MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ae1967865636b381f6d814b0ca340347ef2ede7991d02a2d3c6f0b301f8f84a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ae1967865636b381f6d814b0ca340347ef2ede7991d02a2d3c6f0b301f8f84a7
SHA3-384 hash: 28e4913a6760d4bc10e0be128d703495bf235a5785b19b3f92861c6a28ec206fa52d29ba4bc6e73e70df67a2616b3317
SHA1 hash: b2702d37653cc5609485967bb0c4c57c7d8b3141
MD5 hash: b0aa07cfaf7232539e68f4ef7a6c3c60
humanhash: alpha-december-cardinal-tennessee
File name:linnn
Download: download sample
Signature Gafgyt
Create hunting rule
File size:1'538 bytes
First seen:2024-12-28 10:05:57 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:GLF+2gnvIULkUe5jLy+IUtGLlxM+G2Lt2mXLOhxLC+nGLoR+O/L12g1ULmRPQkLj:sF+hnvv2lxtsAHctN7s53sHi7Et2j
TLSH T1DE3103C552B059B12EE19C5BB26BCC0D319B79CE1CC99F8A9CDC34F6668EE50B848713
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://83.222.191.146/x86_64a98c75b7612614ed742dc20e8606ccfbf3e9e420db04a51de199febf79df432a Miraielf gafgyt mirai
http://83.222.191.146/mpsl2334f9ff33a1a40363409037d38200e7ab05d17e45b0c34d2fa9fdfba0981184 Miraielf mirai
http://83.222.191.146/mips1a277c37236c7f81798518774b8a503060f075c2f5f80d8891737f099568b0cd Miraielf gafgyt mirai
http://83.222.191.146/arm41a742066ad19b17d888000e4afc3ae71232c46846604f2ef9385d92a45c7908e Miraielf gafgyt mirai
http://83.222.191.146/arm5eec96d97e6867412ad5b49487ec4d11996c2e76dda69f6802e90d417956a173b Miraielf gafgyt mirai
http://83.222.191.146/arm610168506319b8be5589155349a7fea42791d64bd90ab610747d473a056e4ec3d Miraielf mirai
http://83.222.191.146/arm7ddaa4a6fbb91a9fe3eeb6971840e677e2f131cb10d3bb423cfe563560f04ebdd Miraielf gafgyt mirai
http://83.222.191.146/m68k3a353240939bc7ca326e9ed1c640f99517b5c1779a660b053fcf3266881c7852 Miraielf mirai
http://83.222.191.146/x8606858102f6c443b53241baa576c4ecfce5c61bd729379fea88a40323227ee34a Miraielf mirai
http://83.222.191.146/spc8cc0e7a4a92d334f4df94cf382385ea5f59866b5e32097f0ac96b3f3c15b2b27 Miraielf mirai
http://83.222.191.146/ppce2286c2fc91b4bd4780c7f35ab12af96397b0701dc051739684bf0c3b7c67360 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
95
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
90.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=676fce7c1bb06b888478e61flinux22vpnfull_triage
Tags:
phishing backdoor trojan hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
anti-debug busybox evasive expand lolbin remote
Link:
https://www.filescan.io/uploads/676fcd8c0dd45a148a40d1ae/reports/71d6f7b6-5e46-4ea6-a3ce-424b59fa831c/overview
Result
Verdict:
UNKNOWN
Score:
47%
Verdict:
Susipicious
File Type:
SCRIPT
Link:
https://malprob.io/report/ae1967865636b381f6d814b0ca340347ef2ede7991d02a2d3c6f0b301f8f84a7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ae1967865636b381f6d814b0ca340347ef2ede7991d02a2d3c6f0b301f8f84a7/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2024-12-28 10:10:05 UTC
File Type:
Text (Shell)
AV detection:
14 of 23 (60.87%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=vymwpbswg2zyd5wycsymunadi7xs5xtzshiculj4n4ftah4pqstq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/241228-l7cmfsxlft/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/ae1967865636b381f6d814b0ca340347ef2ede7991d02a2d3c6f0b301f8f84a7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh ae1967865636b381f6d814b0ca340347ef2ede7991d02a2d3c6f0b301f8f84a7

(this sample)

Gafgyt

elf 2720d3f547466627abc059669fb343b8f1e9476a63615b53733af6c2c42842e7

  
URLhaus
https://urlhaus.abuse.ch/url/3379331/
  
Delivery method
Distributed via web download
  
Dropping
MD5 b31fdf3565677dc90ffe94416699ed95
  
Dropping
SHA256 2720d3f547466627abc059669fb343b8f1e9476a63615b53733af6c2c42842e7
  
URLhaus
https://urlhaus.abuse.ch/url/3379652/
  
URLhaus
https://urlhaus.abuse.ch/url/3379679/
  
URLhaus
https://urlhaus.abuse.ch/url/3379692/

Comments