MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9bcbbee0f2193e10b0701c1a4ccfd394f147b3bc85ffb8ba7652185a566d7071. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Gafgyt

Vendor detections: 8

Intelligence 8 IOCs YARA File information Comments

SHA256 hash:	9bcbbee0f2193e10b0701c1a4ccfd394f147b3bc85ffb8ba7652185a566d7071
SHA3-384 hash:	cb3e10a491cc4040ae75860e08dc079a56c7fc0c0c620c48e7189e5233f1b59b8082791b69c7c73c6475e84a1e4a1b1b
SHA1 hash:	010e8917f983209c8f6aafa16a303d700cd1556b
MD5 hash:	eae9e25f34c6bc5476d635de2e1167fe
humanhash:	snake-alanine-september-helium
File name:	Sakura.sh
Download:	download sample
Signature	Gafgyt Create hunting rule
File size:	513 bytes
First seen:	2026-04-14 05:31:26 UTC
Last seen:	Never
File type:	sh
MIME type:	text/x-shellscript
ssdeep	12:1JLBGeWz8RvPrzkvCIsEANzJqUMDyRRNv:r8e3vPXqLlSlq2d
TLSH	T1A8F00551750731315FC65979A7CFD4A06D075842BC590574F846895F647C3BF731C142
TrID	70.0% (.SH) Linux/UNIX shell script (7000/1) 30.0% (.) Unix-like shebang (var.3) (gen) (3000/1)
Magika	shell
Reporter	adliwahid
Tags:	gafgyt

Intelligence

File Origin

# of uploads :

# of downloads :

102

Origin country :

Vendor Threat Intelligence

No detections

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

evasive

Link:

https://www.filescan.io/uploads/69ddd29d799d5bf325fcfb1f/reports/cfb84b25-b93a-4886-8328-41178a10049b/overview

Verdict:

Malicious

File Type:

unix shell

First seen:

2026-04-14T02:43:00Z UTC

Last seen:

2026-04-14T03:20:00Z UTC

Hits:

~100

Link:

https://opentip.kaspersky.com/9bcbbee0f2193e10b0701c1a4ccfd394f147b3bc85ffb8ba7652185a566d7071/results?tab=lookup

Score:

41%

Verdict:

Susipicious

File Type:

SCRIPT

Link:

https://malprob.io/report/9bcbbee0f2193e10b0701c1a4ccfd394f147b3bc85ffb8ba7652185a566d7071

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/9bcbbee0f2193e10b0701c1a4ccfd394f147b3bc85ffb8ba7652185a566d7071/

Verdict:

Malicious

Threat:

Family.MIRAI

Link:

https://tip.neiki.dev/file/9bcbbee0f2193e10b0701c1a4ccfd394f147b3bc85ffb8ba7652185a566d7071

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=tpf35yhsde7bbmdqdqnezt6tstyupm54qx73rotwkimfuvtnobyq._file

Result

Malware family:

gafgyt

Score:

10/10

Tags:

family:gafgyt botnet defense_evasion discovery linux

Link:

https://tria.ge/reports/260414-f77vpscx5m/

Behaviour

System Network Configuration Discovery

Writes file to tmp directory

Reads system network configuration

Reads system routing table

File and Directory Permissions Modification

Executes dropped EXE

Detected Gafgyt variant

Family: Gafgyt/Bashlite

Malware Config

C2 Extraction:

185.116.236.117:12345

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

0.80

Link:

https://yomi.yoroi.company/submissions/9bcbbee0f2193e10b0701c1a4ccfd394f147b3bc85ffb8ba7652185a566d7071

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample