4cc11e4593e1d9cc66d56c21a668412e
Hash
- MD5: 4cc11e4593e1d9cc66d56c21a668412e
- SHA1: 80e8e7be487d66b6176443dc7f5cdb3103afe6fb
- SHA256: a2b9a769df84d9d3a4694bb0252a2c6a5e5f5d1a85a04565362737092bbb3a86
- First Seen: 2026-06-08
- Last Seen: 2026-06-08
-
1
Related Reports
-
0
Related IOCs
Additional Information
VirusTotal
{
"data": {
"id": "a2b9a769df84d9d3a4694bb0252a2c6a5e5f5d1a85a04565362737092bbb3a86",
"type": "file",
"links": {
"self": "https://www.virustotal.com/api/v3/files/a2b9a769df84d9d3a4694bb0252a2c6a5e5f5d1a85a04565362737092bbb3a86"
},
"attributes": {
"sha256": "a2b9a769df84d9d3a4694bb0252a2c6a5e5f5d1a85a04565362737092bbb3a86",
"tags": [
"elf",
"64bits",
"detect-debug-environment"
],
"times_submitted": 1,
"last_analysis_stats": {
"malicious": 7,
"suspicious": 0,
"undetected": 55,
"harmless": 0,
"timeout": 0,
"confirmed-timeout": 0,
"failure": 1,
"type-unsupported": 11
},
"ssdeep": "98304:EVbRbgTKcA01MwR4SjFfE/CsZDtYT40M9ERZ42NXnbugZq9mbvbbJr7brD8ltBez:ETETysGJeC9CZugZq9Qv/5brDcIeKyU",
"type_tag": "elf",
"last_submission_date": 1780913069,
"last_analysis_results": {
"Bkav": {
"method": "blacklist",
"engine_name": "Bkav",
"engine_version": "8.2.40(8338)",
"engine_update": "20260606",
"category": "undetected",
"result": null
},
"Lionic": {
"method": "blacklist",
"engine_name": "Lionic",
"engine_version": "8.16",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Elastic": {
"method": "blacklist",
"engine_name": "Elastic",
"engine_version": "4.0.264",
"engine_update": "20260603",
"category": "undetected",
"result": null
},
"MicroWorld-eScan": {
"method": "blacklist",
"engine_name": "MicroWorld-eScan",
"engine_version": "14.0.409.0",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"ClamAV": {
"method": "blacklist",
"engine_name": "ClamAV",
"engine_version": "1.5.2.0",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"CTX": {
"method": "blacklist",
"engine_name": "CTX",
"engine_version": "2024.8.29.1",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"CAT-QuickHeal": {
"method": "blacklist",
"engine_name": "CAT-QuickHeal",
"engine_version": "22.00",
"engine_update": "20260607",
"category": "undetected",
"result": null
},
"Skyhigh": {
"method": "blacklist",
"engine_name": "Skyhigh",
"engine_version": "v2021.2.0+4045",
"engine_update": "20260607",
"category": "undetected",
"result": null
},
"ALYac": {
"method": "blacklist",
"engine_name": "ALYac",
"engine_version": "2.0.0.10",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Malwarebytes": {
"method": "blacklist",
"engine_name": "Malwarebytes",
"engine_version": "3.1.0.238",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Zillya": {
"method": "blacklist",
"engine_name": "Zillya",
"engine_version": "2.0.0.5616",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"Sangfor": {
"method": "blacklist",
"engine_name": "Sangfor",
"engine_version": "2.22.3.0",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"CrowdStrike": {
"method": "blacklist",
"engine_name": "CrowdStrike",
"engine_version": "1.0",
"engine_update": "20251219",
"category": "undetected",
"result": null
},
"K7GW": {
"method": "blacklist",
"engine_name": "K7GW",
"engine_version": "14.55.59746",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"K7AntiVirus": {
"method": "blacklist",
"engine_name": "K7AntiVirus",
"engine_version": "14.55.59745",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"VirIT": {
"method": "blacklist",
"engine_name": "VirIT",
"engine_version": "9.5.1222",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"Symantec": {
"method": "blacklist",
"engine_name": "Symantec",
"engine_version": "1.22.0.0",
"engine_update": "20260607",
"category": "undetected",
"result": null
},
"ESET-NOD32": {
"method": "blacklist",
"engine_name": "ESET-NOD32",
"engine_version": "18.2.18.0",
"engine_update": "20260608",
"category": "malicious",
"result": "Linux/Agent.AYS trojan"
},
"TrendMicro-HouseCall": {
"method": "blacklist",
"engine_name": "TrendMicro-HouseCall",
"engine_version": "24.550.0.1002",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Avast": {
"method": "blacklist",
"engine_name": "Avast",
"engine_version": "23.9.8494.0",
"engine_update": "20260608",
"category": "malicious",
"result": "ELF:Agent-EKA [Trj]"
},
"Cynet": {
"method": "blacklist",
"engine_name": "Cynet",
"engine_version": "4.0.3.4",
"engine_update": "20260608",
"category": "malicious",
"result": "Malicious (score: 99)"
},
"Kaspersky": {
"method": "blacklist",
"engine_name": "Kaspersky",
"engine_version": "22.0.1.28",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"BitDefender": {
"method": "blacklist",
"engine_name": "BitDefender",
"engine_version": "7.2",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"NANO-Antivirus": {
"method": "blacklist",
"engine_name": "NANO-Antivirus",
"engine_version": "1.0.170.26895",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"ViRobot": {
"method": "blacklist",
"engine_name": "ViRobot",
"engine_version": "2014.3.20.0",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Tencent": {
"method": "blacklist",
"engine_name": "Tencent",
"engine_version": "1.0.0.1",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Sophos": {
"method": "blacklist",
"engine_name": "Sophos",
"engine_version": "3.5.1.0",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"F-Secure": {
"method": "blacklist",
"engine_name": "F-Secure",
"engine_version": "18.10.1547.307",
"engine_update": "20260608",
"category": "malicious",
"result": "Trojan.TR/LINUX.Agent.EKA"
},
"DrWeb": {
"method": "blacklist",
"engine_name": "DrWeb",
"engine_version": "7.0.75.2070",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"VIPRE": {
"method": "blacklist",
"engine_name": "VIPRE",
"engine_version": "6.0.0.35",
"engine_update": "20260607",
"category": "undetected",
"result": null
},
"TrendMicro": {
"method": "blacklist",
"engine_name": "TrendMicro",
"engine_version": "24.550.0.1002",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"McAfeeD": {
"method": "blacklist",
"engine_name": "McAfeeD",
"engine_version": "1.2.0.14833",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Emsisoft": {
"method": "blacklist",
"engine_name": "Emsisoft",
"engine_version": "2024.8.0.61147",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"huorong": {
"method": "blacklist",
"engine_name": "huorong",
"engine_version": "73e0c6e:73e0c6e:d28a123:d28a123",
"engine_update": "20260607",
"category": "undetected",
"result": null
},
"Avast-Mobile": {
"method": "blacklist",
"engine_name": "Avast-Mobile",
"engine_version": "260608-00",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Jiangmin": {
"method": "blacklist",
"engine_name": "Jiangmin",
"engine_version": "16.0.100",
"engine_update": "20260607",
"category": "undetected",
"result": null
},
"Varist": {
"method": "blacklist",
"engine_name": "Varist",
"engine_version": "6.6.1.3",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Avira": {
"method": "blacklist",
"engine_name": "Avira",
"engine_version": "8.3.3.24",
"engine_update": "20260608",
"category": "malicious",
"result": "TR/LINUX.Agent.EKA"
},
"Antiy-AVL": {
"method": "blacklist",
"engine_name": "Antiy-AVL",
"engine_version": "3.0",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Kingsoft": {
"method": "blacklist",
"engine_name": "Kingsoft",
"engine_version": "None",
"engine_update": "20260607",
"category": "undetected",
"result": null
},
"Microsoft": {
"method": "blacklist",
"engine_name": "Microsoft",
"engine_version": "1.1.26040.8",
"engine_update": "20260608",
"category": "malicious",
"result": "Trojan:Script/Wacatac.B!ml"
},
"Gridinsoft": {
"method": "blacklist",
"engine_name": "Gridinsoft",
"engine_version": "1.0.247.174",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Xcitium": {
"method": "blacklist",
"engine_name": "Xcitium",
"engine_version": "38711",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Arcabit": {
"method": "blacklist",
"engine_name": "Arcabit",
"engine_version": "2025.0.0.23",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"SUPERAntiSpyware": {
"method": "blacklist",
"engine_name": "SUPERAntiSpyware",
"engine_version": "5.6.0.1032",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"ZoneAlarm": {
"method": "blacklist",
"engine_name": "ZoneAlarm",
"engine_version": "6.25-116107382",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"GData": {
"method": "blacklist",
"engine_name": "GData",
"engine_version": "GD:27.44833AVA:64.31380",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Google": {
"method": "blacklist",
"engine_name": "Google",
"engine_version": "1780905658",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"AhnLab-V3": {
"method": "blacklist",
"engine_name": "AhnLab-V3",
"engine_version": "3.30.0.10666",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Acronis": {
"method": "blacklist",
"engine_name": "Acronis",
"engine_version": "1.2.0.121",
"engine_update": "20240328",
"category": "undetected",
"result": null
},
"VBA32": {
"method": "blacklist",
"engine_name": "VBA32",
"engine_version": "5.6.1",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"TACHYON": {
"method": "blacklist",
"engine_name": "TACHYON",
"engine_version": "2026-06-08.02",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Zoner": {
"method": "blacklist",
"engine_name": "Zoner",
"engine_version": "2.2.2.0",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Rising": {
"method": "blacklist",
"engine_name": "Rising",
"engine_version": "25.0.0.28",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"Yandex": {
"method": "blacklist",
"engine_name": "Yandex",
"engine_version": "5.5.2.24",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"TrellixENS": {
"method": "blacklist",
"engine_name": "TrellixENS",
"engine_version": "6.0.6.653",
"engine_update": "20260607",
"category": "undetected",
"result": null
},
"SentinelOne": {
"method": "blacklist",
"engine_name": "SentinelOne",
"engine_version": "7.6.2.19",
"engine_update": "20260324",
"category": "undetected",
"result": null
},
"MaxSecure": {
"method": "blacklist",
"engine_name": "MaxSecure",
"engine_version": "1.0.0.1",
"engine_update": "20260605",
"category": "undetected",
"result": null
},
"Fortinet": {
"method": "blacklist",
"engine_name": "Fortinet",
"engine_version": "7.0.48.0",
"engine_update": "20260608",
"category": "undetected",
"result": null
},
"AVG": {
"method": "blacklist",
"engine_name": "AVG",
"engine_version": "23.9.8494.0",
"engine_update": "20260608",
"category": "malicious",
"result": "ELF:Agent-EKA [Trj]"
},
"Panda": {
"method": "blacklist",
"engine_name": "Panda",
"engine_version": "4.6.4.2",
"engine_update": "20260607",
"category": "undetected",
"result": null
},
"alibabacloud": {
"method": "blacklist",
"engine_name": "alibabacloud",
"engine_version": "2.2.0",
"engine_update": "20250321",
"category": "undetected",
"result": null
},
"Ikarus": {
"method": "blacklist",
"engine_name": "Ikarus",
"engine_version": "6.5.4.0",
"engine_update": "20260608",
"category": "failure",
"result": null
},
"SymantecMobileInsight": {
"method": "blacklist",
"engine_name": "SymantecMobileInsight",
"engine_version": "2.0",
"engine_update": "20260123",
"category": "type-unsupported",
"result": null
},
"BitDefenderFalx": {
"method": "blacklist",
"engine_name": "BitDefenderFalx",
"engine_version": "2.0.936",
"engine_update": "20260525",
"category": "type-unsupported",
"result": null
},
"tehtris": {
"method": "blacklist",
"engine_name": "tehtris",
"engine_version": "v0.1.4",
"engine_update": "20260608",
"category": "type-unsupported",
"result": null
},
"DeepInstinct": {
"method": "blacklist",
"engine_name": "DeepInstinct",
"engine_version": "5.0.0.8",
"engine_update": "20260608",
"category": "type-unsupported",
"result": null
},
"Webroot": {
"method": "blacklist",
"engine_name": "Webroot",
"engine_version": "1.9.0.8",
"engine_update": "20250227",
"category": "type-unsupported",
"result": null
},
"APEX": {
"method": "blacklist",
"engine_name": "APEX",
"engine_version": "6.786",
"engine_update": "20260607",
"category": "type-unsupported",
"result": null
},
"Paloalto": {
"method": "blacklist",
"engine_name": "Paloalto",
"engine_version": "0.9.0.1003",
"engine_update": "20260608",
"category": "type-unsupported",
"result": null
},
"Alibaba": {
"method": "blacklist",
"engine_name": "Alibaba",
"engine_version": "0.3.0.5",
"engine_update": "20190527",
"category": "type-unsupported",
"result": null
},
"Trapmine": {
"method": "blacklist",
"engine_name": "Trapmine",
"engine_version": "4.0.12.0",
"engine_update": "20260604",
"category": "type-unsupported",
"result": null
},
"Cylance": {
"method": "blacklist",
"engine_name": "Cylance",
"engine_version": "3.0.0.0",
"engine_update": "20260521",
"category": "type-unsupported",
"result": null
},
"Trustlook": {
"method": "blacklist",
"engine_name": "Trustlook",
"engine_version": "1.0",
"engine_update": "20260608",
"category": "type-unsupported",
"result": null
}
},
"tlsh": "T1F7E64867FCA915A4C0ADC135C6769627BB713C894F3023D36B50B6686F33BD0AAB9710",
"elf_info": {
"build_id": "2b1ecf8a70a295bc90274805baa0f92b1837de3a",
"header": {
"type": "EXEC (Executable file)",
"hdr_version": "1 (current)",
"num_prog_headers": 6,
"obj_version": "0x1",
"machine": "Advanced Micro Devices X86-64",
"num_section_headers": 16,
"os_abi": "UNIX - System V",
"abi_version": 0,
"entrypoint": 4771136,
"data": "2's complement, little endian",
"class": "ELF64"
},
"section_list": [
{
"name": "",
"section_type": "NULL",
"virtual_address": 0,
"physical_offset": 0,
"size": 0,
"flags": ""
},
{
"name": ".note.go.buildid",
"section_type": "NOTE",
"virtual_address": 4198264,
"physical_offset": 3960,
"size": 100,
"flags": "A"
},
{
"name": ".note.gnu.build-id",
"section_type": "NOTE",
"virtual_address": 4198364,
"physical_offset": 4060,
"size": 36,
"flags": "A"
},
{
"name": ".text",
"section_type": "PROGBITS",
"virtual_address": 4198400,
"physical_offset": 4096,
"size": 7208081,
"flags": "AX"
},
{
"name": ".rodata",
"section_type": "PROGBITS",
"virtual_address": 11407360,
"physical_offset": 7213056,
"size": 1520761,
"flags": "A"
},
{
"name": ".gopclntab",
"section_type": "PROGBITS",
"virtual_address": 12928128,
"physical_offset": 8733824,
"size": 5390069,
"flags": "A"
},
{
"name": ".typelink",
"section_type": "PROGBITS",
"virtual_address": 18318208,
"physical_offset": 14123904,
"size": 13804,
"flags": "A"
},
{
"name": ".itablink",
"section_type": "PROGBITS",
"virtual_address": 18332032,
"physical_offset": 14137728,
"size": 4456,
"flags": "A"
},
{
"name": ".go.buildinfo",
"section_type": "PROGBITS",
"virtual_address": 18337792,
"physical_offset": 14143488,
"size": 2048,
"flags": "WA"
},
{
"name": ".go.fipsinfo",
"section_type": "PROGBITS",
"virtual_address": 18339840,
"physical_offset": 14145536,
"size": 120,
"flags": "WA"
},
{
"name": ".go.module",
"section_type": "PROGBITS",
"virtual_address": 18339968,
"physical_offset": 14145664,
"size": 592,
"flags": "WA"
},
{
"name": ".noptrdata",
"section_type": "PROGBITS",
"virtual_address": 18340576,
"physical_offset": 14146272,
"size": 400417,
"flags": "WA"
},
{
"name": ".data",
"section_type": "PROGBITS",
"virtual_address": 18741024,
"physical_offset": 14546720,
"size": 107634,
"flags": "WA"
},
{
"name": ".bss",
"section_type": "NOBITS",
"virtual_address": 18848672,
"physical_offset": 14654368,
"size": 148344,
"flags": "WA"
},
{
"name": ".noptrbss",
"section_type": "NOBITS",
"virtual_address": 18997024,
"physical_offset": 14802720,
"size": 33711552,
"flags": "WA"
},
{
"name": ".shstrtab",
"section_type": "STRTAB",
"virtual_address": 0,
"physical_offset": 14655488,
"size": 162,
"flags": ""
}
],
"segment_list": [
{
"segment_type": "PHDR",
"resources": []
},
{
"segment_type": "NOTE",
"resources": [
".note.go.buildid"
]
},
{
"segment_type": "LOAD",
"resources": [
".note.go.buildid",
".note.gnu.build-id",
".text"
]
},
{
"segment_type": "LOAD",
"resources": [
".rodata",
".gopclntab",
".typelink",
".itablink"
]
},
{
"segment_type": "LOAD",
"resources": [
".go.buildinfo",
".go.fipsinfo",
".go.module",
".noptrdata",
".data",
".bss",
".noptrbss"
]
},
{
"segment_type": "GNU_STACK",
"resources": []
}
]
},
"meaningful_name": "0x6cnjfyg.exe",
"trid": [
{
"file_type": "ELF Executable and Linkable format (Linux)",
"probability": 50.1
},
{
"file_type": "ELF Executable and Linkable format (generic)",
"probability": 49.8
}
],
"size": 14655650,
"last_analysis_date": 1780913069,
"unique_sources": 1,
"type_description": "ELF",
"reputation": 0,
"last_modification_date": 1780916672,
"md5": "4cc11e4593e1d9cc66d56c21a668412e",
"filecondis": {
"dhash": "00203e3c3e0d1000",
"raw_md5": "582902c59dbe73b58386b6bb006997ce"
},
"detectiteasy": {
"filetype": "ELF64",
"values": [
{
"info": "EXEC AMD64-64",
"type": "Operation system",
"name": "Unix"
},
{
"info": "EXEC AMD64-64",
"version": "1.10.x-1.17.x",
"type": "Compiler",
"name": "Go"
}
]
},
"vhash": "77ac44bddf4050b946718bc38ad0cf3e",
"sha1": "80e8e7be487d66b6176443dc7f5cdb3103afe6fb",
"first_submission_date": 1780913069,
"type_tags": [
"executable",
"linux",
"elf"
],
"magic": "ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, Go BuildID=nZgq0wmBWEAIuZ0eYxtm/LlvJ2J_VOE3CrshVuvXa/PL7RP6qFaEPwj2BBOk2m/QSXcjiw179Rt8WN9jhlc, BuildID[sha1]=2b1ecf8a70a295bc90274805baa0f92b1837de3a, stripped",
"popular_threat_classification": {
"suggested_threat_label": "trojan.",
"popular_threat_category": [
{
"value": "trojan",
"count": 3
}
]
},
"names": [
"0x6cnjfyg.exe",
"google-update-support-linux-amd64"
],
"total_votes": {
"harmless": 0,
"malicious": 0
},
"telfhash": "t1404383b1866434f4b576d925e7fa30b0d63728b327e438f0447abca2ef60d851826d5e",
"crowdsourced_yara_results": [
{
"ruleset_id": "0122a7f913",
"ruleset_version": "0122a7f913|589bbefc22847193cac455858fa15e627d671918",
"ruleset_name": "Windows_API_Function",
"rule_name": "Windows_API_Function",
"match_date": 1780916672,
"description": "This signature detects the presence of a number of Windows API functionality often seen within embedded executables. When this signature alerts on an executable, it is not an indication of malicious behavior. However, if seen firing in other file types, deeper investigation may be warranted.",
"author": "InQuest Labs",
"source": "https://github.com/InQuest/yara-rules-vt"
},
{
"ruleset_id": "00c3b8eb5d",
"ruleset_version": "00c3b8eb5d|e76c93dcdedff04076380ffc60ea54e45b313635",
"ruleset_name": "indicator_suspicious",
"rule_name": "INDICATOR_SUSPICIOUS_Binary_Embedded_Crypto_Wallet_Browser_Extension_IDs",
"match_date": 1780916672,
"description": "Detect binaries embedding considerable number of cryptocurrency wallet browser extension IDs.",
"author": "ditekSHen",
"source": "https://github.com/ditekshen/detection"
},
{
"ruleset_id": "01548f5e9f",
"ruleset_version": "01548f5e9f|fc8633fd1aca367bd7e986a2e62f6851b150ad8f",
"ruleset_name": "Macos_Infostealer_Wallets",
"rule_name": "Macos_Infostealer_Wallets_8e469ea0",
"match_date": 1780916672,
"author": "Elastic Security",
"source": "https://github.com/elastic/protections-artifacts"
}
]
}
}
}