MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 aeb615f18972cbd4bf1bf0ba337c2918a062714f5f504728f06cfd04d83e01fe. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Gafgyt

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	aeb615f18972cbd4bf1bf0ba337c2918a062714f5f504728f06cfd04d83e01fe
SHA3-384 hash:	c4d27939e4fa173c4d7553a41897fe4bc6a8431cf19e84d09bde2a6267ee6fbc69c56d909ffa97384fd37117e862897b
SHA1 hash:	5131c6f1011364598f244c3f06e08019c4f97ea4
MD5 hash:	b62f866e8bf28907aec43a72dcf78b86
humanhash:	blue-mockingbird-nineteen-london
File name:	buf
Download:	download sample
Signature	Gafgyt Create hunting rule
File size:	196 bytes
First seen:	2025-03-11 08:46:38 UTC
Last seen:	Never
File type:	sh
MIME type:	text/plain
ssdeep	3:LWwhRFWl009GBzSE8KT1yYdDnDWwhRFWl0tWTBzSE8VDQZxXIdDv:LWl00kbT1yYBnDWl0wKMXXIBv
TLSH	T119D0C7694CA57E60C048BDBD3A674F1F504843CD259B0B4C58D500A6E48AA52F94E904
Magika	shell
Reporter	abuse_ch
Tags:	sh

Shell script dropper

This file seems to be a shell script dropper, using wget, ftpget and/or curl. More information about the corresponding payload URLs are shown below.

URL	Malware sample (SHA256 hash)	Signature	Tags
http://185.142.53.43/mips	a6e6162e308e8d0c1c076657166e45c34f692030fd3078bf74e04d1bc1a61f2f	Gafgyt	32-bit elf gafgyt
http://185.142.53.43/mpsl	f6156dc0fd65261579373182072bb820b6e26ca0f1c06cb9e4da0b04e0fdf913	Gafgyt	elf gafgyt ua-wget

Intelligence

File Origin

# of uploads :

1

# of downloads :

77

Origin country :

DE

Vendor Threat Intelligence

Verdict:

Malicious

Score:

93.3%

Link:

https://cyber-fortress.com/docs/result/index.php?id=67d007ea4fd7d3fd0e0829c1linux22vpnfull_triage

Tags:

trojan agent hype

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

evasive

Link:

https://www.filescan.io/uploads/67cff8a3e95d0f9029e74b67/reports/9afccb93-9b94-4abd-b91c-d5c9dfcb0640/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/aeb615f18972cbd4bf1bf0ba337c2918a062714f5f504728f06cfd04d83e01fe

Result

Verdict:

UNKNOWN

Score:

1%

Verdict:

Benign

File Type:

SCRIPT

Link:

https://malprob.io/report/aeb615f18972cbd4bf1bf0ba337c2918a062714f5f504728f06cfd04d83e01fe

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/aeb615f18972cbd4bf1bf0ba337c2918a062714f5f504728f06cfd04d83e01fe/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=v23bl4mjolf5jpy36c5dg7bjdcqge4kpl5ieokhqnt6qjwb6ah7a._file

Result

Malware family:

n/a

Score:

3/10

Tags:

discovery

Link:

https://tria.ge/reports/250311-lc75wazsgs/

Behaviour

Modifies registry class

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/aeb615f18972cbd4bf1bf0ba337c2918a062714f5f504728f06cfd04d83e01fe

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

sh aeb615f18972cbd4bf1bf0ba337c2918a062714f5f504728f06cfd04d83e01fe

(this sample)

elf a6e6162e308e8d0c1c076657166e45c34f692030fd3078bf74e04d1bc1a61f2f

URLhaus

https://urlhaus.abuse.ch/url/3473691/

Delivery method

Distributed via web download

Dropping

MD5 29c48cc4f58f946102a01589686a6191

Dropping

SHA256 a6e6162e308e8d0c1c076657166e45c34f692030fd3078bf74e04d1bc1a61f2f

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample