MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0260e5bed704a0ae0007c4bd1c0d3927f3295e40e63678e419b8ba95308e2679. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0260e5bed704a0ae0007c4bd1c0d3927f3295e40e63678e419b8ba95308e2679
SHA3-384 hash: dcb6ffc6d40aaa310b3fd6e8177b5df11677d6e66f5065d73051ec8cc9600cb954383981967bb370242816885f03f717
SHA1 hash: 2cec875d61852c3f0f771e298472babdba105683
MD5 hash: 6a13173b67753881561a965e878df532
humanhash: two-kilo-mexico-kansas
File name:armageddon.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:1'106 bytes
First seen:2026-02-17 17:29:05 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 12:9US37SWSMXS9NSRwI2SEeScCSt5S9LCS962S927SP2S9K2SErgShUs94SYK:y69/GcwBOMe1V2bB2bgkp94SYK
TLSH T1961100FA7420B5B13478897D309B08D187C705FEF475635FEC692C65258981E39E8D92
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:gafgyt sh
URLMalware sample (SHA256 hash)SignatureTags
http://64.188.66.82/mips.armageddon2c183c1226ff7fb631bcdb92a8566d0d86c20c944ba509595e377fcab9d4002b Gafgytgafgyt mirai opendir
http://64.188.66.82/mipsel.armageddoncb26392cbc3b5e103507fe6ba7bad5cfa3e200323f7bb32a9018449ecb94b989 Gafgytgafgyt mirai opendir
http://64.188.66.82/sh4.armageddon7ca275f5000ed8e03c319af0c6b7462f3c648599f7512d7504a0d12669377987 Gafgytgafgyt mirai opendir
http://64.188.66.82/x86_64.armageddon9e4e12e6ce830f2e813addd8e7e4933153cf1204ed4daeb85b6edfcbfb84cbec Gafgytgafgyt mirai opendir
http://64.188.66.82/armv6l.armageddon2d26a137057bec40a07c4cddd7e04587b11e8222d6b0800163f1a24264ca2a0d Gafgytgafgyt mirai opendir
http://64.188.66.82/i686.armageddon8e168858477261e04bd99da359fe7cf5278c30f42f67b14d2668282e9b8c6f58 Gafgytgafgyt mirai opendir
http://64.188.66.82/powerpc.armageddon86ceead9a46f2c426983f96f8c298b0cb0807a657f5f899f6dad7ff6b53f8635 Gafgytgafgyt mirai opendir
http://64.188.66.82/i586.armageddon97b3c483bdb1891b24958925b5699ec40ac1943b83a298636945b73236804fcf Gafgytgafgyt mirai opendir
http://64.188.66.82/m68k.armageddon2c971f396a473cfeeeaa949e63ab1a4611a13d31dec17632e1b0da169d2d52e1 Gafgytgafgyt mirai opendir
http://64.188.66.82/armv7l.armageddon79f0145ae64862b8224f1dd181a053273649361277b148dc6e058fb410de6da2 Gafgytgafgyt mirai opendir
http://64.188.66.82/armv4l.armageddon591ad765828cdd07698140e0ab7ba968ae6d2377d8ec112fd7949fb8e5458009 Gafgytgafgyt mirai opendir
http://64.188.66.82/armv5l.armageddon472c532b18eef3e6eb9429f7da347d28fc89cb1447c84049cf459201a7d55cd3 Gafgytgafgyt mirai opendir
http://64.188.66.82/sparc.armageddon230d69758d672bfd811c2fd81d890c18d1e28ce87c4641f8c2d3033790f00620 Gafgytgafgyt mirai opendir
http://64.188.66.82/arc.armageddonfa2f0e2c6b6c86a4248bfa61665174fbb6c4c69d1a982fd8dd20e44e03832073 Gafgytgafgyt mirai opendir
http://64.188.66.82/powerpc440.armageddon80e3ae66885d1707b1a4740ba685274ef7618de44fac2218bb503cfba2cc8a49 Gafgytgafgyt mirai opendir
http://64.188.66.82/i486.armageddonn/an/aelf ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
76
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/6994a571930564ff3ca66fae/reports/d3c54e3b-1d71-48e6-a7c6-2bbc3bef5cf9/overview
Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.gen HEUR:Trojan-Downloader.Shell.Agent.bc
Link:
https://opentip.kaspersky.com/0260e5bed704a0ae0007c4bd1c0d3927f3295e40e63678e419b8ba95308e2679/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ae1c64d2-0326-4275-8f92-282a7f11c44a
Behavior Graph:
Download SVG
%3 guuid=d59d713b-1900-0000-3085-2651620b0000 pid=2914 /usr/bin/sudo guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916 /tmp/sample.bin guuid=d59d713b-1900-0000-3085-2651620b0000 pid=2914->guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916 execve guuid=f2b58b3e-1900-0000-3085-2651660b0000 pid=2918 /usr/bin/wget net send-data write-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=f2b58b3e-1900-0000-3085-2651660b0000 pid=2918 execve guuid=37b02a43-1900-0000-3085-26516d0b0000 pid=2925 /usr/bin/wget net send-data write-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=37b02a43-1900-0000-3085-26516d0b0000 pid=2925 execve guuid=8357f946-1900-0000-3085-2651740b0000 pid=2932 /usr/bin/wget net send-data write-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=8357f946-1900-0000-3085-2651740b0000 pid=2932 execve guuid=42e15c4c-1900-0000-3085-26517d0b0000 pid=2941 /usr/bin/wget net send-data write-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=42e15c4c-1900-0000-3085-26517d0b0000 pid=2941 execve guuid=56392551-1900-0000-3085-2651880b0000 pid=2952 /usr/bin/wget net send-data write-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=56392551-1900-0000-3085-2651880b0000 pid=2952 execve guuid=a40a3555-1900-0000-3085-2651930b0000 pid=2963 /usr/bin/wget net send-data write-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=a40a3555-1900-0000-3085-2651930b0000 pid=2963 execve guuid=d8af2859-1900-0000-3085-26519b0b0000 pid=2971 /usr/bin/wget net send-data write-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=d8af2859-1900-0000-3085-26519b0b0000 pid=2971 execve guuid=b5b3ea5c-1900-0000-3085-2651a80b0000 pid=2984 /usr/bin/wget net send-data write-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=b5b3ea5c-1900-0000-3085-2651a80b0000 pid=2984 execve guuid=44133763-1900-0000-3085-2651b00b0000 pid=2992 /usr/bin/wget net send-data write-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=44133763-1900-0000-3085-2651b00b0000 pid=2992 execve guuid=89f9a267-1900-0000-3085-2651bc0b0000 pid=3004 /usr/bin/wget net send-data write-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=89f9a267-1900-0000-3085-2651bc0b0000 pid=3004 execve guuid=d3510b6c-1900-0000-3085-2651c40b0000 pid=3012 /usr/bin/wget net send-data write-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=d3510b6c-1900-0000-3085-2651c40b0000 pid=3012 execve guuid=08aa4570-1900-0000-3085-2651cd0b0000 pid=3021 /usr/bin/wget net send-data write-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=08aa4570-1900-0000-3085-2651cd0b0000 pid=3021 execve guuid=fe2d5c74-1900-0000-3085-2651dc0b0000 pid=3036 /usr/bin/wget net send-data write-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=fe2d5c74-1900-0000-3085-2651dc0b0000 pid=3036 execve guuid=bd841479-1900-0000-3085-2651eb0b0000 pid=3051 /usr/bin/wget net send-data write-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=bd841479-1900-0000-3085-2651eb0b0000 pid=3051 execve guuid=fde1ac7d-1900-0000-3085-2651fc0b0000 pid=3068 /usr/bin/wget net send-data write-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=fde1ac7d-1900-0000-3085-2651fc0b0000 pid=3068 execve guuid=b4fc4082-1900-0000-3085-2651090c0000 pid=3081 /usr/bin/wget net send-data guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=b4fc4082-1900-0000-3085-2651090c0000 pid=3081 execve guuid=d966e884-1900-0000-3085-2651140c0000 pid=3092 /usr/bin/chmod guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=d966e884-1900-0000-3085-2651140c0000 pid=3092 execve guuid=59834e85-1900-0000-3085-2651160c0000 pid=3094 /usr/bin/bash guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=59834e85-1900-0000-3085-2651160c0000 pid=3094 clone guuid=8619b286-1900-0000-3085-26511a0c0000 pid=3098 /usr/bin/rm delete-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=8619b286-1900-0000-3085-26511a0c0000 pid=3098 execve guuid=58982e87-1900-0000-3085-26511d0c0000 pid=3101 /usr/bin/bash guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=58982e87-1900-0000-3085-26511d0c0000 pid=3101 clone guuid=6840ff87-1900-0000-3085-2651210c0000 pid=3105 /usr/bin/rm delete-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=6840ff87-1900-0000-3085-2651210c0000 pid=3105 execve guuid=17704d88-1900-0000-3085-2651240c0000 pid=3108 /usr/bin/bash guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=17704d88-1900-0000-3085-2651240c0000 pid=3108 clone guuid=b6d71589-1900-0000-3085-2651280c0000 pid=3112 /usr/bin/rm delete-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=b6d71589-1900-0000-3085-2651280c0000 pid=3112 execve guuid=8f747c89-1900-0000-3085-26512a0c0000 pid=3114 /usr/bin/bash guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=8f747c89-1900-0000-3085-26512a0c0000 pid=3114 clone guuid=47d53d8a-1900-0000-3085-26512d0c0000 pid=3117 /usr/bin/rm delete-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=47d53d8a-1900-0000-3085-26512d0c0000 pid=3117 execve guuid=8401ac8a-1900-0000-3085-26512f0c0000 pid=3119 /usr/bin/bash guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=8401ac8a-1900-0000-3085-26512f0c0000 pid=3119 clone guuid=9d58cc8b-1900-0000-3085-2651310c0000 pid=3121 /usr/bin/rm delete-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=9d58cc8b-1900-0000-3085-2651310c0000 pid=3121 execve guuid=4f20338c-1900-0000-3085-2651320c0000 pid=3122 /usr/bin/bash guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=4f20338c-1900-0000-3085-2651320c0000 pid=3122 clone guuid=6c1d218d-1900-0000-3085-2651370c0000 pid=3127 /usr/bin/rm delete-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=6c1d218d-1900-0000-3085-2651370c0000 pid=3127 execve guuid=acf2a48d-1900-0000-3085-2651390c0000 pid=3129 /usr/bin/bash guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=acf2a48d-1900-0000-3085-2651390c0000 pid=3129 clone guuid=8c4ebb8e-1900-0000-3085-26513d0c0000 pid=3133 /usr/bin/rm delete-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=8c4ebb8e-1900-0000-3085-26513d0c0000 pid=3133 execve guuid=818e118f-1900-0000-3085-26513f0c0000 pid=3135 /usr/bin/bash guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=818e118f-1900-0000-3085-26513f0c0000 pid=3135 clone guuid=afa8e68f-1900-0000-3085-2651430c0000 pid=3139 /usr/bin/rm delete-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=afa8e68f-1900-0000-3085-2651430c0000 pid=3139 execve guuid=0f676290-1900-0000-3085-2651450c0000 pid=3141 /tmp/mips.armageddon net guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=0f676290-1900-0000-3085-2651450c0000 pid=3141 execve guuid=ec266391-1900-0000-3085-26514a0c0000 pid=3146 /usr/bin/rm delete-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=ec266391-1900-0000-3085-26514a0c0000 pid=3146 execve guuid=301bc291-1900-0000-3085-26514c0c0000 pid=3148 /tmp/mipsel.armageddon net guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=301bc291-1900-0000-3085-26514c0c0000 pid=3148 execve guuid=e7112893-1900-0000-3085-2651510c0000 pid=3153 /usr/bin/rm delete-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=e7112893-1900-0000-3085-2651510c0000 pid=3153 execve guuid=9d759693-1900-0000-3085-2651530c0000 pid=3155 /usr/bin/bash guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=9d759693-1900-0000-3085-2651530c0000 pid=3155 clone guuid=56555495-1900-0000-3085-2651580c0000 pid=3160 /usr/bin/rm delete-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=56555495-1900-0000-3085-2651580c0000 pid=3160 execve guuid=f4d59e95-1900-0000-3085-26515a0c0000 pid=3162 /tmp/powerpc440.armageddon net guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=f4d59e95-1900-0000-3085-26515a0c0000 pid=3162 execve guuid=836fd495-1900-0000-3085-26515d0c0000 pid=3165 /usr/bin/rm delete-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=836fd495-1900-0000-3085-26515d0c0000 pid=3165 execve guuid=c75b1696-1900-0000-3085-26515f0c0000 pid=3167 /usr/bin/bash guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=c75b1696-1900-0000-3085-26515f0c0000 pid=3167 clone guuid=9903bd96-1900-0000-3085-2651630c0000 pid=3171 /usr/bin/rm delete-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=9903bd96-1900-0000-3085-2651630c0000 pid=3171 execve guuid=8e3a2097-1900-0000-3085-2651650c0000 pid=3173 /usr/bin/bash guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=8e3a2097-1900-0000-3085-2651650c0000 pid=3173 clone guuid=13b55d98-1900-0000-3085-26516a0c0000 pid=3178 /usr/bin/rm delete-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=13b55d98-1900-0000-3085-26516a0c0000 pid=3178 execve guuid=10eabb98-1900-0000-3085-26516d0c0000 pid=3181 /usr/bin/bash guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=10eabb98-1900-0000-3085-26516d0c0000 pid=3181 clone guuid=95577899-1900-0000-3085-2651710c0000 pid=3185 /usr/bin/rm delete-file guuid=eb92083e-1900-0000-3085-2651640b0000 pid=2916->guuid=95577899-1900-0000-3085-2651710c0000 pid=3185 execve 4839292f-63b7-5ffe-8096-580a50408749 64.188.66.82:80 guuid=f2b58b3e-1900-0000-3085-2651660b0000 pid=2918->4839292f-63b7-5ffe-8096-580a50408749 send: 142B guuid=37b02a43-1900-0000-3085-26516d0b0000 pid=2925->4839292f-63b7-5ffe-8096-580a50408749 send: 144B guuid=8357f946-1900-0000-3085-2651740b0000 pid=2932->4839292f-63b7-5ffe-8096-580a50408749 send: 141B guuid=42e15c4c-1900-0000-3085-26517d0b0000 pid=2941->4839292f-63b7-5ffe-8096-580a50408749 send: 144B guuid=56392551-1900-0000-3085-2651880b0000 pid=2952->4839292f-63b7-5ffe-8096-580a50408749 send: 144B guuid=a40a3555-1900-0000-3085-2651930b0000 pid=2963->4839292f-63b7-5ffe-8096-580a50408749 send: 142B guuid=d8af2859-1900-0000-3085-26519b0b0000 pid=2971->4839292f-63b7-5ffe-8096-580a50408749 send: 145B guuid=b5b3ea5c-1900-0000-3085-2651a80b0000 pid=2984->4839292f-63b7-5ffe-8096-580a50408749 send: 142B guuid=44133763-1900-0000-3085-2651b00b0000 pid=2992->4839292f-63b7-5ffe-8096-580a50408749 send: 142B guuid=89f9a267-1900-0000-3085-2651bc0b0000 pid=3004->4839292f-63b7-5ffe-8096-580a50408749 send: 144B guuid=d3510b6c-1900-0000-3085-2651c40b0000 pid=3012->4839292f-63b7-5ffe-8096-580a50408749 send: 144B guuid=08aa4570-1900-0000-3085-2651cd0b0000 pid=3021->4839292f-63b7-5ffe-8096-580a50408749 send: 144B guuid=fe2d5c74-1900-0000-3085-2651dc0b0000 pid=3036->4839292f-63b7-5ffe-8096-580a50408749 send: 143B guuid=bd841479-1900-0000-3085-2651eb0b0000 pid=3051->4839292f-63b7-5ffe-8096-580a50408749 send: 141B guuid=fde1ac7d-1900-0000-3085-2651fc0b0000 pid=3068->4839292f-63b7-5ffe-8096-580a50408749 send: 148B guuid=b4fc4082-1900-0000-3085-2651090c0000 pid=3081->4839292f-63b7-5ffe-8096-580a50408749 send: 142B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=0f676290-1900-0000-3085-2651450c0000 pid=3141->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=908d4891-1900-0000-3085-2651480c0000 pid=3144 /tmp/mips.armageddon guuid=0f676290-1900-0000-3085-2651450c0000 pid=3141->guuid=908d4891-1900-0000-3085-2651480c0000 pid=3144 clone guuid=649b5391-1900-0000-3085-2651490c0000 pid=3145 /tmp/mips.armageddon net zombie guuid=908d4891-1900-0000-3085-2651480c0000 pid=3144->guuid=649b5391-1900-0000-3085-2651490c0000 pid=3145 clone edf65221-7e5c-53a7-abd1-a02b33c77871 127.0.0.1:839 guuid=649b5391-1900-0000-3085-2651490c0000 pid=3145->edf65221-7e5c-53a7-abd1-a02b33c77871 con guuid=301bc291-1900-0000-3085-26514c0c0000 pid=3148->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9b240a93-1900-0000-3085-26514f0c0000 pid=3151 /tmp/mipsel.armageddon guuid=301bc291-1900-0000-3085-26514c0c0000 pid=3148->guuid=9b240a93-1900-0000-3085-26514f0c0000 pid=3151 clone guuid=b09d1393-1900-0000-3085-2651500c0000 pid=3152 /tmp/mipsel.armageddon net zombie guuid=9b240a93-1900-0000-3085-26514f0c0000 pid=3151->guuid=b09d1393-1900-0000-3085-2651500c0000 pid=3152 clone guuid=b09d1393-1900-0000-3085-2651500c0000 pid=3152->edf65221-7e5c-53a7-abd1-a02b33c77871 con guuid=f4d59e95-1900-0000-3085-26515a0c0000 pid=3162->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=f2d4c095-1900-0000-3085-26515b0c0000 pid=3163 /tmp/powerpc440.armageddon guuid=f4d59e95-1900-0000-3085-26515a0c0000 pid=3162->guuid=f2d4c095-1900-0000-3085-26515b0c0000 pid=3163 clone guuid=c627c695-1900-0000-3085-26515c0c0000 pid=3164 /tmp/powerpc440.armageddon net zombie guuid=f2d4c095-1900-0000-3085-26515b0c0000 pid=3163->guuid=c627c695-1900-0000-3085-26515c0c0000 pid=3164 clone guuid=c627c695-1900-0000-3085-26515c0c0000 pid=3164->edf65221-7e5c-53a7-abd1-a02b33c77871 con
Score:
95%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/0260e5bed704a0ae0007c4bd1c0d3927f3295e40e63678e419b8ba95308e2679
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0260e5bed704a0ae0007c4bd1c0d3927f3295e40e63678e419b8ba95308e2679/
Verdict:
Malicious
Threat:
Family.GAFGYT
Link:
https://tip.neiki.dev/file/0260e5bed704a0ae0007c4bd1c0d3927f3295e40e63678e419b8ba95308e2679
Threat name:
Linux.Trojan.Vigorf
Create hunting rule
Status:
Malicious
First seen:
2026-02-17 18:11:45 UTC
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ajqolpwxasqk4aahys6rydjze7zssxsa4y3hrzazxc5jkmeoez4q._file
Result
Malware family:
gafgyt
Create hunting rule
Score:
  10/10
Tags:
family:gafgyt botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/260217-v2verafw6d/
Behaviour
System Network Configuration Discovery
Writes file to tmp directory
Reads system network configuration
Reads system routing table
File and Directory Permissions Modification
Executes dropped EXE
Detected Gafgyt variant
Gafgyt family
Gafgyt/Bashlite
Malware Config
C2 Extraction:
127.0.0.1:839
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.37
Link:
https://yomi.yoroi.company/submissions/0260e5bed704a0ae0007c4bd1c0d3927f3295e40e63678e419b8ba95308e2679

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh 0260e5bed704a0ae0007c4bd1c0d3927f3295e40e63678e419b8ba95308e2679

(this sample)

Gafgyt

elf 2c183c1226ff7fb631bcdb92a8566d0d86c20c944ba509595e377fcab9d4002b

  
URLhaus
https://urlhaus.abuse.ch/url/3779729/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e509f03a979975baa3cc18226007b4c0
  
Dropping
SHA256 2c183c1226ff7fb631bcdb92a8566d0d86c20c944ba509595e377fcab9d4002b

Comments