Open-source atomic malware analysis

Analyze another

github.com-rook-rook-v0.0.0-20260527174449-7a84015d5d81.zip

ZIP
Verdict: BENIGN
SHA256: cf9963b70c492bfb350c2a7f37b5c4c04cb9b19113e2702ce0dd32269bf8e983
AI Legitimate Rook project source code
Mal-ecule
O₁₁(As₂Ca₃I₄P₃PrS₂CCoDyErXe₂)H₈(Cm₁₅Cr₃Db₅F₁₅HfOs₁₀Po₁₁Ti)Md₅(BiBk₂Pt)
Size 3.8 MB download
First seen 2 days ago
Analyzed 22 hours ago
Ecosystem go
Source proxy.golang.org
suspicious severity cross-file finding. Go PAN-OS OpenVPN client key
suspicious severity cross-file finding. Shell eval with base64 decode
suspicious severity cross-file finding. udev rule command persistence
suspicious severity cross-file finding. Mass file deletion pattern
notable severity cross-file finding. Command with complex redirection and piping
notable severity cross-file finding. Base64 decoding behavior
notable severity cross-file finding. Dynamic code evaluation
notable severity cross-file finding. Mass deletion action primitive
github.com-rook-rook-v0.0.0-20260527174449-7a84015d5d81.zip zip
0 PK�������������������J���github.com/rook/[email protected]5d81/.commcurl download to file

Objectives

suspicious severity, 85% confident.
anti-static/obfuscation/payload Shell eval with base64 decode
suspicious severity, 95% confident.
credential-access/cloud/token Kubernetes credential extraction
suspicious severity, 94% confident.
impact/dos NetScaler dd zero source
suspicious severity, 70% confident.
persistence/login/scheduled-task Task restart count setting
suspicious severity, 80% confident.
privilege-escalation/elevation-control sudo wget writes to privileged path
suspicious severity, 94% confident.
supply-chain/install-hook/package Python pip list metadata
notable severity, 90% confident.
command-and-control/dropper/execution Remote download piped into a shell

Micro-behaviors

notable severity, 90% confident.
communications/http/lib Creates a new HTTP request
notable severity, 90% confident.
communications/http/request Performs HTTP request (urllib, requests, httpx)
notable severity, 90% confident.
communications/ip Repeated private 192.168 HTTP URL
notable severity, 90% confident.
crypto/hash Python hmac.new operation
notable severity, 90% confident.
data/encode Imports Python base64 module

Metadata

20 of 76 traits shown

Identity

SHA-256 cf9963b70c492bfb350c2a7f37b5c4c04cb9b19113e2702ce0dd32269bf8e983
Canonical SHA-256 000e630dc3f047bd7d8ace3155c362686deef1dac22bb4dc10d30bf80c9b1759
Filename github.com-rook-rook-v0.0.0-20260527174449-7a84015d5d81.zip
Package github.com/rook/rook
Version v0.0.0-20260527174449-7a84015d5d81

Origin

Source forager
Feed pkg.go.dev
Ecosystem go
Domain golang.org
URL https://proxy.golang.org/github.com/rook/rook/@v/v0.0.0-20260527174449-7a84015d5d81.zip

Timeline

First seen 15 Jun 2026 12:42 UTC
First analyzed 16 Jun 2026 23:53 UTC
Last analyzed 16 Jun 2026 23:53 UTC
Last updated 16 Jun 2026 23:53 UTC

Labeling

Label unknown
Label source forager
Traits version 27202