MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 595aef3562d7599de9ff889b7793282596f8d7c4c3d5632e9c9021561b438962. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 595aef3562d7599de9ff889b7793282596f8d7c4c3d5632e9c9021561b438962
SHA3-384 hash: 7b1d077ea7a01dbe4186e5b3efbbd9e6b56582c2494226e8bb5c03b4e3c2197afcb84f59f117be63113f321440e0f176
SHA1 hash: 58e929a55fb65c3c420bc9a7dda7f6ababfcd504
MD5 hash: 601fbdd309c0a288ec990607d4cb769f
humanhash: oscar-vermont-chicken-six
File name:fx
Download: download sample
Signature Gafgyt
Create hunting rule
File size:181 bytes
First seen:2024-12-25 11:16:06 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:L6F0FSXRDxnmGBzSEyLTUWZgPwGc6FGtFSCAjRDxnA3GN3zSICLKiZszvn:L6F0oXRD7IMzc6FG3GjRDga0LKiZ4n
TLSH T171C012D6799635C38028FD456577DE5E20A3C2992943EB585E9A203CD85855470509C9
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://zushiapi.online/mips4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74 Gafgytelf gafgyt mirai
http://zushiapi.online/arm7d2ea0eed1f82458ed76a956ca3fd1f72d1c1e29b40a6118d1e5f1e6d78418077 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
90
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
84.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676bf0b88a4d48ee35ff41cflinux22vpnfull_triage
Tags:
malware
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug evasive
Link:
https://www.filescan.io/uploads/676be9af0dd45a148a40238d/reports/a7ef85db-f0a8-4297-b668-43497684e239/overview
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Shell
Link:
https://www.hybrid-analysis.com/sample/595aef3562d7599de9ff889b7793282596f8d7c4c3d5632e9c9021561b438962
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/595aef3562d7599de9ff889b7793282596f8d7c4c3d5632e9c9021561b438962
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/595aef3562d7599de9ff889b7793282596f8d7c4c3d5632e9c9021561b438962/
Threat name:
Script.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2024-12-25 11:22:13 UTC
File Type:
Text (Shell)
AV detection:
5 of 23 (21.74%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lfno6nlc25mz32p7rcnxpeziewlprv6eypkwglu4saqvmg2drfra._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/241225-nxvrdsspaq/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/595aef3562d7599de9ff889b7793282596f8d7c4c3d5632e9c9021561b438962

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh 595aef3562d7599de9ff889b7793282596f8d7c4c3d5632e9c9021561b438962

(this sample)

Gafgyt

elf 4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74

  
URLhaus
https://urlhaus.abuse.ch/url/3376029/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ebaf6768ac8705e48d2403468bf8df74
  
Dropping
SHA256 4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74

Comments