MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fdee2e34212170af59a95701317f220e9bdedfd8ee579bc485e0534410da42e7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 7


Intelligence 7 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fdee2e34212170af59a95701317f220e9bdedfd8ee579bc485e0534410da42e7
SHA3-384 hash: 834b069ef4477e14b9f3889c27d4ab4aed07064d80c3ab25ed6904978dbb9580c12a19d8cdcd119dc3089dcd716bcaf7
SHA1 hash: 2b9908fed54fdb89d96659b524784a929aa1613b
MD5 hash: 7442703232ea59581c65a36de2398c32
humanhash: summer-shade-one-butter
File name:fdee2e34212170af59a95701317f220e9bdedfd8ee579bc485e0534410da42e7.bin
Download: download sample
File size:829'120 bytes
First seen:2024-10-02 22:55:06 UTC
Last seen:2024-10-03 13:23:23 UTC
File type: elf
MIME type:application/x-sharedlib
ssdeep 12288:36WMJ9LyCRI2nJHbR6FimOGWqQtznu1nzrv0ap7jTEu+4J:3NbM3ektjulE4J
TLSH T13005160AFF64A91FCD19433958FB1324B3F1C4896772971BA2D8B2382EE77895E05784
telfhash t1b3c08c54cd590b0ecb731de2cc3a5b7812030e4bafc8db000fab90c842102ad02864bf
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter signalblur
Tags:elf rootkit Snapekit


Avatar
signalblur
Linux rootkit targeting Arch Linux

Intelligence

File Origin
# of uploads :
3
# of downloads :
219
Origin country :
US US
Vendor Threat Intelligence
Result
Verdict:
Clean
Maliciousness:
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
gcc masquerade
Link:
https://www.filescan.io/uploads/66fdcf83168559661d51dd76/reports/3b2c4de9-a028-4066-9738-db79ce83ef51/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
not packed
Botnet:
unknown
Number of open files:
13
Number of processes launched:
1
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/fdee2e34212170af59a95701317f220e9bdedfd8ee579bc485e0534410da42e7
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Unknown
Link:
https://analyze.intezer.com/analyses/c78d1324-9154-4635-8e4e-7112230b2a7b
Result
Threat name:
n/a
Detection:
clean
Classification:
n/a
Score:
1 / 100
Link:
https://www.joesandbox.com/analysis/1524598
Behaviour
Behavior Graph:
n/a
Score:
0%
Verdict:
Benign
File Type:
ELF
Link:
https://malprob.io/report/fdee2e34212170af59a95701317f220e9bdedfd8ee579bc485e0534410da42e7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fdee2e34212170af59a95701317f220e9bdedfd8ee579bc485e0534410da42e7/
Threat name:
Linux.Dropper.Snapekit
Create hunting rule
Status:
Malicious
First seen:
2024-09-29 20:22:32 UTC
File Type:
ELF64 Little (SO)
AV detection:
11 of 38 (28.95%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7xxc4nbbefyk6wnjk4atc7zcb2n55x6y5zlzxref4bjuieg2iltq._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery linux rootkit
Link:
https://tria.ge/reports/241002-2wnhks1gqq/
Behaviour
Reads runtime system information
Changes its process name
Deletes itself
Loads a kernel module
Traces itself
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/94dc45a5-1e29-40a7-8b80-fbce1576f5b8
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.85
Link:
https://yomi.yoroi.company/submissions/fdee2e34212170af59a95701317f220e9bdedfd8ee579bc485e0534410da42e7

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:F01_s1ckrule
Create hunting rule
Author:s1ckb017
Rule name:setsockopt
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for setsockopt() red flags
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
X
https://x.com/genthreatlabs/status/1841482299558215698?s=46

Comments