MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 460b71258fb182ed9bf11b46c715bface5936b93cf8a363e16fa984ccb27f6ce. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 460b71258fb182ed9bf11b46c715bface5936b93cf8a363e16fa984ccb27f6ce
SHA3-384 hash: 68808e5c35a00f331265f241510db7a89ec7da568debc8d2c194d3ac17bb200ab9800cd9085b07013ef7ee3664287b08
SHA1 hash: e91ca9fbde3375d4e3cd714a7f3d23d27b1c18e3
MD5 hash: 3f3426639e9abb42a1a527fe6ef1f766
humanhash: fix-winner-seventeen-vermont
File name:Sakura.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:2'204 bytes
First seen:2026-02-26 17:40:37 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:DKchD8tKF+DPBIkNIwIk0kshAIzoUgIVBoG1mAgKtBW1VJ8VI1tcxGP:DKID8tKIDPBIkNI5ZlzFLB4VJFz
TLSH T1A24160CE01650BFB2E83C832B3B486C0F499A1C194D45F17A6D97CA1A5BFCDC7845B92
TrID 70.0% (.SH) Linux/UNIX shell script (7000/1)
30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://51.81.104.118/m-i.p-s.Sakuran/an/amirai opendir
http://51.81.104.118/m-i.p-s-e-l.Sakuran/an/amirai opendir
http://51.81.104.118/s-h.4-.Sakura2e0183700c7ff0bcad08f28c20f9c840dbcbf662b7f4949727ecd81f09eb510f Gafgytmirai opendir
http://51.81.104.118/x-8.6-.Sakurada1a17681484368a877e61257c05270dc973b0f4b5f0df51f8c86ea86b4cc441 Miraimirai opendir
http://51.81.104.118/a-r.m-6.Sakura53cb232339cee26a7c722e750a5a61ed41f6661f9d12311e840e75f512a7b3a1 Gafgytgafgyt mirai opendir
http://51.81.104.118/i-6.8.6.Sakuracc13a35938adac0591d7b2d1a70f0490dec2e8217582ce4c46f9e511b1a42f58 Gafgytmirai opendir
http://51.81.104.118/p-p.c-.Sakuradab42df539c467b4c0297afc62fca5d7ffff43247540c9d8f32ae1e26a2b701d Miraimirai opendir
http://51.81.104.118/a-r.m-4.Sakuraf10701603f0c51366540cb6b4a1de70a049da52e6837064dfb460bbdc34dbed3 Gafgytmirai opendir
http://51.81.104.118/a-r.m-5.Sakura45dec729f20333a0cdefb8d49561e5282eb796adc542817b477c7666d6e2f14f Gafgytgafgyt mirai opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
69
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
File Type:
unix shell
Detections:
HEUR:Trojan-Downloader.Shell.Agent.p HEUR:Trojan-Downloader.Shell.Agent.a
Link:
https://opentip.kaspersky.com/460b71258fb182ed9bf11b46c715bface5936b93cf8a363e16fa984ccb27f6ce/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/460b71258fb182ed9bf11b46c715bface5936b93cf8a363e16fa984ccb27f6ce
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/460b71258fb182ed9bf11b46c715bface5936b93cf8a363e16fa984ccb27f6ce/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/460b71258fb182ed9bf11b46c715bface5936b93cf8a363e16fa984ccb27f6ce
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2026-02-26 17:41:29 UTC
File Type:
Text (Shell)
AV detection:
17 of 36 (47.22%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=iyfxcjmpwgbo3g7rdndmofn7vtszg24tz6fdmpqw7kmezszh63ha._file
Result
Malware family:
gafgyt
Create hunting rule
Score:
  10/10
Tags:
family:gafgyt botnet defense_evasion discovery linux
Link:
https://tria.ge/reports/260226-v9kwaaat8e/
Behaviour
Writes file to tmp directory
Reads system network configuration
Reads system routing table
File and Directory Permissions Modification
Executes dropped EXE
Detected Gafgyt variant
Gafgyt family
Gafgyt/Bashlite
Malware Config
C2 Extraction:
212.104.141.101:606
Malware family:
Gafgyt
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/460b71258fb1/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/460b71258fb182ed9bf11b46c715bface5936b93cf8a363e16fa984ccb27f6ce

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh 460b71258fb182ed9bf11b46c715bface5936b93cf8a363e16fa984ccb27f6ce

(this sample)

Gafgyt

elf 2e0183700c7ff0bcad08f28c20f9c840dbcbf662b7f4949727ecd81f09eb510f

  
URLhaus
https://urlhaus.abuse.ch/url/3786376/
  
Delivery method
Distributed via web download
  
Dropping
MD5 13239b65fd7534f756945a8078b98dd8
  
Dropping
SHA256 2e0183700c7ff0bcad08f28c20f9c840dbcbf662b7f4949727ecd81f09eb510f
  
URLhaus
https://urlhaus.abuse.ch/url/3786385/

Comments