MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8eaf1818a59d9576d5918e5171718fff1b35ae1741ad93ccf23bab56de334577. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8eaf1818a59d9576d5918e5171718fff1b35ae1741ad93ccf23bab56de334577
SHA3-384 hash: 130ccc15a6352cc66d882a9e32dfdeb8fad0a1ddddaaa76cd4c5ba67158a0169ca146e73af804f6f1f2af5419d8eca96
SHA1 hash: d8d3e4da8b0bff766f5f894e9e2f0988a362ec46
MD5 hash: 0b1ad1b2274662b3f631a43ede6a48d5
humanhash: wyoming-venus-ceiling-venus
File name:arm
Download: download sample
Signature Gafgyt
Create hunting rule
File size:21'536 bytes
First seen:2025-01-02 21:36:30 UTC
Last seen:Never
File type: elf
MIME type:application/x-executable
ssdeep 384:Jd6MpjPN+yE+1MvpJT/VrTW4IyP5fvkxr/P5encnfPgdBMSxF+hPVUFx4e+QQ:Jd6MpjPoyE+ivpN91jP5U5P5encnXgH4
TLSH T131A23B997884DA5AC6C0417AFE9C924D37326768E1DE73470F267F122B8686A0F3F541
telfhash t1b3d0a7350f405cc8322b810a408de355721070d63a6a244d79f5de8e0a07d95843052a
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf gafgyt

Intelligence

File Origin
# of uploads :
1
# of downloads :
153
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.ELF.Mirai-ASW.13992.1756.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=677706ff1ada707798256a0blinux22vpnfull_triage
Tags:
malware
Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/677706ff9569ccc37414daaf/reports/a99810df-cb45-4d50-82d1-ed8287e62199/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
0
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/8eaf1818a59d9576d5918e5171718fff1b35ae1741ad93ccf23bab56de334577
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Verdict:
UNKNOWN
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/ff58be17-feb9-4c08-9590-d149d5d1ffba
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1583512
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/8eaf1818a59d9576d5918e5171718fff1b35ae1741ad93ccf23bab56de334577
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8eaf1818a59d9576d5918e5171718fff1b35ae1741ad93ccf23bab56de334577/
Threat name:
Linux.Backdoor.Gafgyt
Create hunting rule
Status:
Malicious
First seen:
2025-01-02 21:37:04 UTC
File Type:
ELF32 Little (Exe)
AV detection:
10 of 23 (43.48%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=r2xrqgfftwkxnvmrrzixc4mp74ntllqxigwzhthshovvnxrtiv3q._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/250102-1gfzhswpgy/
Verdict:
Unknown
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/63ae5880-6f6b-4f92-90c8-9c98336c1196
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8eaf1818a59d9576d5918e5171718fff1b35ae1741ad93ccf23bab56de334577

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

elf 8eaf1818a59d9576d5918e5171718fff1b35ae1741ad93ccf23bab56de334577

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3376108/
  
Delivery method
Distributed via web download

Comments