MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aa93f42129864ebfb1aad16b297cda5ca0a37ae88682055b7a329bf8a518eb45. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: aa93f42129864ebfb1aad16b297cda5ca0a37ae88682055b7a329bf8a518eb45
SHA3-384 hash: 0e11de0be344fa9c1781a8fbacc8169af644b8f2ac041e8f4a3a8b74ef8a4c341af08a28e6cd8ff3f52a705081660b80
SHA1 hash: 08f7991c9120230216d43e7f8ada111051c24c28
MD5 hash: f2f1e3f2b5bd88d99415200de1f4b70c
humanhash: potato-king-snake-east
File name:f2f1e3f2b5bd88d99415200de1f4b70c
Download: download sample
Signature Gafgyt
Create hunting rule
File size:36'656 bytes
First seen:2021-12-22 05:46:41 UTC
Last seen:2021-12-22 05:50:07 UTC
File type: elf
MIME type:application/x-executable
ssdeep 768:GP0AUqJ81bA7StgJoA2mKXvMMcQ3GlLLIVVDAmk3Uf:VPqJ8hqS+GAOXCQWeVd
TLSH T192F2F143591DB021E9D77DF1E17F0A088A1A5D5C87DB73647324ABBC68930A3F8E19B1
telfhash t1849002146048068442928285d10d4d56300431325c8427718601a24d4c08ad09d051f0
Reporter zbetcheckin
Tags:32 arm elf gafgyt

Intelligence

File Origin
# of uploads :
2
# of downloads :
104
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.DarkNexus-7679166-0
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/61c2bbdc8991ba72b3916f40/reports/8b89e855-8fba-4baf-8a71-5774bf581454/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
custom
Botnet:
209.141.42.170:80/SBIDIOT
Number of open files:
2
Number of processes launched:
2
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/aa93f42129864ebfb1aad16b297cda5ca0a37ae88682055b7a329bf8a518eb45
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
209.141.42.170:13369
UDP botnet C2(s):
not identified
Result
Verdict:
UNKNOWN
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/c12781ac-6961-4bb2-95a9-ce63773c2167
Result
Threat name:
Unknown
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/911375
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/aa93f42129864ebfb1aad16b297cda5ca0a37ae88682055b7a329bf8a518eb45/
Threat name:
Linux.Trojan.Gafgyt
Create hunting rule
Status:
Malicious
First seen:
2021-12-22 05:47:12 UTC
File Type:
ELF32 Little (Exe)
AV detection:
15 of 28 (53.57%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/211222-ggwkesfad4/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Suspicious File
Score:
0.38
Link:
https://yomi.yoroi.company/submissions/aa93f42129864ebfb1aad16b297cda5ca0a37ae88682055b7a329bf8a518eb45

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

elf aa93f42129864ebfb1aad16b297cda5ca0a37ae88682055b7a329bf8a518eb45

(this sample)

  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/1909527/

Comments


Avatar
zbet commented on 2021-12-22 05:46:42 UTC

url : hxxp://209.141.42.170/SBIDIOT/arm