MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8bba5e64590d99831d4b6de979370287111c9da5068f93fb41bb632c9c4a4111. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8bba5e64590d99831d4b6de979370287111c9da5068f93fb41bb632c9c4a4111
SHA3-384 hash: a5a5825b9f967d2834112e85e388d67c98e09789444291b6ffff72b9a81caabd390127048205f1981daeebe5ad7e1003
SHA1 hash: 223a688c3d0ed01dbc67d3f8b3d2b66984bbb184
MD5 hash: f87bb1b77b61eb73efb6e6f6b69085ac
humanhash: finch-bluebird-steak-diet
File name:gtop.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:2'705 bytes
First seen:2025-05-16 16:29:53 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:lTiLTfLTLlTEhbIhDTnh3T8bCBETfchtNTrWJXdTXCsTiLTfLTLlTEhbTghDTnhc:FOZWWB0cPQaZWWB0cPMaZWWBgcPW
TLSH T17A51F5FC41B0E262C5EADB5E7A65C0E6756CE0D3789D29DCA8AC4D35BC5AD00B44BF80
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://176.65.148.190/jackmymipsel6b7286b8df4715e9d7ede5a575edddd27092ef12c3a1a31b276299f0e6b168a0 Gafgytelf gafgyt ua-wget
http://176.65.148.190/jackmymips2fabdf1072a814a8a47121894983ec9458a92191fdb41c7f0a2bfff31d01d855 Gafgytelf gafgyt ua-wget
http://176.65.148.190/jackmysh423ad9d63c8950df4fc4bded78921ff5ac03c7984181da4e2cb60c2011592c5dc Gafgytelf gafgyt ua-wget
http://176.65.148.190/jackmyx860ec0ab508b87805359492729e9818cec8a14aec3119e00b148d9b9291f92fd5e Gafgytelf gafgyt ua-wget
http://176.65.148.190/jackmyi6868e3747539ca959ccd25a106893a8213d04b5736d690e85a977826eb8711946b9 Gafgytelf gafgyt ua-wget
http://176.65.148.190/jackmypowerpcfd04590a28e500d70784c858e4d2d3a917ec7848f0af89d641ebb7868e7ddfc0 Gafgytelf gafgyt ua-wget
http://176.65.148.190/jackmyi5869eca6c6d9d8864c1f5ade24697397dc1f6a3a334ee00a4e88a92756475a08f42 Gafgytelf gafgyt ua-wget
http://176.65.148.190/jackmym86kn/an/aelf ua-wget
http://176.65.148.190/jackmysparcn/an/aelf ua-wget
http://176.65.148.190/jackmyarmv6838e9dcaedb21f5ec10801f3287d9a3823c63614f666ef795cc233c4c7848e3a Gafgytelf gafgyt ua-wget
http:///jackmyarmv6n/an/an/a
http:///jackmymipseln/an/an/a
http:///jackmymipsn/an/an/a
http:///jackmyx86n/an/an/a
http:///jackmyi586n/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
71
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
92.5%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68276a0e4a59e5a2ce054692linux22vpnfull_triage
Tags:
agent hype sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
botnet gafgyt lolbin remote
Link:
https://www.filescan.io/uploads/6827686ec609634bd7c5fbea/reports/a3e50ed5-792e-432d-affe-37040a4ee33d/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8bba5e64590d99831d4b6de979370287111c9da5068f93fb41bb632c9c4a4111
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8bba5e64590d99831d4b6de979370287111c9da5068f93fb41bb632c9c4a4111/
Threat name:
Linux.Downloader.Medusa
Create hunting rule
Status:
Malicious
First seen:
2025-05-16 16:32:17 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=ro5f4zczbwmyghklnxuxsnycq4irzhnfa2hzh62bxnrszhckieiq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250516-t1np5scn6v/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8bba5e64590d99831d4b6de979370287111c9da5068f93fb41bb632c9c4a4111

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh 8bba5e64590d99831d4b6de979370287111c9da5068f93fb41bb632c9c4a4111

(this sample)

Gafgyt

elf 6b7286b8df4715e9d7ede5a575edddd27092ef12c3a1a31b276299f0e6b168a0

  
URLhaus
https://urlhaus.abuse.ch/url/3545061/
  
Delivery method
Distributed via web download
  
Dropping
MD5 27db6d9738da7ea5a96683686f75fc7a
  
Dropping
SHA256 6b7286b8df4715e9d7ede5a575edddd27092ef12c3a1a31b276299f0e6b168a0

Comments