MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60b54a5b9b5904072dedee9a283e7f27e473d54703253bd9eb7b1c0dc938093d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60b54a5b9b5904072dedee9a283e7f27e473d54703253bd9eb7b1c0dc938093d
SHA3-384 hash: 51e8f991168dfec15970b1b4589bb53a6996462e75c76f54c33929c5a5145fc754dc3892cc503053567e80310aecb8fd
SHA1 hash: b16837982c644c5c58f57e25d92754d7d48e6d42
MD5 hash: b59eac65a6d940f5f2987a9e7f36a640
humanhash: angel-wyoming-september-fillet
File name:toto
Download: download sample
Signature Gafgyt
Create hunting rule
File size:347 bytes
First seen:2025-08-21 01:40:44 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:5DBlCIVmRVc5Fl6mPalLLIPly/gaOlV8iAKu:5jChq5z6W+vIdyoa6V+Ku
TLSH T153E0BFDD51D3E0FEC9694D44F261A626D505F5C02170AFCDAB4964B2CCD9642712CF47
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.176.20.59/lbmips954081b4df73aaaaccab3e98975486587f12f10ffed89d055791c5bcbf60f8d7 Gafgytelf gafgyt ua-wget
http://103.176.20.59/lmpsln/an/acensys elf gafgyt mirai ua-wget
http://103.176.20.59/larm43b9fb643ee107c4fdc321425bf8801dae55aa9e5c392b6062e463ec8dde0cb9d Miraicensys elf mirai ua-wget
http://103.176.20.59/larm56490586ab557e772c4ddb5d0bdc469118f5af4997831d32273b2a219ef871791 Miraicensys elf mirai ua-wget
http://103.176.20.59/larm77f9023fdbd0951650d408f62a2eb70dbaadd424d725957ee3d3a7780aa25c853 Miraicensys elf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
33
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/60b54a5b9b5904072dedee9a283e7f27e473d54703253bd9eb7b1c0dc938093d
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/60b54a5b9b5904072dedee9a283e7f27e473d54703253bd9eb7b1c0dc938093d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60b54a5b9b5904072dedee9a283e7f27e473d54703253bd9eb7b1c0dc938093d/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/60b54a5b9b5904072dedee9a283e7f27e473d54703253bd9eb7b1c0dc938093d
Threat name:
Script.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-08-21 02:12:40 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=mc2uuw43lecaolpn52ncqpt7e7shhvkhamstxwplpmoa3sjybe6q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250821-g3gy6agj6w/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/60b54a5b9b5904072dedee9a283e7f27e473d54703253bd9eb7b1c0dc938093d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh 60b54a5b9b5904072dedee9a283e7f27e473d54703253bd9eb7b1c0dc938093d

(this sample)

Gafgyt

elf 954081b4df73aaaaccab3e98975486587f12f10ffed89d055791c5bcbf60f8d7

  
URLhaus
https://urlhaus.abuse.ch/url/3591802/
  
Delivery method
Distributed via web download
  
Dropping
MD5 f4d764941b21548c9a28b5cd3cf366d1
  
Dropping
SHA256 954081b4df73aaaaccab3e98975486587f12f10ffed89d055791c5bcbf60f8d7

Comments