MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0723e82ec096c58bb36a9bcb8c3523d48d5b273232f79c8fdf573fb10d1bef24. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0723e82ec096c58bb36a9bcb8c3523d48d5b273232f79c8fdf573fb10d1bef24
SHA3-384 hash: 2f9ff38ae729b93bef36bad802a56557edc8c1053ae2012fb049778390bd4a040f6cfe67a1859481247ed4bde6587d99
SHA1 hash: 58a14b08f6e11d1d3aa0ad35da9564ffed9bd022
MD5 hash: 93d1210b3d3e990f7e928787e59c9e28
humanhash: wyoming-sink-beryllium-tennessee
File name:NPD4
Download: download sample
Signature Gafgyt
Create hunting rule
File size:79'176 bytes
First seen:2026-04-30 20:37:20 UTC
Last seen:Never
File type: elf
MIME type:application/x-sharedlib
ssdeep 1536:GFMmB5TKh4v1V+e6Hfv2i546L1xZyhA7kM9PYE:GF/eh4tVx6pe6RxScPY
TLSH T177731808FD63C1F6F64344B4416A5F505F709C2BB0E3D6A2FF446B629936716AF18A2C
telfhash t1dd1110a042c0ae49daf8c9a2e3fdf3200c68c4b638853b6135d458ac4c67cc8b034f7a
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf gafgyt

Intelligence

File Origin
# of uploads :
1
# of downloads :
114
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Result
Verdict:
Malware
Maliciousness:

Behaviour
Connection attempt
Kills processes
Sends data to a server
Receives data from a server
Runs as daemon
Substitutes an application name
Deleting of the original file
Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
gcc rust
Link:
https://www.filescan.io/uploads/69f3bdbedf14f1cb2ac70102/reports/e0e46fc2-f2b3-4a59-bca8-06057fd256f1/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
x86
Packer:
UPX
Botnet:
unknown
Number of open files:
46
Number of processes launched:
1
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/0723e82ec096c58bb36a9bcb8c3523d48d5b273232f79c8fdf573fb10d1bef24
Behaviour
Information Gathering
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2026-04-30T18:22:00Z UTC
Last seen:
2026-05-02T17:15:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/0723e82ec096c58bb36a9bcb8c3523d48d5b273232f79c8fdf573fb10d1bef24/results?tab=lookup
Malware family:
Gafgyt
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/1fd75149-fa39-47e1-a973-3926a10c0185
Result
Threat name:
n/a
Detection:
malicious
Classification:
spre.troj.evad
Score:
52 / 100
Link:
https://www.joesandbox.com/analysis/1907056
Signature
Connects to many ports of the same IP (likely port scanning)
Sample deletes itself
Sample tries to kill multiple processes (SIGKILL)
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1907056 Sample: NPD4.elf Startdate: 30/04/2026 Architecture: LINUX Score: 52 28 45.148.120.78, 23459, 52702 SKB-ENTERPRISENL Netherlands 2->28 30 5.231.70.61, 48274, 56238 ASGHOSTNETDE Germany 2->30 32 Connects to many ports of the same IP (likely port scanning) 2->32 9 NPD4.elf 2->9         started        12 xfce4-panel wrapper-2.0 2->12         started        14 xfce4-panel wrapper-2.0 2->14         started        16 4 other processes 2->16 signatures3 process4 signatures5 40 Sample tries to kill multiple processes (SIGKILL) 9->40 18 NPD4.elf 9->18         started        process6 process7 20 NPD4.elf 18->20         started        signatures8 34 Sample tries to kill multiple processes (SIGKILL) 20->34 23 NPD4.elf 20->23         started        26 NPD4.elf 20->26         started        process9 signatures10 36 Sample tries to kill multiple processes (SIGKILL) 23->36 38 Sample deletes itself 23->38
Score:
91%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/0723e82ec096c58bb36a9bcb8c3523d48d5b273232f79c8fdf573fb10d1bef24
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0723e82ec096c58bb36a9bcb8c3523d48d5b273232f79c8fdf573fb10d1bef24/
Threat name:
Linux.Backdoor.Generic
Create hunting rule
Status:
Suspicious
First seen:
2026-04-30 20:38:41 UTC
File Type:
ELF32 Little (SO)
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=a4r6qlwas3cyxm3ktpfyynjd2sgvwjzsgl3zzd67k473cdi354sa._file
Result
Malware family:
n/a
Score:
  7/10
Tags:
discovery linux
Link:
https://tria.ge/reports/260430-zewrhsd14r/
Behaviour
Reads runtime system information
Changes its process name
Enumerates running processes
Deletes itself
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/0723e82ec096c58bb36a9bcb8c3523d48d5b273232f79c8fdf573fb10d1bef24

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

elf 0723e82ec096c58bb36a9bcb8c3523d48d5b273232f79c8fdf573fb10d1bef24

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3835733/
  
Delivery method
Distributed via web download

Comments