Joe Sandbox Cloud Basic Analysis Report
Edit tour

Linux Analysis Report
rhash

Overview

General Information

Sample name:rhash
Analysis ID:1672711
MD5:fe63e957fbb77f728e922d03398fa263
SHA1:c6310e5e7c4fe6e4ecc5f17f8dc3c5221f0e215c
SHA256:13f77c480c860fba3cb7aafeb79620c48854b8181d6565e4c705de2666058cbe

Detection

Score:48
Range:0 - 100

Signatures

Multi AV Scanner detection for submitted file
Sample has stripped symbol table

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1672711
Start date and time:2025-04-24 07:55:44 +02:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 3m 43s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Analysis Mode:default
Sample name:rhash
Detection:MAL
Classification:mal48.lin@0/0@0/0

Runtime Messages

Command:/tmp/rhash
PID:4713
Exit Code:127
Exit Code Info:
Killed:False
Standard Output:

Standard Error:/tmp/rhash: error while loading shared libraries: librhash.so.1: cannot open shared object file: No such file or directory

Process Tree

  • system is lnxubuntu1
  • rhash (PID: 4713, Parent: 4615, MD5: fe63e957fbb77f728e922d03398fa263) Arguments: /tmp/rhash
  • cleanup

Yara Signatures

No yara matches

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

  • AV Detection
  • Networking
  • System Summary

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: rhashReversingLabs: Detection: 29%
Source: rhashVirustotal: Detection: 9%Perma Link
Source: rhashString found in binary or memory: http://rhash.sf.net/
Source: ELF static info symbol of initial sample.symtab present: no
Source: classification engineClassification label: mal48.lin@0/0@0/0

Mitre Att&ck Matrix

No Mitre Att&ck techniques found

Malware Configuration

No configs have been found

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Number of created Files
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1672711 Sample: rhash Startdate: 24/04/2025 Architecture: LINUX Score: 48 7 Multi AV Scanner detection for submitted file 2->7 5 rhash 2->5         started        process3

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
rhash29%ReversingLabsLinux.Trojan.Generic
rhash9%VirustotalBrowse

Dropped Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://rhash.sf.net/rhashtrue
    		unknown

    World Map of Contacted IPs

    No contacted IP infos

    Joe Sandbox View / Context

    IPs

    No context

    Domains

    No context

    ASNs

    No context

    JA3 Fingerprints

    No context

    Dropped Files

    No context

    Created / dropped Files

    No created / dropped files found

    Static File Info

    General

    File type:ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=b956690bdb370842b2faa5f6be481319b4ac1dfc, for GNU/Linux 4.4.0, stripped
    Entropy (8bit):5.62015127010672
    TrID:
    • ELF Executable and Linkable format (Linux) (4029/14) 49.77%
    • ELF Executable and Linkable format (generic) (4004/1) 49.46%
    • Lumena CEL bitmap (63/63) 0.78%
    File name:rhash
    File size:96'000 bytes
    MD5:fe63e957fbb77f728e922d03398fa263
    SHA1:c6310e5e7c4fe6e4ecc5f17f8dc3c5221f0e215c
    SHA256:13f77c480c860fba3cb7aafeb79620c48854b8181d6565e4c705de2666058cbe
    SHA512:1fd4b5f8facfebe9ada27a006c1f2bcfae1074f31b4d983f80ff4c72768cfe32f2cba37839299f4b207400c54b679c4ee8a85d9078e50bf4bb05116c2229b8e6
    SSDEEP:1536:OTur1qhqRI+kh5Mrc7GHV71zv3EMASByjfoU2nsBF9H:OTur1CqRI+G60G3fSSByj+4H
    TLSH:20934A06B5A218FDC155C530826BD6335B3678A051213B7F3A94AA3C3F56F253F6EEA0
    File Content Preview:.ELF..............>.....@6......@........p..........@.8...@.............@.......@.......@........................................................................................................................................................0.......0.....

    Static ELF Info

    ELF header

    Class:ELF64
    Data:2's complement, little endian
    Version:1 (current)
    Machine:Advanced Micro Devices X86-64
    Version Number:0x1
    Type:DYN (Shared object file)
    OS/ABI:UNIX - System V
    ABI Version:0
    Entry Point Address:0x3640
    Flags:0x0
    ELF Header Size:64
    Program Header Offset:64
    Program Header Size:56
    Number of Program Headers:13
    Section Header Offset:94336
    Section Header Size:64
    Number of Section Headers:26
    Header String Table Index:25

    Sections

    NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
    NULL0x00x00x00x00x0000
    .interpPROGBITS0x3180x3180x1c0x00x2A001
    .note.gnu.propertyNOTE0x3380x3380x500x00x2A008
    .note.gnu.build-idNOTE0x3880x3880x240x00x2A004
    .note.ABI-tagNOTE0x3ac0x3ac0x200x00x2A004
    .gnu.hashGNU_HASH0x3d00x3d00x340x00x2A608
    .dynsymDYNSYM0x4080x4080x8d00x180x2A718
    .dynstrSTRTAB0xcd80xcd80x48c0x00x2A001
    .gnu.versionVERSYM0x11640x11640xbc0x20x2A602
    .gnu.version_rVERNEED0x12200x12200x800x00x2A718
    .rela.dynRELA0x12a00x12a00x1c200x180x2A608
    .initPROGBITS0x30000x30000x1b0x00x6AX004
    .textPROGBITS0x30200x30200xd8550x00x6AX0016
    .finiPROGBITS0x108780x108780xd0x00x6AX004
    .rodataPROGBITS0x110000x110000x1f240x00x2A0032
    .eh_frame_hdrPROGBITS0x12f240x12f240x51c0x00x2A004
    .eh_framePROGBITS0x134400x134400x1edc0x00x2A008
    .init_arrayINIT_ARRAY0x16b480x15b480x80x80x3WA008
    .fini_arrayFINI_ARRAY0x16b500x15b500x80x80x3WA008
    .dynamicDYNAMIC0x16b580x15b580x1c00x100x3WA708
    .gotPROGBITS0x16d180x15d180x2e80x80x3WA008
    .dataPROGBITS0x170000x160000xf500x00x3WA0032
    .bssNOBITS0x17f600x16f500x19000x00x3WA0032
    .commentPROGBITS0x00x16f500x1b0x10x30MS001
    .gnu_debuglinkPROGBITS0x00x16f6c0x100x00x0004
    .shstrtabSTRTAB0x00x16f7c0x1020x00x0001

    Program Segments

    TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
    PHDR0x400x400x400x2d80x2d81.82360x4R 0x8
    INTERP0x3180x3180x3180x1c0x1c3.94080x4R 0x1/lib64/ld-linux-x86-64.so.2.interp
    LOAD0x00x00x00x2ec00x2ec02.73770x4R 0x1000.interp .note.gnu.property .note.gnu.build-id .note.ABI-tag .gnu.hash .dynsym .dynstr .gnu.version .gnu.version_r .rela.dyn
    LOAD0x30000x30000x30000xd8850xd8856.21100x5R E0x1000.init .text .fini
    LOAD0x110000x110000x110000x431c0x431c5.77930x4R 0x1000.rodata .eh_frame_hdr .eh_frame
    LOAD0x15b480x16b480x16b480x14080x2d181.52730x6RW 0x1000.init_array .fini_array .dynamic .got .data .bss
    DYNAMIC0x15b580x16b580x16b580x1c00x1c01.53840x6RW 0x8.dynamic
    NOTE0x3380x3380x3380x500x501.89760x4R 0x8.note.gnu.property
    NOTE0x3880x3880x3880x440x443.33780x4R 0x4.note.gnu.build-id .note.ABI-tag
    GNU_PROPERTY0x3380x3380x3380x500x501.89760x4R 0x8.note.gnu.property
    GNU_EH_FRAME0x12f240x12f240x12f240x51c0x51c4.85650x4R 0x4.eh_frame_hdr
    GNU_STACK0x00x00x00x00x00.00000x6RW 0x10
    GNU_RELRO0x15b480x16b480x16b480x4b80x4b80.73070x4R 0x1.init_array .fini_array .dynamic .got

    Dynamic Tags

    TypeMetaValueTag
    DT_NEEDEDsharedliblibrhash.so.10x1
    DT_NEEDEDsharedliblibc.so.60x1
    DT_INITvalue0x30000xc
    DT_FINIvalue0x108780xd
    DT_INIT_ARRAYvalue0x16b480x19
    DT_INIT_ARRAYSZbytes80x1b
    DT_FINI_ARRAYvalue0x16b500x1a
    DT_FINI_ARRAYSZbytes80x1c
    DT_GNU_HASHvalue0x3d00x6ffffef5
    DT_STRTABvalue0xcd80x5
    DT_SYMTABvalue0x4080x6
    DT_STRSZbytes11640xa
    DT_SYMENTbytes240xb
    DT_DEBUGvalue0x00x15
    DT_RELAvalue0x12a00x7
    DT_RELASZbytes72000x8
    DT_RELAENTbytes240x9
    DT_FLAGSvalue0x80x1e
    DT_FLAGS_1value0x80000010x6ffffffb
    DT_VERNEEDvalue0x12200x6ffffffe
    DT_VERNEEDNUMvalue10x6fffffff
    DT_VERSYMvalue0x11640x6ffffff0
    DT_RELACOUNTvalue2070x6ffffff9
    DT_NULLvalue0x00x0

    Symbols

    NameVersion Info NameVersion Info File NameSection NameValueSizeSymbol TypeSymbol BindSymbol VisibilityNdx
    .dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    _ITM_deregisterTMCloneTable.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    _ITM_registerTMCloneTable.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    __ctype_b_locGLIBC_2.3libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __ctype_tolower_locGLIBC_2.3libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __ctype_toupper_locGLIBC_2.3libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __cxa_finalizeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __errno_locationGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __fprintf_chkGLIBC_2.3.4libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __gmon_start__.dynsym0x00NOTYPE<unknown>DEFAULTSHN_UNDEF
    __libc_start_mainGLIBC_2.34libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __sprintf_chkGLIBC_2.3.4libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __stack_chk_failGLIBC_2.4libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __strcpy_chkGLIBC_2.3.4libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    __vfprintf_chkGLIBC_2.3.4libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    accessGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    bindtextdomainGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    callocGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    closedirGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    dcgettextGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    exitGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fcloseGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    feofGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    ferrorGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fflushGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fgetcGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fgetsGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    filenoGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fopen64GLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fputcGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fputsGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    freadGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    freeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fseekGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    ftellGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    fwriteGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    getenvGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    gettimeofdayGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    isattyGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    localtimeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    lstat64GLIBC_2.33libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    mallocGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    memcmpGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    memcpyGLIBC_2.14libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    memsetGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    opendirGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    posix_fadvise64GLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    putcGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    qsortGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    readdirGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    reallocGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    renameGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_count.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_file_update.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_final.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_free.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_get_digest_size.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_get_magnet_name.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_get_name.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_init.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_library_init.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_msg.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_print.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_reset.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_set_callback.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_torrent_add_announce.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_torrent_add_file.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_torrent_generate_content.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_torrent_set_batch_size.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_torrent_set_options.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_torrent_set_piece_length.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_torrent_set_program_name.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_transmit.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    rhash_update.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    setlocaleGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    signalGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    stat64GLIBC_2.33libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    stderrGLIBC_2.2.5libc.so.6.dynsym0x17f808OBJECT<unknown>DEFAULT22
    stdinGLIBC_2.2.5libc.so.6.dynsym0x17f708OBJECT<unknown>DEFAULT22
    stdoutGLIBC_2.2.5libc.so.6.dynsym0x17f608OBJECT<unknown>DEFAULT22
    strchrGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strcmpGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strcpyGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strcspnGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strdupGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strerrorGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strlenGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strncmpGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strrchrGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strspnGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strstrGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    strtolGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    textdomainGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF
    timeGLIBC_2.2.5libc.so.6.dynsym0x00FUNC<unknown>DEFAULTSHN_UNDEF

    Network Behavior

    No network behavior found

    System Behavior

    General

    Start time (UTC):05:56:21
    Start date (UTC):24/04/2025
    Path:/tmp/rhash
    Arguments:/tmp/rhash
    File size:96000 bytes
    MD5 hash:fe63e957fbb77f728e922d03398fa263

    File Activities