MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 38d795d31c30127d0980a08e26d34dac8fa2cb61eb0de5b0217707f02cdb39e1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 9


Intelligence 9 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 38d795d31c30127d0980a08e26d34dac8fa2cb61eb0de5b0217707f02cdb39e1
SHA3-384 hash: 5d45ef7009527a3975f894429c16bec9f4ec2297eb7d61b892ed81aed5e949db75c85d459054b4d66f9836ca768b9828
SHA1 hash: 6b6b3057148d7285d60bed305aeb77bd5513b636
MD5 hash: 88114dd513f96890241e784ac4b5df77
humanhash: vegan-princess-don-missouri
File name:redis-conteinerd-shim
Download: download sample
Signature Gafgyt
Create hunting rule
File size:130'092 bytes
First seen:2026-04-12 12:47:57 UTC
Last seen:2026-04-12 21:14:22 UTC
File type: elf
MIME type:application/x-executable
ssdeep 1536:129eLx3GENYxga9fXIUgtfIBUOMTcKVcTBRpWrpr7eYyA6nZ9bEUQFkuYAg33NL:1u1ZPgtgiOolUNK5h2UUQmRAkdL
TLSH T109D313C948809D0A5BB416327F7B002F58010D1DB3D86E5BF3B2D9A74659B01BFD9DB2
Magika elf
Reporter BlinkzSec
Tags:gafgyt

Intelligence

File Origin
# of uploads :
2
# of downloads :
81
Origin country :
GB GB
Vendor Threat Intelligence
Malware configuration found for:
Mirai
Details
Mirai
a patched binary
Link:
https://research.acce.ciphertechsolutions.com/results/3dd42ed5-58b2-456a-847e-d47d93af3330/
Result
Verdict:
Malware
Maliciousness:
Gathering data
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
custom
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/38d795d31c30127d0980a08e26d34dac8fa2cb61eb0de5b0217707f02cdb39e1
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Verdict:
Malicious
File Type:
elf.32.le
First seen:
2026-04-12T10:09:00Z UTC
Last seen:
2026-04-13T19:31:00Z UTC
Hits:
~10
Detections:
HEUR:Backdoor.Linux.Mirai.e
Link:
https://opentip.kaspersky.com/38d795d31c30127d0980a08e26d34dac8fa2cb61eb0de5b0217707f02cdb39e1/results?tab=lookup
Verdict:
Suspicious
Link:
https://analyze.intezer.com/analyses/3b5c53d9-9b68-4bfc-8c7e-9dcd769e852e
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/38d795d31c30127d0980a08e26d34dac8fa2cb61eb0de5b0217707f02cdb39e1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/38d795d31c30127d0980a08e26d34dac8fa2cb61eb0de5b0217707f02cdb39e1/
Verdict:
Malicious
Threat:
Family.GAFGYT
Link:
https://tip.neiki.dev/file/38d795d31c30127d0980a08e26d34dac8fa2cb61eb0de5b0217707f02cdb39e1
Threat name:
Linux.Backdoor.Gafgyt
Create hunting rule
Status:
Malicious
First seen:
2026-04-11 13:39:18 UTC
File Type:
ELF32 Little (Exe)
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=hdlzluy4gajh2cmauchcnu2nvsh2fs3b5mg6lmbbo4d7alg3hhqq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/260412-p1vq8set9z/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/38d795d31c30127d0980a08e26d34dac8fa2cb61eb0de5b0217707f02cdb39e1

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:TH_Generic_MassHunt_Linux_Malware_2026_CYFARE
Create hunting rule
Author:CYFARE
Description:Generic Linux malware mass-hunt rule - 2026
Reference:https://cyfare.net/
Rule name:upx_antiunpack_elf32
Create hunting rule
Author:JPCERT/CC Incident Response Group
Description:UPX Anti-Unpacking technique to magic renamed for ELF32

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

elf 38d795d31c30127d0980a08e26d34dac8fa2cb61eb0de5b0217707f02cdb39e1

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3816965/
  
Delivery method
Distributed via web download

Comments