MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 5d9ba03f648a66be560a8b61a4c2f994085b4b6315609096a28f744dd4a4dc71. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 5d9ba03f648a66be560a8b61a4c2f994085b4b6315609096a28f744dd4a4dc71
SHA3-384 hash: 26785dafb29427278f239e41d3d48b5c21a0cd1e7c39b60008b3abeb629773abe881b0f77dd59990df0a26d5881808e1
SHA1 hash: 9a9894305eeb8a8ac1350d1dce0815e37e69358b
MD5 hash: 304f5b19f3d8a664d851f93d609d69a6
humanhash: kansas-rugby-arizona-sixteen
File name:304f5b19f3d8a664d851f93d609d69a6
Download: download sample
Signature Gafgyt
Create hunting rule
File size:37'288 bytes
First seen:2021-12-22 05:39:48 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 768:o0d0BLh1XyVRV3bif/Io1fcUMMxfWQRI8bL/EgJgGlzDpxYsG:oeYh1CVHLmfT5vv8gVrYh
TLSH T179F2D07C15022BD8DBB180FBAF961F60157E2E32E52AAC0BB591D5934E531F4B4D23E4
Reporter zbetcheckin
Tags:32 elf gafgyt mips

Intelligence

File Origin
# of uploads :
1
# of downloads :
109
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.DarkNexus-7679166-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
67%
Tags:
anti-debug gafgyt
Link:
https://www.filescan.io/uploads/61c2ba364ab5c44cbf4c54f1/reports/a0081e52-e7b4-44c8-9c5f-2161bf4edba2/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
mips
Packer:
custom
Botnet:
unknown
Number of open files:
2
Number of processes launched:
3
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/5d9ba03f648a66be560a8b61a4c2f994085b4b6315609096a28f744dd4a4dc71
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
209.141.42.170:13369
UDP botnet C2(s):
not identified
Result
Verdict:
UNKNOWN
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/452d7cab-90e2-46b4-aed1-1f44b160c5e8
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/911373
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/5d9ba03f648a66be560a8b61a4c2f994085b4b6315609096a28f744dd4a4dc71/
Threat name:
Linux.Trojan.Gafgyt
Create hunting rule
Status:
Malicious
First seen:
2021-12-22 05:40:11 UTC
File Type:
ELF32 Big (Exe)
AV detection:
16 of 28 (57.14%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/211222-gcw1dsfac7/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/5d9ba03f648a66be560a8b61a4c2f994085b4b6315609096a28f744dd4a4dc71

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

elf 5d9ba03f648a66be560a8b61a4c2f994085b4b6315609096a28f744dd4a4dc71

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1909529/

Comments


Avatar
zbet commented on 2021-12-22 05:39:50 UTC

url : hxxp://209.141.42.170/SBIDIOT/mips