MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 783d66b2db97d707b4b0eda1c05495382c375a0955f4913aaefb33b66000112e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 783d66b2db97d707b4b0eda1c05495382c375a0955f4913aaefb33b66000112e
SHA3-384 hash: 9dad696cdcd6afea1ce0f55462518a460d7442a812e8e177f951f65f20ed8a41c96b5e000fab947e1feab8c58e93b6aa
SHA1 hash: 73cf0ae7cb1cbc6ebfce08474565b985d58ec8a6
MD5 hash: b771d3f4374d14b4c5eea6a7cdb1d19e
humanhash: august-kilo-fanta-mobile
File name:all.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:467 bytes
First seen:2025-02-23 10:51:58 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:oJj8mAd0mgJjIxbKKoJjxNNImzvSkkgJjX6RAHJj8pqf0v:o1tAd0D1IbKB1bNImlkg1K+H1cl
TLSH T1D1F01CED861144A7914DAFC6E07DECA4F19ED1A862ABDF093CB348669578C24A054AC2
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://194.85.251.73/iloveviki/viki.amd64a02aecdc1a9b876151897db29703bab59af0351b8c0fd75e3ee162cb98b9c18c Gafgytcensys elf gafgyt opendir
http://194.85.251.73/iloveviki/viki.arm7n/an/acensys elf opendir
http://194.85.251.73/iloveviki/viki.arm6n/an/acensys elf opendir
http://194.85.251.73/iloveviki/viki.arm5n/an/acensys elf opendir
http://194.85.251.73/iloveviki/viki.mipsn/an/acensys elf opendir

Intelligence

File Origin
# of uploads :
1
# of downloads :
15
Origin country :
US US
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-34.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67bafe0328ab76d43a5c8d41linux22vpnfull_triage
Tags:
downloader shellcode agent
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67bafded3afc3763bec23d85/reports/d414b9ed-8b5c-44ce-9cb3-1c7c44334f02/overview
Result
Verdict:
MALICIOUS
Score:
66%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/783d66b2db97d707b4b0eda1c05495382c375a0955f4913aaefb33b66000112e
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/783d66b2db97d707b4b0eda1c05495382c375a0955f4913aaefb33b66000112e/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-02-23 10:53:13 UTC
File Type:
Text (Shell)
AV detection:
4 of 38 (10.53%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pa6wnmw3s7lqpnfq5wq4avevhawdowqjkx2jcovo7mz3myaacexa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250223-mylz7svp15/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/783d66b2db97d707b4b0eda1c05495382c375a0955f4913aaefb33b66000112e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh 783d66b2db97d707b4b0eda1c05495382c375a0955f4913aaefb33b66000112e

(this sample)

Gafgyt

elf a02aecdc1a9b876151897db29703bab59af0351b8c0fd75e3ee162cb98b9c18c

  
URLhaus
https://urlhaus.abuse.ch/url/3449667/
  
Delivery method
Distributed via web download
  
Dropping
MD5 3c216e66a46d5e7f30da93b1273364b8
  
Dropping
SHA256 a02aecdc1a9b876151897db29703bab59af0351b8c0fd75e3ee162cb98b9c18c

Comments