MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b3856f24b89ef8539f07d3b8aa544fee63b841eca8fa18e977f8b83195e112db. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b3856f24b89ef8539f07d3b8aa544fee63b841eca8fa18e977f8b83195e112db
SHA3-384 hash: a4a68b7836c39cea1352cac3fa23fae1f12d18769bbac8b2c65cbc489f83b4a99e880e5c4d0b9eabf047be874f391b7b
SHA1 hash: e745a93794738bdfbbf01dec2c164e68639a36fd
MD5 hash: 0d0b67881bfc4ae87cd376175aa8664e
humanhash: virginia-paris-stream-robin
File name:zxc.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:825 bytes
First seen:2025-04-09 08:52:36 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:03gkKTdk3zkk8z/khrckOPki/k9ukwO4kyNIfeknkYK7L:ltZekBz/acvN/No42eSkYoL
TLSH T179013CCD1EE553FE85199EE4B460CD49908D65C3B5748F7CFAB108DA0CD6612780CE66
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.142.53.233/mips63e5d4c2ac320aa49bfc1c23e1a253c00ec5e51b4b64f0fb304c34f4d0a6fa56 Gafgytddos elf gafgyt mirai
http://185.142.53.233/mpsl1f20bd51306a7cd754a0d6864311ca2a4fc8def258607ba35285216eb39e6891 Gafgytddos elf gafgyt mirai
http://185.142.53.233/x8605e5afb5cf3997973ad7701749efddcc5876dcf7069d398c95c3e8dda1b2d088 Miraiddos elf mirai
http://185.142.53.233/i68618649e80c64bc1b3c27f82fb5b86424ac7d8b2c910dc10d888cdc1d4bd4db2bc Miraiddos elf mirai
http://185.142.53.233/sh4b2aae96dfe77848425790b7370da4c15fa7de04d3cb2c6469470c751bce0eb09 Gafgytgafgyt mirai ua-wget
http://185.142.53.233/ppc17277a6d4918a77790c1492d4595367a53249ad3e646589083488bba619b6fd3 Miraimirai ua-wget
http://185.142.53.233/arcn/an/amirai ua-wget
http://185.142.53.233/arm4e630d71a3ebf5faede6525d46ec1ce4880c2276b941e71f03fea47189efcbe4 Miraiddos elf mirai
http://185.142.53.233/arm571922b4599572f865e6446137409eddcca93ef567eeded9c2684c5adf9d33c72 Miraiddos elf mirai
http://185.142.53.233/arm6b1d10651ccda9afdfb1876f967df8b4f2971283e928dfcbc6f867abc58581dcb Miraiddos elf mirai
http://185.142.53.233/arm7b530d6edb5659f75331fac721a888aaae428a06d6b3f658b1b0c9d23c4b75ba0 Miraimirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
84
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f6399a71beff15dccdcb0flinux22vpnfull_triage
Tags:
backdoor trojan agent
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/67f63579eb7eb0aee042cc31/reports/ade22aa5-c95b-422e-bb04-8ec92555a04f/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/b3856f24b89ef8539f07d3b8aa544fee63b841eca8fa18e977f8b83195e112db
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b3856f24b89ef8539f07d3b8aa544fee63b841eca8fa18e977f8b83195e112db/
Threat name:
Script-Shell.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-04-09 08:53:14 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wocw6jfyt34fhhyh2o4kuvcp5zr3qqpmvd5br2lx7c4ddfpbclnq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250409-ktbbssvrz4/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/b3856f24b89ef8539f07d3b8aa544fee63b841eca8fa18e977f8b83195e112db

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh b3856f24b89ef8539f07d3b8aa544fee63b841eca8fa18e977f8b83195e112db

(this sample)

Gafgyt

elf d49cb41dedd926fb75dd7e41f58549d7f5598801cc80fc1a60d491fae39a02a8

  
URLhaus
https://urlhaus.abuse.ch/url/3491748/
  
Delivery method
Distributed via web download
  
Dropping
MD5 893fdda544d7db0ebf700068e0887d61
  
Dropping
SHA256 d49cb41dedd926fb75dd7e41f58549d7f5598801cc80fc1a60d491fae39a02a8

Comments