MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 88a8c6c50a5497642295bd23e66c29e94dc90969ae29a3638b266cdca7505a22. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 6


Intelligence 6 IOCs YARA 1 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 88a8c6c50a5497642295bd23e66c29e94dc90969ae29a3638b266cdca7505a22
SHA3-384 hash: e5f143a3560d69fe8ff20438bbb13c44639ce389398f32d4825e3b7c915bccf0dcd021c5e3c1a57eee504d7d3a8c0d40
SHA1 hash: c70495cb57277693c8de8b44128c781c82a01dc8
MD5 hash: 04b11499c6833007c3ea483ef37783e4
humanhash: missouri-india-oklahoma-montana
File name:loudscreamer.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:2'327 bytes
First seen:2025-11-20 06:33:44 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:1hBt8BThjqjhAschIthGfhoBhguUhK/hymUhg53hC/h49hl+5hg4:1hBt8BThWjhAschIthGfhoBhguUhK/hI
TLSH T1F141EDC960A147709EF6AD227169540879BB928E44CAFE15FDDC38D9308DD0DB403BDB
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.100.37.194/Execution.mipsn/an/aelf gafgyt ua-wget
http://176.100.37.194/Execution.mpsl7ffa8b90f1d87a4d006f251ed163c59e4428c019f549cddf29fb1ddaacc2c279 Gafgytelf gafgyt ua-wget
http://176.100.37.194/Execution.sh4c137754c1db60e9730588445fe4be53967dfd449d6c836126a343c9cbe20945a Gafgytelf gafgyt ua-wget
http://176.100.37.194/Execution.x86b123c0917c68522fc7c5e8cf64555276595b22418aaaa91eb08a21b736bea5ea Gafgytelf gafgyt ua-wget
http://176.100.37.194/Execution.arm639138c90dbb6276dce8b3637ead0b2f2f07b79427882255b2b582ad29c11740f Gafgytelf gafgyt ua-wget
http://176.100.37.194/Execution.i68653332790a6261e07d6148b92f49a89208fdc0fd2faceffd9a8e5d21988c838b8 Gafgytelf gafgyt ua-wget
http://176.100.37.194/Execution.ppcn/an/aelf gafgyt ua-wget
http://176.100.37.194/Execution.i5866f0ef8347bc224ca65fa15567f8ba5b3c47a7a5524db4ef606f4686e850e1f09 Gafgytelf gafgyt ua-wget
http://176.100.37.194/Execution.m68k067252151f78faf2dead4874c149d5179da87f733f5fa2ea85aa44c00b6ab7df Gafgytelf gafgyt ua-wget
http://176.100.37.194/Execution.sparcc67f4bed5ac613453c7c58c39d009f9d3a88686a7d2fef83dec1f239d88e1fb2 Gafgytelf gafgyt ua-wget
http://176.100.37.194/Execution.arm4f7da443aa9852a42e425a36cf007a4866011625743ca8e8079d6e87008b545be Gafgytelf gafgyt ua-wget
http://176.100.37.194/Execution.arm58213330f513bca063390a73faa73e6133c7b4e69eb05b4be597e94f7bc10eca6 Gafgytelf gafgyt ua-wget
http://176.100.37.194/Execution.arm7n/an/aelf gafgyt ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
40
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive medusa mirai
Link:
https://www.filescan.io/uploads/691eb66bc12935ac7badd031/reports/bb377240-5da6-4ffb-afae-7f30e7f4fab5/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-11-19T00:01:00Z UTC
Last seen:
2025-11-20T10:18:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/88a8c6c50a5497642295bd23e66c29e94dc90969ae29a3638b266cdca7505a22/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/ece7bde1-4385-4a0a-97f0-6730a15f1bc5
Behavior Graph:
Download SVG
%3 guuid=814ec004-1900-0000-3bc3-bd3e6e120000 pid=4718 /usr/bin/sudo guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719 /tmp/sample.bin guuid=814ec004-1900-0000-3bc3-bd3e6e120000 pid=4718->guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719 execve guuid=e72a8f07-1900-0000-3bc3-bd3e70120000 pid=4720 /usr/bin/wget net send-data write-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=e72a8f07-1900-0000-3bc3-bd3e70120000 pid=4720 execve guuid=705ef80c-1900-0000-3bc3-bd3e7a120000 pid=4730 /usr/bin/chmod guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=705ef80c-1900-0000-3bc3-bd3e7a120000 pid=4730 execve guuid=07d9290d-1900-0000-3bc3-bd3e7c120000 pid=4732 /usr/bin/dash guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=07d9290d-1900-0000-3bc3-bd3e7c120000 pid=4732 clone guuid=b2d1320d-1900-0000-3bc3-bd3e7d120000 pid=4733 /usr/bin/rm delete-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=b2d1320d-1900-0000-3bc3-bd3e7d120000 pid=4733 execve guuid=44006c0d-1900-0000-3bc3-bd3e7f120000 pid=4735 /usr/bin/wget net send-data write-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=44006c0d-1900-0000-3bc3-bd3e7f120000 pid=4735 execve guuid=4646ea10-1900-0000-3bc3-bd3e8e120000 pid=4750 /usr/bin/chmod guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=4646ea10-1900-0000-3bc3-bd3e8e120000 pid=4750 execve guuid=66c53411-1900-0000-3bc3-bd3e90120000 pid=4752 /usr/bin/dash guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=66c53411-1900-0000-3bc3-bd3e90120000 pid=4752 clone guuid=2b274611-1900-0000-3bc3-bd3e91120000 pid=4753 /usr/bin/rm delete-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=2b274611-1900-0000-3bc3-bd3e91120000 pid=4753 execve guuid=63628d11-1900-0000-3bc3-bd3e93120000 pid=4755 /usr/bin/wget net send-data write-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=63628d11-1900-0000-3bc3-bd3e93120000 pid=4755 execve guuid=77407314-1900-0000-3bc3-bd3e9e120000 pid=4766 /usr/bin/chmod guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=77407314-1900-0000-3bc3-bd3e9e120000 pid=4766 execve guuid=df5dbd14-1900-0000-3bc3-bd3ea0120000 pid=4768 /usr/bin/dash guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=df5dbd14-1900-0000-3bc3-bd3ea0120000 pid=4768 clone guuid=ea60cc14-1900-0000-3bc3-bd3ea1120000 pid=4769 /usr/bin/rm delete-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=ea60cc14-1900-0000-3bc3-bd3ea1120000 pid=4769 execve guuid=4f581e15-1900-0000-3bc3-bd3ea3120000 pid=4771 /usr/bin/wget net send-data write-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=4f581e15-1900-0000-3bc3-bd3ea3120000 pid=4771 execve guuid=c9cd0e18-1900-0000-3bc3-bd3eb0120000 pid=4784 /usr/bin/chmod guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=c9cd0e18-1900-0000-3bc3-bd3eb0120000 pid=4784 execve guuid=85965f18-1900-0000-3bc3-bd3eb2120000 pid=4786 /usr/bin/dash guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=85965f18-1900-0000-3bc3-bd3eb2120000 pid=4786 clone guuid=2b606a18-1900-0000-3bc3-bd3eb4120000 pid=4788 /usr/bin/rm delete-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=2b606a18-1900-0000-3bc3-bd3eb4120000 pid=4788 execve guuid=8c23a218-1900-0000-3bc3-bd3eb5120000 pid=4789 /usr/bin/wget net send-data write-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=8c23a218-1900-0000-3bc3-bd3eb5120000 pid=4789 execve guuid=982a631b-1900-0000-3bc3-bd3ec0120000 pid=4800 /usr/bin/chmod guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=982a631b-1900-0000-3bc3-bd3ec0120000 pid=4800 execve guuid=ea1f9c1b-1900-0000-3bc3-bd3ec2120000 pid=4802 /usr/bin/dash guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=ea1f9c1b-1900-0000-3bc3-bd3ec2120000 pid=4802 clone guuid=5287a71b-1900-0000-3bc3-bd3ec3120000 pid=4803 /usr/bin/rm delete-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=5287a71b-1900-0000-3bc3-bd3ec3120000 pid=4803 execve guuid=c2f3eb1b-1900-0000-3bc3-bd3ec5120000 pid=4805 /usr/bin/wget net send-data write-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=c2f3eb1b-1900-0000-3bc3-bd3ec5120000 pid=4805 execve guuid=34b32d1f-1900-0000-3bc3-bd3ecf120000 pid=4815 /usr/bin/chmod guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=34b32d1f-1900-0000-3bc3-bd3ecf120000 pid=4815 execve guuid=7469621f-1900-0000-3bc3-bd3ed1120000 pid=4817 /usr/bin/dash guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=7469621f-1900-0000-3bc3-bd3ed1120000 pid=4817 clone guuid=fb556e1f-1900-0000-3bc3-bd3ed2120000 pid=4818 /usr/bin/rm delete-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=fb556e1f-1900-0000-3bc3-bd3ed2120000 pid=4818 execve guuid=0b16b11f-1900-0000-3bc3-bd3ed4120000 pid=4820 /usr/bin/wget net send-data write-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=0b16b11f-1900-0000-3bc3-bd3ed4120000 pid=4820 execve guuid=a294c822-1900-0000-3bc3-bd3ee1120000 pid=4833 /usr/bin/chmod guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=a294c822-1900-0000-3bc3-bd3ee1120000 pid=4833 execve guuid=14e80223-1900-0000-3bc3-bd3ee3120000 pid=4835 /usr/bin/dash guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=14e80223-1900-0000-3bc3-bd3ee3120000 pid=4835 clone guuid=c2e93d23-1900-0000-3bc3-bd3ee5120000 pid=4837 /usr/bin/rm delete-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=c2e93d23-1900-0000-3bc3-bd3ee5120000 pid=4837 execve guuid=5b1d7b23-1900-0000-3bc3-bd3ee8120000 pid=4840 /usr/bin/wget net send-data write-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=5b1d7b23-1900-0000-3bc3-bd3ee8120000 pid=4840 execve guuid=7c37df25-1900-0000-3bc3-bd3ef2120000 pid=4850 /usr/bin/chmod guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=7c37df25-1900-0000-3bc3-bd3ef2120000 pid=4850 execve guuid=66ea1226-1900-0000-3bc3-bd3ef4120000 pid=4852 /usr/bin/dash guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=66ea1226-1900-0000-3bc3-bd3ef4120000 pid=4852 clone guuid=eb0c1d26-1900-0000-3bc3-bd3ef5120000 pid=4853 /usr/bin/rm delete-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=eb0c1d26-1900-0000-3bc3-bd3ef5120000 pid=4853 execve guuid=69695b26-1900-0000-3bc3-bd3ef7120000 pid=4855 /usr/bin/wget net send-data write-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=69695b26-1900-0000-3bc3-bd3ef7120000 pid=4855 execve guuid=56c72b29-1900-0000-3bc3-bd3e03130000 pid=4867 /usr/bin/chmod guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=56c72b29-1900-0000-3bc3-bd3e03130000 pid=4867 execve guuid=0f3e6529-1900-0000-3bc3-bd3e05130000 pid=4869 /usr/bin/dash guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=0f3e6529-1900-0000-3bc3-bd3e05130000 pid=4869 clone guuid=7b5b8c29-1900-0000-3bc3-bd3e07130000 pid=4871 /usr/bin/rm delete-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=7b5b8c29-1900-0000-3bc3-bd3e07130000 pid=4871 execve guuid=bbd1fa29-1900-0000-3bc3-bd3e09130000 pid=4873 /usr/bin/wget net send-data write-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=bbd1fa29-1900-0000-3bc3-bd3e09130000 pid=4873 execve guuid=8a2dec2c-1900-0000-3bc3-bd3e15130000 pid=4885 /usr/bin/chmod guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=8a2dec2c-1900-0000-3bc3-bd3e15130000 pid=4885 execve guuid=c027282d-1900-0000-3bc3-bd3e17130000 pid=4887 /usr/bin/dash guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=c027282d-1900-0000-3bc3-bd3e17130000 pid=4887 clone guuid=e36f4a2d-1900-0000-3bc3-bd3e18130000 pid=4888 /usr/bin/rm delete-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=e36f4a2d-1900-0000-3bc3-bd3e18130000 pid=4888 execve guuid=17318c2d-1900-0000-3bc3-bd3e1a130000 pid=4890 /usr/bin/wget net send-data write-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=17318c2d-1900-0000-3bc3-bd3e1a130000 pid=4890 execve guuid=8da2bf31-1900-0000-3bc3-bd3e26130000 pid=4902 /usr/bin/chmod guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=8da2bf31-1900-0000-3bc3-bd3e26130000 pid=4902 execve guuid=4d2b0332-1900-0000-3bc3-bd3e29130000 pid=4905 /usr/bin/dash guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=4d2b0332-1900-0000-3bc3-bd3e29130000 pid=4905 clone guuid=52e50d32-1900-0000-3bc3-bd3e2a130000 pid=4906 /usr/bin/rm delete-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=52e50d32-1900-0000-3bc3-bd3e2a130000 pid=4906 execve guuid=7ca85632-1900-0000-3bc3-bd3e2c130000 pid=4908 /usr/bin/wget net send-data write-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=7ca85632-1900-0000-3bc3-bd3e2c130000 pid=4908 execve guuid=203c3735-1900-0000-3bc3-bd3e37130000 pid=4919 /usr/bin/chmod guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=203c3735-1900-0000-3bc3-bd3e37130000 pid=4919 execve guuid=30df7c35-1900-0000-3bc3-bd3e39130000 pid=4921 /usr/bin/dash guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=30df7c35-1900-0000-3bc3-bd3e39130000 pid=4921 clone guuid=0b788a35-1900-0000-3bc3-bd3e3a130000 pid=4922 /usr/bin/rm delete-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=0b788a35-1900-0000-3bc3-bd3e3a130000 pid=4922 execve guuid=5c1fd835-1900-0000-3bc3-bd3e3c130000 pid=4924 /usr/bin/wget net send-data write-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=5c1fd835-1900-0000-3bc3-bd3e3c130000 pid=4924 execve guuid=f4ebe438-1900-0000-3bc3-bd3e48130000 pid=4936 /usr/bin/chmod guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=f4ebe438-1900-0000-3bc3-bd3e48130000 pid=4936 execve guuid=a2611e39-1900-0000-3bc3-bd3e4a130000 pid=4938 /usr/bin/dash guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=a2611e39-1900-0000-3bc3-bd3e4a130000 pid=4938 clone guuid=06b82b39-1900-0000-3bc3-bd3e4b130000 pid=4939 /usr/bin/rm delete-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=06b82b39-1900-0000-3bc3-bd3e4b130000 pid=4939 execve guuid=69c16f39-1900-0000-3bc3-bd3e4d130000 pid=4941 /usr/bin/wget net send-data write-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=69c16f39-1900-0000-3bc3-bd3e4d130000 pid=4941 execve guuid=604f763d-1900-0000-3bc3-bd3e5e130000 pid=4958 /usr/bin/chmod guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=604f763d-1900-0000-3bc3-bd3e5e130000 pid=4958 execve guuid=51b6af3d-1900-0000-3bc3-bd3e60130000 pid=4960 /usr/bin/dash guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=51b6af3d-1900-0000-3bc3-bd3e60130000 pid=4960 clone guuid=c252b93d-1900-0000-3bc3-bd3e61130000 pid=4961 /usr/bin/rm delete-file guuid=56d32207-1900-0000-3bc3-bd3e6f120000 pid=4719->guuid=c252b93d-1900-0000-3bc3-bd3e61130000 pid=4961 execve a0806b76-769a-539d-8f0c-e2388865cbe3 176.100.37.194:80 guuid=e72a8f07-1900-0000-3bc3-bd3e70120000 pid=4720->a0806b76-769a-539d-8f0c-e2388865cbe3 send: 143B guuid=44006c0d-1900-0000-3bc3-bd3e7f120000 pid=4735->a0806b76-769a-539d-8f0c-e2388865cbe3 send: 143B guuid=63628d11-1900-0000-3bc3-bd3e93120000 pid=4755->a0806b76-769a-539d-8f0c-e2388865cbe3 send: 142B guuid=4f581e15-1900-0000-3bc3-bd3ea3120000 pid=4771->a0806b76-769a-539d-8f0c-e2388865cbe3 send: 142B guuid=8c23a218-1900-0000-3bc3-bd3eb5120000 pid=4789->a0806b76-769a-539d-8f0c-e2388865cbe3 send: 143B guuid=c2f3eb1b-1900-0000-3bc3-bd3ec5120000 pid=4805->a0806b76-769a-539d-8f0c-e2388865cbe3 send: 143B guuid=0b16b11f-1900-0000-3bc3-bd3ed4120000 pid=4820->a0806b76-769a-539d-8f0c-e2388865cbe3 send: 142B guuid=5b1d7b23-1900-0000-3bc3-bd3ee8120000 pid=4840->a0806b76-769a-539d-8f0c-e2388865cbe3 send: 143B guuid=69695b26-1900-0000-3bc3-bd3ef7120000 pid=4855->a0806b76-769a-539d-8f0c-e2388865cbe3 send: 143B guuid=bbd1fa29-1900-0000-3bc3-bd3e09130000 pid=4873->a0806b76-769a-539d-8f0c-e2388865cbe3 send: 144B guuid=17318c2d-1900-0000-3bc3-bd3e1a130000 pid=4890->a0806b76-769a-539d-8f0c-e2388865cbe3 send: 143B guuid=7ca85632-1900-0000-3bc3-bd3e2c130000 pid=4908->a0806b76-769a-539d-8f0c-e2388865cbe3 send: 143B guuid=5c1fd835-1900-0000-3bc3-bd3e3c130000 pid=4924->a0806b76-769a-539d-8f0c-e2388865cbe3 send: 143B guuid=69c16f39-1900-0000-3bc3-bd3e4d130000 pid=4941->a0806b76-769a-539d-8f0c-e2388865cbe3 send: 142B
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/88a8c6c50a5497642295bd23e66c29e94dc90969ae29a3638b266cdca7505a22
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/88a8c6c50a5497642295bd23e66c29e94dc90969ae29a3638b266cdca7505a22/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-11-19 14:39:15 UTC
File Type:
Text (Shell)
AV detection:
23 of 37 (62.16%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rcumnrikkslwiiuvxur6m3bj5fg4scljvyu2gy4lezwnzj2qlira._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251120-hbychaax6e/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/88a8c6c50a5497642295bd23e66c29e94dc90969ae29a3638b266cdca7505a22

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_202412_suspect_bash_script
Create hunting rule
Author:abuse.ch
Description:Detects suspicious Linux bash scripts

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh 88a8c6c50a5497642295bd23e66c29e94dc90969ae29a3638b266cdca7505a22

(this sample)

Gafgyt

elf c99377bc47ff20ae76fc4e2b0726056e8e0eeae25d8e3f7bae0fde036c818b88

  
URLhaus
https://urlhaus.abuse.ch/url/3712309/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b159d165276e9b9930ff5866a5be4e54
  
Dropping
SHA256 c99377bc47ff20ae76fc4e2b0726056e8e0eeae25d8e3f7bae0fde036c818b88
  
URLhaus
https://urlhaus.abuse.ch/url/3712445/

Comments