MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7438b709116b26b6f2640fbf2cd530d0c27fdfdede62af6ad83141029f84df59. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Gafgyt

Vendor detections: 9

Intelligence 9 IOCs YARA File information Comments 1

SHA256 hash:	7438b709116b26b6f2640fbf2cd530d0c27fdfdede62af6ad83141029f84df59
SHA3-384 hash:	ddc039f4c14560b34b3bf31e81a324f544c6591ce19c475e95bcc399834864f35474b010f26bae5ab68b8d747088c363
SHA1 hash:	48ccb0c146a703839d0c62ea91cce3b266c6f516
MD5 hash:	ffa6f19caa2a312d59d625747afef33f
humanhash:	blue-enemy-sierra-earth
File name:	ffa6f19caa2a312d59d625747afef33f
Download:	download sample
Signature	Gafgyt Create hunting rule
File size:	125'444 bytes
First seen:	2023-12-24 07:43:34 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:3ImSKIw4af2iBqV9qg+ZEktoQpYMlIYhY0dogZ4cVIoR4EXtznAZBLev6b30lM5U:Y3zvqptEG00l8d74YbSNwbZn2OPS
TLSH	T133C33A25BA361D17C0C4A5B722F70731B2F343C926A8C65D7EB20D5EEF642406297AF9
Reporter	zbetcheckin
Tags:	32 elf gafgyt mirai sparc

Intelligence

File Origin

# of uploads :

1

# of downloads :

115

Origin country :

FR

Vendor Threat Intelligence

Detection(s):

Sanesecurity.Malware.28880.LC.UNOFFICIAL

Sanesecurity.Malware.29325.LC.Pl.UNOFFICIAL

SecuriteInfo.com.Linux.Mirai-81.UNOFFICIAL

Sanesecurity.Malware.28886.LC.UNOFFICIAL

Sanesecurity.Malware.29524.LC.UNOFFICIAL

Sanesecurity.Malware.28878.LC.UNOFFICIAL

Sanesecurity.Malware.28877.LC.UNOFFICIAL

Unix.Trojan.Mirai-7100807-0

Unix.Dropper.Mirai-7135868-0

Unix.Dropper.Mirai-7135891-0

Unix.Dropper.Mirai-7135892-0

Unix.Dropper.Mirai-7136013-0

Unix.Dropper.Mirai-7136034-0

Unix.Dropper.Mirai-7136057-0

Unix.Dropper.Mirai-7540663-0

Unix.Trojan.Mirai-8025795-0

Unix.Trojan.Mirai-9441505-0

Unix.Trojan.Mirai-9858729-0

Unix.Trojan.Mirai-9945193-0

Unix.Trojan.Mirai-9946826-0

Unix.Dropper.Mirai-9977145-0

Unix.Dropper.Mirai-10008433-0

Unix.Trojan.Mirai-10011027-0

Unix.Trojan.Mirai-10011918-0

Unix.Packed.Botnet-6566031-0

Unix.Dropper.Botnet-6566040-0

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug botnet lolbin mirai mirai obfuscated remote

Link:

https://www.filescan.io/uploads/6587e145b855eb3693f1e629/reports/0e37ec89-d683-4899-a834-84ead053eff0/overview

Result

Verdict:

MALICIOUS

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/b3530c1f-0bf2-4584-945e-fb6733102073

Score:

100%

Verdict:

Malware

File Type:

ELF

Link:

https://malprob.io/report/7438b709116b26b6f2640fbf2cd530d0c27fdfdede62af6ad83141029f84df59

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/7438b709116b26b6f2640fbf2cd530d0c27fdfdede62af6ad83141029f84df59/

Threat name:

Linux.Trojan.Mirai

Status:

Malicious

First seen:

2023-12-24 03:25:40 UTC

File Type:

ELF32 Big (Exe)

AV detection:

19 of 37 (51.35%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=oq4locirnmtln4teb67szvjq2dbh7x663zrk62wygfaqfh4e35mq._file

Result

Malware family:

mirai

Score:

10/10

Tags:

family:mirai botnet:mirai linux

Link:

https://tria.ge/reports/231224-jktlcabaan/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.00

Link:

https://yomi.yoroi.company/submissions/7438b709116b26b6f2640fbf2cd530d0c27fdfdede62af6ad83141029f84df59

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf 7438b709116b26b6f2640fbf2cd530d0c27fdfdede62af6ad83141029f84df59

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/2744136/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

zbet commented on 2023-12-24 07:43:34 UTC

url : hxxp://37.44.238.75/mont/.nekoisdaddy.spc