MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 31634c4474561da7783a19b9146ac8a2c851562bb06f2a37047114f81518c898. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 31634c4474561da7783a19b9146ac8a2c851562bb06f2a37047114f81518c898
SHA3-384 hash: a85808cae7611215d5e41fa5206b671b6e829805e41ae991887a1b2270361304c060e8467797b9b156122f4fad1ed567
SHA1 hash: b2f78452fc6f6e7a7fff53cbe4eb8fff46f2d6c4
MD5 hash: 19bed1d804cf897f4865db7a98754857
humanhash: seven-winner-chicken-shade
File name:1.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:2'712 bytes
First seen:2025-07-19 12:54:38 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:U1dAdOP1deMdelX1dydY1dFdS1dYudYntr1deRde2S1dvcvdvMf1dvBdv11i1dvT:UrkOPre4elXr2YrbSrv2rre/e2SrvcVh
TLSH T19851B7854DC380BAAC759F33F96986A4399DE0C7B8D0AD6654EC3CF5404EE046C5AE93
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.66.32/HBTs/top1miku.i586ebac11af23f5d447139124bffa1c56429adf2132ea21eba3aed21ecad2423720 Miraielf mirai ua-wget x86
http://196.251.66.32/HBTs/top1miku.mipsa77e7186ad2e7b858f23a9f1d3d5d6365481fcf8bf212a6d49b50ba9f9ae046f Gafgytelf gafgyt mirai ua-wget
http://196.251.66.32/HBTs/top1miku.arca6ead5ecc5a093af2dd8f9cd7b44db97a3077e888ed6fed6598a68ecad756df0 Miraielf mirai
http://196.251.66.32/HBTs/top1miku.i686386ed38648148fb805047a802ac6c25485bee146667b0a7f0940b388630a0285 Miraielf mirai
http://196.251.66.32/HBTs/top1miku.x86_64d98f7aaa9e2aa30f86d5f7c88bc2e895bee6adeebc6d87a904bd28e6f9e01810 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.mipsel2278610b46274d256bef90a582804de656311472aedbb00c1e61a7ce801468f9 Gafgytelf gafgyt mips ua-wget
http://196.251.66.32/HBTs/top1miku.armv4l61074be715c8549eedb1ff4e8f61f3b2ba72918f588b81f33cf285ce1cee3034 Miraiarm elf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.armv5lcff95b9961ac1757bcba78d775bf142fb4c9134327f823d63a6f26704be7805e Miraiarm elf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.armv6l2b4fed8258475b2cb9a33688c0755df646c6473ddac66e7f2d27998f367778e6 Miraiarm elf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.armv7l4764a1efb1dda2cc50f294de2884f1a67b68acbcf6d3fdb168c26ae59b599028 Miraiarm elf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.powerpcbeaa0f74467ee44b441389fb674657e93bdb4080452567fb4f7874de7a3b783a Gafgytelf gafgyt PowerPC ua-wget
http://196.251.66.32/HBTs/top1miku.powerpc-440fpd96fad84bf788894b5dc3f65a09a1c83226fc2b0004dba49065378f42131cc81 Miraielf mirai PowerPC ua-wget
http://196.251.66.32/HBTs/top1miku.m68keb6913d816c810b0846bc7bf8dd6a19152cf078b0e4ddac040eda89ae0de8ac1 Miraielf mirai ua-wget
http://196.251.66.32/HBTs/top1miku.sh4b3f1e7014dfba66c06190cfa803ea2dc947f59a0b6f437f3ec6f9263b34cb4a0 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/31634c4474561da7783a19b9146ac8a2c851562bb06f2a37047114f81518c898
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/31634c4474561da7783a19b9146ac8a2c851562bb06f2a37047114f81518c898/
Verdict:
Malicious
Threat:
Linux.Downloader.Medusa
Link:
https://tip.neiki.dev/file/31634c4474561da7783a19b9146ac8a2c851562bb06f2a37047114f81518c898
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-07-19 12:55:36 UTC
File Type:
Text (Shell)
AV detection:
14 of 24 (58.33%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gfruyrdukyo2o6b2dg4ri2wiulefcvrlwbxsunyeoekpqfiyzcma._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250719-p52qcafl4z/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/31634c4474561da7783a19b9146ac8a2c851562bb06f2a37047114f81518c898

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh 31634c4474561da7783a19b9146ac8a2c851562bb06f2a37047114f81518c898

(this sample)

Gafgyt

elf a77e7186ad2e7b858f23a9f1d3d5d6365481fcf8bf212a6d49b50ba9f9ae046f

  
URLhaus
https://urlhaus.abuse.ch/url/3583838/
  
Delivery method
Distributed via web download
  
Dropping
MD5 d6a8b80ed6b4b1b267d943c3ff74d438
  
Dropping
SHA256 a77e7186ad2e7b858f23a9f1d3d5d6365481fcf8bf212a6d49b50ba9f9ae046f

Comments