MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 7a74baf740cba7ec69f0cbb2cb700b2169585fd23f2d9b1a3f8281f3b19228f9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 7a74baf740cba7ec69f0cbb2cb700b2169585fd23f2d9b1a3f8281f3b19228f9
SHA3-384 hash: 2211ac1e10f20e367d36e414da85065be83461c835945523b2d39f57623d8b11aecea2c00900aae882e5631f619513de
SHA1 hash: 0ffc105055c1b3c45fa99a4778e64bdaea9843dd
MD5 hash: d52c61d4b5715aa0f042fa9319935dfc
humanhash: march-kilo-dakota-eleven
File name:zxc.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:484 bytes
First seen:2025-07-09 05:05:40 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:QV7P7LNI7/5xzNI7XxNI737NI73SNITlNI73Wy36f4:MzSjrGkyGNIIy4
TLSH T18FF05E85B762F6E2C4287E04B1618944D0CFB7C527AFCBBC9EC0A99289260007413F21
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://158.51.126.131/mipsn/an/aelf gafgyt mirai ua-wget
http://158.51.126.131/mips645b4d5efe745d9849d92e20732a1118cfc762731323541ed01adf042482a4f040 Miraielf mirai ua-wget
http://158.51.126.131/mipsel68b7a90ca3d6b4034d4428ee1483178d9a69171090087523ecd8d2314aa60603 Miraielf gafgyt mirai ua-wget
http://158.51.126.131/armv5l506a3e39a46d0e6d13ba89dd5a6fe2aa81c5122db15742d4ce509a3c0738ff01 Miraielf gafgyt mirai ua-wget
http://158.51.126.131/armv4l2171bb00f0826c172cdca83d441183c74084b65d8a78e10e1482c445f060205b Miraielf gafgyt mirai ua-wget
http://158.51.126.131/armv7l69c12ce6f569adfaa217f1ebd365b727e3d2f882f22ef10169c8dc7ad3a05f4e Miraielf gafgyt mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
28
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-34.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=686df8d2900df8e7f868d5aflinux22vpnfull_triage
Tags:
agent hype sage
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/cb6becf1-0fa9-475c-a55b-1e52bc7a9f7f
Behavior Graph:
Download SVG
%3 guuid=5751de10-1d00-0000-a7cf-b1d0c30a0000 pid=2755 /usr/bin/sudo guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761 /tmp/sample.bin guuid=5751de10-1d00-0000-a7cf-b1d0c30a0000 pid=2755->guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761 execve guuid=77b5d513-1d00-0000-a7cf-b1d0cb0a0000 pid=2763 /usr/bin/wget net send-data write-file guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=77b5d513-1d00-0000-a7cf-b1d0cb0a0000 pid=2763 execve guuid=3fd7c646-1d00-0000-a7cf-b1d0330b0000 pid=2867 /usr/bin/chmod guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=3fd7c646-1d00-0000-a7cf-b1d0330b0000 pid=2867 execve guuid=22760947-1d00-0000-a7cf-b1d0340b0000 pid=2868 /usr/bin/dash guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=22760947-1d00-0000-a7cf-b1d0340b0000 pid=2868 clone guuid=666d9f47-1d00-0000-a7cf-b1d0380b0000 pid=2872 /usr/bin/wget net send-data write-file guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=666d9f47-1d00-0000-a7cf-b1d0380b0000 pid=2872 execve guuid=8905ea78-1d00-0000-a7cf-b1d0a80b0000 pid=2984 /usr/bin/chmod guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=8905ea78-1d00-0000-a7cf-b1d0a80b0000 pid=2984 execve guuid=06b03679-1d00-0000-a7cf-b1d0aa0b0000 pid=2986 /usr/bin/dash guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=06b03679-1d00-0000-a7cf-b1d0aa0b0000 pid=2986 clone guuid=4c92fc7a-1d00-0000-a7cf-b1d0b10b0000 pid=2993 /usr/bin/wget net send-data write-file guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=4c92fc7a-1d00-0000-a7cf-b1d0b10b0000 pid=2993 execve guuid=ed67b4ae-1d00-0000-a7cf-b1d01b0c0000 pid=3099 /usr/bin/chmod guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=ed67b4ae-1d00-0000-a7cf-b1d01b0c0000 pid=3099 execve guuid=731bf3ae-1d00-0000-a7cf-b1d01d0c0000 pid=3101 /usr/bin/dash guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=731bf3ae-1d00-0000-a7cf-b1d01d0c0000 pid=3101 clone guuid=e7cba1af-1d00-0000-a7cf-b1d0200c0000 pid=3104 /usr/bin/wget net send-data write-file guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=e7cba1af-1d00-0000-a7cf-b1d0200c0000 pid=3104 execve guuid=7b54f2e1-1d00-0000-a7cf-b1d07f0c0000 pid=3199 /usr/bin/chmod guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=7b54f2e1-1d00-0000-a7cf-b1d07f0c0000 pid=3199 execve guuid=3b392de2-1d00-0000-a7cf-b1d0810c0000 pid=3201 /usr/bin/dash guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=3b392de2-1d00-0000-a7cf-b1d0810c0000 pid=3201 clone guuid=1d3aafe2-1d00-0000-a7cf-b1d0850c0000 pid=3205 /usr/bin/wget net send-data write-file guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=1d3aafe2-1d00-0000-a7cf-b1d0850c0000 pid=3205 execve guuid=a145370c-1e00-0000-a7cf-b1d0b20c0000 pid=3250 /usr/bin/chmod guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=a145370c-1e00-0000-a7cf-b1d0b20c0000 pid=3250 execve guuid=82bf990c-1e00-0000-a7cf-b1d0b50c0000 pid=3253 /usr/bin/dash guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=82bf990c-1e00-0000-a7cf-b1d0b50c0000 pid=3253 clone guuid=5b7dae0c-1e00-0000-a7cf-b1d0b60c0000 pid=3254 /usr/bin/wget net send-data write-file guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=5b7dae0c-1e00-0000-a7cf-b1d0b60c0000 pid=3254 execve guuid=17183b3e-1e00-0000-a7cf-b1d01b0d0000 pid=3355 /usr/bin/chmod guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=17183b3e-1e00-0000-a7cf-b1d01b0d0000 pid=3355 execve guuid=d34db33e-1e00-0000-a7cf-b1d01d0d0000 pid=3357 /usr/bin/dash guuid=78de8913-1d00-0000-a7cf-b1d0c90a0000 pid=2761->guuid=d34db33e-1e00-0000-a7cf-b1d01d0d0000 pid=3357 clone 2beca644-24da-5e18-bc49-c06b8c4a111d 158.51.126.131:80 guuid=77b5d513-1d00-0000-a7cf-b1d0cb0a0000 pid=2763->2beca644-24da-5e18-bc49-c06b8c4a111d send: 133B guuid=666d9f47-1d00-0000-a7cf-b1d0380b0000 pid=2872->2beca644-24da-5e18-bc49-c06b8c4a111d send: 135B guuid=4c92fc7a-1d00-0000-a7cf-b1d0b10b0000 pid=2993->2beca644-24da-5e18-bc49-c06b8c4a111d send: 135B guuid=e7cba1af-1d00-0000-a7cf-b1d0200c0000 pid=3104->2beca644-24da-5e18-bc49-c06b8c4a111d send: 135B guuid=1d3aafe2-1d00-0000-a7cf-b1d0850c0000 pid=3205->2beca644-24da-5e18-bc49-c06b8c4a111d send: 135B guuid=5b7dae0c-1e00-0000-a7cf-b1d0b60c0000 pid=3254->2beca644-24da-5e18-bc49-c06b8c4a111d send: 135B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/7a74baf740cba7ec69f0cbb2cb700b2169585fd23f2d9b1a3f8281f3b19228f9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/7a74baf740cba7ec69f0cbb2cb700b2169585fd23f2d9b1a3f8281f3b19228f9/
Threat name:
Win32.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-07-09 04:30:06 UTC
File Type:
Text (Shell)
AV detection:
4 of 38 (10.53%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=pj2lv52azot6y2pqzozmw4alefuvqx6sh4wzwgr7qka7hmmsfd4q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250709-frjg6sbq8x/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/7a74baf740cba7ec69f0cbb2cb700b2169585fd23f2d9b1a3f8281f3b19228f9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh 7a74baf740cba7ec69f0cbb2cb700b2169585fd23f2d9b1a3f8281f3b19228f9

(this sample)

Gafgyt

elf 22ebe0b232b538048d54777e99412db6b5ae75eb8a5650827ba0093461a448e7

  
URLhaus
https://urlhaus.abuse.ch/url/3579320/
  
Delivery method
Distributed via web download
  
Dropping
MD5 6befb4eb0e067254bc7c9a3c852c76f7
  
Dropping
SHA256 22ebe0b232b538048d54777e99412db6b5ae75eb8a5650827ba0093461a448e7

Comments