MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4d5d0d74a232b8ce3417432fa141cc81dba885b6abc712caca4efe136978a8be. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 4


Intelligence 4 IOCs YARA 2 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 4d5d0d74a232b8ce3417432fa141cc81dba885b6abc712caca4efe136978a8be
SHA3-384 hash: a3fca34aee72fef3f60da87ecbbd18e0bd1eded374e279d2f01482cf607dfee16b8ac2f3562fd27fae792358da9e00b1
SHA1 hash: af05e4ad2b8bd74f1380a4ce89327ac644dab7c6
MD5 hash: 1b7f7f5003b11938120666307d38f0e7
humanhash: mobile-twelve-white-jupiter
File name:1b7f7f5003b11938120666307d38f0e7
Download: download sample
Signature Gafgyt
Create hunting rule
File size:90'723 bytes
First seen:2021-09-13 10:17:30 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 1536:5cEN6Ts8ZsmkGgGuQm+SE4lyI9afAhWydYg4FkSTmQ9VqXjewf2Le:OU6Tvs2gbTc3fAhWydYBSmmQ9VqXywfx
TLSH T1B7930793B801EFB7F40ED77644D34B247630BBA24A532636721739A6AE322C43826F45
telfhash t15411cc5271fa895d2bf649249cbc43b4265026237392beb5bf0dc6d05937002b979e8f
Reporter zbetcheckin
Tags:32 elf gafgyt motorola

Intelligence

File Origin
# of uploads :
1
# of downloads :
98
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Siggen.2205.UNOFFICIAL
Create hunting rule

Unix.Dropper.Mirai-7139232-0
Create hunting rule

Unix.Trojan.Gafgyt-7643791-0
Create hunting rule

Unix.Trojan.Gafgyt-7782058-0
Create hunting rule

Unix.Trojan.Gafgyt-7785026-0
Create hunting rule

Verdict:
Unknown
Threat level:
  0/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/61750026db358dd15ed91904/reports/69a2df51-eb76-422b-b494-42f7d496f49e/overview
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/b2221551-870e-49dd-a843-351ea8fdd6a6
Result
Threat name:
Unknown
Detection:
malicious
Classification:
spre
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/849674
Signature
Contains symbols with names commonly found in malware
Multi AV Scanner detection for submitted file
Opens /proc/net/* files useful for finding connected devices and routers
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/4d5d0d74a232b8ce3417432fa141cc81dba885b6abc712caca4efe136978a8be/
Threat name:
Linux.Trojan.Gafgyt
Create hunting rule
Status:
Malicious
First seen:
2021-09-13 10:18:19 UTC
AV detection:
17 of 28 (60.71%)
Threat level:
  5/5
Result
Malware family:
gafgyt
Create hunting rule
Score:
  10/10
Tags:
family:gafgyt linux
Link:
https://tria.ge/reports/210913-mbzmsagedn/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.20
Link:
https://yomi.yoroi.company/submissions/4d5d0d74a232b8ce3417432fa141cc81dba885b6abc712caca4efe136978a8be

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:linux_generic_ipv6_catcher
Create hunting rule
Author:@_lubiedo
Description:ELF samples using IPv6 addresses
Rule name:unixredflags3
Create hunting rule
Author:Tim Brown @timb_machine
Description:Hunts for UNIX red flags

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

elf 4d5d0d74a232b8ce3417432fa141cc81dba885b6abc712caca4efe136978a8be

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1615699/

Comments


Avatar
zbet commented on 2021-09-13 10:17:31 UTC

url : hxxp://46.243.187.18/i-5.8-6.SNOOPY