MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9c7d72cc8ae83611020f4ee588ad0b2d303af50a2f87b2bda62788f581768592. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9c7d72cc8ae83611020f4ee588ad0b2d303af50a2f87b2bda62788f581768592
SHA3-384 hash: e6a4f0a420d37694121e3818e55b180f05c52d3b22ce67c544320f3d815fc00cf5198c78739abec579baf897f483cb85
SHA1 hash: 5d4b5d928645d8ef33543e96e333665ac470c3a7
MD5 hash: c444e701c6e2ea632907030ba0a28b59
humanhash: bravo-orange-gee-burger
File name:o
Download: download sample
Signature Gafgyt
Create hunting rule
File size:261 bytes
First seen:2025-09-06 19:49:10 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:L6FTWXAsdxI5ymDoSuFXyKOmDoSuFXyUOmDoSuFXyD+v:wu3diwmMSPmMSNmMSs
TLSH T18DD017AA6504B870F8CEF0623947CB8E912251D318124930BC58C1689C84869AC91E55
Magika batch
Reporter abuse_ch
Tags:gafgyt sh
URLMalware sample (SHA256 hash)SignatureTags
http://160.250.134.48/mipsfd75057993af111cf29aeb0924554d01ad28c071fb20cf9700831fd4402fbaf2 Miraielf gafgyt geofenced mips mirai ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
37
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Suspicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/9c7d72cc8ae83611020f4ee588ad0b2d303af50a2f87b2bda62788f581768592
Verdict:
Malicious
File Type:
text
First seen:
2025-09-06T18:04:00Z UTC
Last seen:
2025-09-06T18:04:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/9c7d72cc8ae83611020f4ee588ad0b2d303af50a2f87b2bda62788f581768592/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/3c1022a0-e21b-4994-b585-31b21c8a4a0c
Behavior Graph:
Download SVG
%3 guuid=bcbcb047-1a00-0000-9204-ceb5130a0000 pid=2579 /usr/bin/sudo guuid=20026149-1a00-0000-9204-ceb51a0a0000 pid=2586 /tmp/sample.bin guuid=bcbcb047-1a00-0000-9204-ceb5130a0000 pid=2579->guuid=20026149-1a00-0000-9204-ceb51a0a0000 pid=2586 execve guuid=e4229949-1a00-0000-9204-ceb51b0a0000 pid=2587 /usr/bin/rm guuid=20026149-1a00-0000-9204-ceb51a0a0000 pid=2586->guuid=e4229949-1a00-0000-9204-ceb51b0a0000 pid=2587 execve guuid=1348e049-1a00-0000-9204-ceb51d0a0000 pid=2589 /usr/bin/wget net send-data write-file guuid=20026149-1a00-0000-9204-ceb51a0a0000 pid=2586->guuid=1348e049-1a00-0000-9204-ceb51d0a0000 pid=2589 execve guuid=bc8b8294-1a00-0000-9204-ceb5cc0a0000 pid=2764 /usr/bin/chmod guuid=20026149-1a00-0000-9204-ceb51a0a0000 pid=2586->guuid=bc8b8294-1a00-0000-9204-ceb5cc0a0000 pid=2764 execve guuid=d08f0b95-1a00-0000-9204-ceb5ce0a0000 pid=2766 /usr/bin/dash guuid=20026149-1a00-0000-9204-ceb51a0a0000 pid=2586->guuid=d08f0b95-1a00-0000-9204-ceb5ce0a0000 pid=2766 clone guuid=2fe68797-1a00-0000-9204-ceb5d30a0000 pid=2771 /usr/sbin/xtables-nft-multi guuid=20026149-1a00-0000-9204-ceb51a0a0000 pid=2586->guuid=2fe68797-1a00-0000-9204-ceb5d30a0000 pid=2771 execve guuid=c900b5a4-1a00-0000-9204-ceb5e00a0000 pid=2784 /usr/sbin/xtables-nft-multi guuid=20026149-1a00-0000-9204-ceb51a0a0000 pid=2586->guuid=c900b5a4-1a00-0000-9204-ceb5e00a0000 pid=2784 execve guuid=3cef9cac-1a00-0000-9204-ceb5f00a0000 pid=2800 /usr/sbin/xtables-nft-multi guuid=20026149-1a00-0000-9204-ceb51a0a0000 pid=2586->guuid=3cef9cac-1a00-0000-9204-ceb5f00a0000 pid=2800 execve guuid=399245ad-1a00-0000-9204-ceb5f10a0000 pid=2801 /usr/sbin/xtables-nft-multi guuid=20026149-1a00-0000-9204-ceb51a0a0000 pid=2586->guuid=399245ad-1a00-0000-9204-ceb5f10a0000 pid=2801 execve 2398d6d7-9b73-5561-a5f7-2e279e659454 160.250.134.48:80 guuid=1348e049-1a00-0000-9204-ceb51d0a0000 pid=2589->2398d6d7-9b73-5561-a5f7-2e279e659454 send: 133B
Score:
91%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/9c7d72cc8ae83611020f4ee588ad0b2d303af50a2f87b2bda62788f581768592
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9c7d72cc8ae83611020f4ee588ad0b2d303af50a2f87b2bda62788f581768592/
Threat name:
Linux.Downloader.SAgnt
Create hunting rule
Status:
Malicious
First seen:
2025-09-06 20:10:25 UTC
File Type:
Text (Shell)
AV detection:
5 of 36 (13.89%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=tr6xftek5a3bcaqpj3syrlilfuydv5ikf6d3fpnge6eplalwqwja._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9c7d72cc8ae83611020f4ee588ad0b2d303af50a2f87b2bda62788f581768592

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh 9c7d72cc8ae83611020f4ee588ad0b2d303af50a2f87b2bda62788f581768592

(this sample)

Gafgyt

elf 21c1a38155620df7ff31b34364069137ff5bea0f6cf57a8c8a13a687792a7d86

  
URLhaus
https://urlhaus.abuse.ch/url/3618771/
  
Delivery method
Distributed via web download
  
Dropping
MD5 e762208e1c8d60d1e9e968495e462a71
  
Dropping
SHA256 21c1a38155620df7ff31b34364069137ff5bea0f6cf57a8c8a13a687792a7d86

Comments