MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d5ee4bf2e2bba27e6af5a5f45846a7175c61f094e6e61a920f042f40889e387. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d5ee4bf2e2bba27e6af5a5f45846a7175c61f094e6e61a920f042f40889e387
SHA3-384 hash: 508b15dac6acfe96a8cae3bd4b6321110c96030412e50b30c64636ffc0f60a4c3f7d4a39d5badfb1f1e48731d04a780a
SHA1 hash: e422c95289c707e24a9c4adc34aff1d536e8de9a
MD5 hash: 2e3f525550b853a6deabdc7f0b8cc6b3
humanhash: saturn-music-fourteen-march
File name:gig.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:220 bytes
First seen:2025-01-21 02:06:53 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:L2UiMwWcqR6WgrVFGBzSEyLTUWlM4oq8Ui9WFKV2UiMwWcqR6Wgr88BzSE8eU4YA:LFwBWgreIuZq7FgFwBWgrfJYsZqC
TLSH T143D0C7C90893360055499CD73576833E5586C7CC515F0FDE5DC80525AE4C755F490B11
Magika shell
Reporter abuse_ch
Tags:gafgyt sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.143.1.54/mips4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74 Gafgyt501 censys elf gafgyt mirai ua-wget
http://193.143.1.54/mpsl18c99e6db38118a4d50a0bca8dd475f700d3ff172a73fb6a48bdd599d4abae95 Gafgyt501 censys elf gafgyt mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
97
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=678f022fb5602ee8cdae1585linux22vpnfull_triage
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/678f014c14046438dc0617d0/reports/c60ff284-754e-4f13-8bde-288bc47682be/overview
Result
Verdict:
UNKNOWN
Score:
1%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/5d5ee4bf2e2bba27e6af5a5f45846a7175c61f094e6e61a920f042f40889e387
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5d5ee4bf2e2bba27e6af5a5f45846a7175c61f094e6e61a920f042f40889e387/
Threat name:
Script-Shell.Browser.Tsunami
Create hunting rule
Status:
Malicious
First seen:
2025-01-21 05:13:23 UTC
AV detection:
6 of 38 (15.79%)
Threat level:
  4/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=lvpojpzofo5cpzvpljpulbdkof24mhyjjzxgdkja6bbpicej4odq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250121-cjzbwa1jhq/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/5d5ee4bf2e2bba27e6af5a5f45846a7175c61f094e6e61a920f042f40889e387

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh 5d5ee4bf2e2bba27e6af5a5f45846a7175c61f094e6e61a920f042f40889e387

(this sample)

Gafgyt

elf 4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74

  
URLhaus
https://urlhaus.abuse.ch/url/3407868/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3407697/
  
URLhaus
https://urlhaus.abuse.ch/url/3407950/
  
URLhaus
https://urlhaus.abuse.ch/url/3408114/
  
Dropping
MD5 ebaf6768ac8705e48d2403468bf8df74
  
Dropping
SHA256 4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74

Comments