MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d5ee4bf2e2bba27e6af5a5f45846a7175c61f094e6e61a920f042f40889e387. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry



Gafgyt


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments

SHA256 hash: 5d5ee4bf2e2bba27e6af5a5f45846a7175c61f094e6e61a920f042f40889e387
SHA3-384 hash: 508b15dac6acfe96a8cae3bd4b6321110c96030412e50b30c64636ffc0f60a4c3f7d4a39d5badfb1f1e48731d04a780a
SHA1 hash: e422c95289c707e24a9c4adc34aff1d536e8de9a
MD5 hash: 2e3f525550b853a6deabdc7f0b8cc6b3
humanhash: saturn-music-fourteen-march
File name:gig.sh
Download: download sample
Signature Gafgyt
File size:220 bytes
First seen:2025-01-21 02:06:53 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:L2UiMwWcqR6WgrVFGBzSEyLTUWlM4oq8Ui9WFKV2UiMwWcqR6Wgr88BzSE8eU4YA:LFwBWgreIuZq7FgFwBWgrfJYsZqC
TLSH T143D0C7C90893360055499CD73576833E5586C7CC515F0FDE5DC80525AE4C755F490B11
Magika shell
Reporter abuse_ch
Tags:gafgyt sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.143.1.54/mips4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74 Gafgyt501 censys elf gafgyt mirai ua-wget
http://193.143.1.54/mpsl18c99e6db38118a4d50a0bca8dd475f700d3ff172a73fb6a48bdd599d4abae95 Gafgyt501 censys elf gafgyt mirai ua-wget

Intelligence


File Origin
# of uploads :
1
# of downloads :
97
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox
Result
Verdict:
UNKNOWN
Threat name:
Script-Shell.Browser.Tsunami
Status:
Malicious
First seen:
2025-01-21 05:13:23 UTC
AV detection:
6 of 38 (15.79%)
Threat level:
  4/5
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.

File information


The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh 5d5ee4bf2e2bba27e6af5a5f45846a7175c61f094e6e61a920f042f40889e387

(this sample)

Comments