MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 3d6f84963eeae5f01068d8fa7d5370aeaab3fffa5b1d23f15ad6f329fdf44c7b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Gafgyt

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments

SHA256 hash:	3d6f84963eeae5f01068d8fa7d5370aeaab3fffa5b1d23f15ad6f329fdf44c7b
SHA3-384 hash:	748fdf3e3de699df508d9b9d17e817e126194318c1791dd7f63ab0fc37ab7e58ebc646c1eb58f77fc0bdc3a468bedb19
SHA1 hash:	5f3a30ec312dc78a37d1531c2e5be9def82be100
MD5 hash:	48d3ddba68a021225a90eb074977980e
humanhash:	maine-oxygen-mexico-item
File name:	arm-20240414-1250
Download:	download sample
Signature	Gafgyt Create hunting rule
File size:	1'224 bytes
First seen:	2024-04-14 12:50:05 UTC
Last seen:	2024-04-14 13:25:34 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	24:o8FpVVP9qD0at6esf6OolFSw0/cvMnqFZUqIkOl+9grNb4Gy:o8HFqDPttshwFSwRnIkKlrNDy
TLSH	T16021EBA65BD21C27CCA00737DC9A4710A322EF84A4DDFA13E72212210D2F3591F2A685
telfhash	t1e4900291a64f99d162501a1dc0482101cdb0d05701513d9005d54c401c816007021161
TrID	50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Reporter	elfdigest
Tags:	gafgyt

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

Vendor Threat Intelligence

Result

Verdict:

Malware

Maliciousness:

Verdict:

Unknown

Threat level:

0/10

Confidence:

100%

Tags:

anti-debug

Link:

https://www.filescan.io/uploads/661bd1364237b7a997bd4f1e/reports/64308560-bb87-4006-89b6-314c3d721863/overview

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

arm

Packer:

not packed

Botnet:

103.237.86.195

Number of open files:

Number of processes launched:

Processes remaning?

false

Remote TCP ports scanned:

not identified

Full report:

https://elfdigest.com/brief/3d6f84963eeae5f01068d8fa7d5370aeaab3fffa5b1d23f15ad6f329fdf44c7b

Behaviour

no suspicious findings

Botnet C2s

TCP botnet C2(s):

not identified

UDP botnet C2(s):

not identified

Result

Verdict:

MALICIOUS

Malware family:

Gafgyt

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b3cd19d1-2170-49f7-8482-6932e86e84c2

Result

Threat name:

n/a

Detection:

malicious

Classification:

n/a

Score:

48 / 100

Link:

https://www.joesandbox.com/analysis/1425748

Signature

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/3d6f84963eeae5f01068d8fa7d5370aeaab3fffa5b1d23f15ad6f329fdf44c7b

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/3d6f84963eeae5f01068d8fa7d5370aeaab3fffa5b1d23f15ad6f329fdf44c7b/

Threat name:

Linux.Trojan.Multiverze

Status:

Malicious

First seen:

2024-04-14 12:51:04 UTC

File Type:

ELF32 Little (Exe)

AV detection:

15 of 23 (65.22%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=hvxyjfr65ls7aedi3d5h2u3qv2vlh772lmosh4k223zst7pujr5q._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/240414-p3gmdsgg22/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/3d6f84963eeae5f01068d8fa7d5370aeaab3fffa5b1d23f15ad6f329fdf44c7b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

elf 3d6f84963eeae5f01068d8fa7d5370aeaab3fffa5b1d23f15ad6f329fdf44c7b

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/2789103/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample