type: 185.13.36.21:51413
type: 109.195.28.245:51413
type: 95.211.84.139:51413
type: 51.254.24.29:51413
type: 5.79.66.14:51413
type: 94.45.82.126:51413
type: 78.96.226.202:51413
type: 176.62.186.8:51413
type: 89.80.162.180:51413
type: 68.38.217.18:51413
type: 178.64.27.153:51413
type: 82.36.195.155:51413
type: 115.212.205.227:51413
type: 72.189.99.47:51413
type: 213.133.111.29:51413
type: 46.4.59.237:51413
type: 109.130.174.62:51413
type: 5.135.156.163:56843
type: 178.162.173.202:28001
type: 185.149.91.163:51003
type: 185.203.56.49:17129
type: 5.79.73.138:28013
type: 193.14.193.189:51414
type: 85.255.56.81:20483
type: 158.46.60.166:20483
type: 36.255.7.211:36536
type: 83.149.117.215:58175
type: 130.239.18.158:8507
type: 174.2.49.45:30739
type: 178.162.173.66:28000
type: 178.162.174.234:28000
type: 46.216.2.241:22223
type: 103.140.3.3:56625
type: 101.36.123.102:34327
type: 89.149.202.3:28019
type: 138.199.53.230:34679
type: 185.203.56.54:61454
type: 151.242.149.23:8000
type: 219.78.14.141:12957
type: 96.42.166.186:11914
type: 46.232.211.27:64118
type: 88.148.190.127:60349
type: 125.228.55.136:35012
type: 57.129.45.81:8658
type: 189.5.81.237:50321
type: 97.96.251.223:50321
type: 177.226.75.255:52683
type: 189.172.168.134:53779
type: 212.159.87.159:6889
type: 104.220.51.236:6889
type: 153.165.57.202:6889
type: 178.79.118.227:6889
type: 82.96.51.52:45050
type: 133.32.178.248:1025
type: 221.118.242.208:26459
type: 159.223.162.113:8083
type: 89.22.197.168:33717
type: 178.162.174.163:28009
type: 166.70.252.135:35551
type: 89.255.71.199:59147
type: 221.161.133.125:40876
type: 45.166.207.127:13300
type: 81.171.6.43:28006
type: 95.211.252.113:28006
type: 213.152.186.40:51010
type: 195.154.167.39:8674
type: 77.82.202.91:49001
type: 174.74.122.190:49001
type: 72.21.17.39:24254
type: 89.142.59.41:19121
type: 45.137.83.204:49643
type: 189.203.131.71:21428
type: 203.56.145.8:58235
type: 89.134.8.242:6309
type: 89.143.169.197:57731
type: 1.220.160.10:7840
type: 199.195.149.217:23908
type: 81.171.6.81:17417
type: 95.217.33.172:55183
type: 203.198.102.186:25798
type: 61.80.135.129:32885
type: 115.164.177.97:26555
type: 109.153.252.30:19109
type: 141.8.205.125:57291
type: 65.108.143.34:56480
type: 152.53.45.107:7231
type: 54.209.131.199:6992
type: 54.77.218.23:6992
type: 54.39.52.64:29129
type: 47.89.251.173:7777
type: 194.29.101.83:10240
type: 152.53.52.107:10240
type: 27.61.42.90:47078
type: 103.177.27.83:12879
type: 45.164.96.202:15030
type: 37.6.236.231:25771
type: 189.6.236.231:16796
type: 54.39.52.64:48853
type: 38.134.41.130:32681
type: 23.95.11.50:65524
type: 45.190.149.60:20347
type: 41.107.201.40:38433
type: 121.160.47.19:42277
type: 176.152.122.107:48651
type: 95.211.145.143:15137
type: 191.101.31.60:57956
type: 60.73.45.180:48542
type: 89.132.219.77:20309
type: 126.26.198.178:17868
type: 144.76.175.153:56428
type: 144.76.175.153:40067
type: 37.27.113.233:56451
type: 195.154.185.217:27887
type: 144.76.175.153:56452
type: 80.28.174.182:23061
type: 93.41.125.118:24578
type: 143.198.96.58:21835
type: 109.164.100.72:45896
type: 178.162.173.148:28014
type: 144.76.175.153:56113
type: 43.154.161.39:46754
type: 185.21.217.20:50635
type: 213.91.213.13:57545
type: 121.184.29.213:7551
type: 221.44.213.31:62363
type: 144.76.175.153:38603
type: 2.229.212.11:20602
type: 81.171.10.39:15177
type: 130.62.134.144:19095
type: 212.7.200.120:29471
type: 72.53.118.67:27282
type: 69.249.14.254:57838

Status:

terminated

Link:

https://sandbox.kunai.rocks/analysis/09f918e9-8165-43d3-a72e-2d1dced74b45

Behavior Graph:

Download SVG

Verdict:

Unknown

Link:

https://analyze.intezer.com/analyses/aeb23f55-c84f-42b0-ab58-d63f7b457712

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/fa10ddd4612c5870b5903feac91e2ee155471ee9e8ccbc74d19fce715ae8a2e5

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/fa10ddd4612c5870b5903feac91e2ee155471ee9e8ccbc74d19fce715ae8a2e5/

Threat name:

Linux.Trojan.SAgnt

Status:

Malicious

First seen:

2025-07-13 05:21:13 UTC

File Type:

ELF64 Little (Exe)

AV detection:

15 of 24 (62.50%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=7iin3vdbfrmhbnmqh7vmshro4fkuohxj5dgly5grt7hhcwxiulsq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/250713-f114ksxyfv/

Verdict:

Malicious

Tags:

n/a

YARA:

n/a

Link:

https://app.threat.zone/submission/cb75cb64-0c14-46ab-9188-3be89f60a91b

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/fa10ddd4612c5870b5903feac91e2ee155471ee9e8ccbc74d19fce715ae8a2e5

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	linux_generic_ipv6_catcher Create hunting rule
Author:	@_lubiedo
Description:	ELF samples using IPv6 addresses

Rule name:	Sus_Obf_Enc_Spoof_Hide_PE Create hunting rule
Author:	XiAnzheng
Description:	Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)

Rule name:	unixredflags3 Create hunting rule
Author:	Tim Brown @timb_machine
Description:	Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf fa10ddd4612c5870b5903feac91e2ee155471ee9e8ccbc74d19fce715ae8a2e5

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/3558221/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample