MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9676aea60b4fbc50abaf49b824eca4fbb59b1ac12aa6e9501003a28eacdff910. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Gafgyt

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	9676aea60b4fbc50abaf49b824eca4fbb59b1ac12aa6e9501003a28eacdff910
SHA3-384 hash:	19364a4844c72ade9e70e4b8ca8d2c929a7b05436402ce187be5d1641a796001601f2081192fca4f3b254b91d9a12220
SHA1 hash:	1ead38c1dd775b787d4b4dbb003e63d4c0b949d6
MD5 hash:	5b60f21c4975138294704160e0a29e26
humanhash:	equal-illinois-saturn-orange
File name:	fx
Download:	download sample
Signature	Gafgyt Create hunting rule
File size:	1'320 bytes
First seen:	2024-12-29 02:01:18 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	24:XwZ6wnWwfKRjwT6soe3eSsoe3ePe3efyoe3ed5Qe3eWve3e/e3Y:XwZ6wWwfajwT6meSme0efy7ed5eWUeEY
TLSH	T12D21F6535A8C75F4B7CEA91AB6A38BDA58DDD09F3D430702E838C2EA7C805245A34F70
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://185.157.247.35/mpsl	18c99e6db38118a4d50a0bca8dd475f700d3ff172a73fb6a48bdd599d4abae95	Gafgyt	elf gafgyt mirai
http://185.157.247.35/mips	4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74	Gafgyt	32-bit elf gafgyt mirai
http://185.157.247.35/arm7	d2ea0eed1f82458ed76a956ca3fd1f72d1c1e29b40a6118d1e5f1e6d78418077	Mirai	elf mirai
http://185.157.247.35/arm	2f66b28645b910c0fcb7a751e9a0dad86fd2be825d07f45dd6ab086ec2eeafc0	Mirai	32-bit elf mirai

Intelligence

File Origin

# of uploads :

1

# of downloads :

103

Origin country :

DE

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Linux.DownLoader.37.22445.28137.UNOFFICIAL

Verdict:

Malicious

Score:

97.4%

Link:

https://cyber-fortress.com/docs/result/index.php?id=6771039f1bb06b8884793173linux22vpnfull_triage

Tags:

trojan mirai agent virus

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

anti-debug evasive

Link:

https://www.filescan.io/uploads/6770ad9e0dd45a148a40e9b9/reports/2e0aebd8-0946-4343-95dc-6b2263dba0c2/overview

Verdict:

Malicious

Labled as:

TrojanDownloader/Linux.Agent

Link:

https://www.hybrid-analysis.com/sample/9676aea60b4fbc50abaf49b824eca4fbb59b1ac12aa6e9501003a28eacdff910

Result

Verdict:

UNKNOWN

Score:

0%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/9676aea60b4fbc50abaf49b824eca4fbb59b1ac12aa6e9501003a28eacdff910

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9676aea60b4fbc50abaf49b824eca4fbb59b1ac12aa6e9501003a28eacdff910/

Threat name:

Linux.Downloader.Generic

Status:

Suspicious

First seen:

2024-12-29 03:02:23 UTC

File Type:

Text (Shell)

AV detection:

8 of 38 (21.05%)

Threat level:

3/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=sz3k5jqlj66fbk5pjg4cj3fe7o2zwgwbfktosuaqaori5lg77eia._file

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/9676aea60b4fbc50abaf49b824eca4fbb59b1ac12aa6e9501003a28eacdff910

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh 9676aea60b4fbc50abaf49b824eca4fbb59b1ac12aa6e9501003a28eacdff910

(this sample)

elf 18c99e6db38118a4d50a0bca8dd475f700d3ff172a73fb6a48bdd599d4abae95

URLhaus

https://urlhaus.abuse.ch/url/3376029/

Delivery method

Distributed via web download

Dropping

MD5 068d8070d6463f29e947d66cff14bb5e

Dropping

SHA256 18c99e6db38118a4d50a0bca8dd475f700d3ff172a73fb6a48bdd599d4abae95

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample