MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b4d8d8b7f5def6ed65a9e7c89755969831a820ca79b93f1da3fd81ddb6b527d9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b4d8d8b7f5def6ed65a9e7c89755969831a820ca79b93f1da3fd81ddb6b527d9
SHA3-384 hash: 9033cc135efffe6361d21d0e2485ba4d7eccff3f39c55edc783ad8a55b451b9baad344e230990f74ec1c28449e1b7f5c
SHA1 hash: 731ddcea66ab8042da8705f3b5760506dc7842ae
MD5 hash: 3344a6ca829686d7e0e3a7802dd0217b
humanhash: diet-dakota-monkey-zulu
File name:gig.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:214 bytes
First seen:2025-01-20 21:22:14 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:L2UiMwWcqR6WgrVFGBzSEyLTUWwOeXGUi9WFKV2UiMwWcqR6Wgr88BzSE8eU8Tx0:LFwBWgreICX5FgFwBWgrfNTxXk
TLSH T179D0C9C548D339018599ACDA397A823F9082CBCC529F4FCE5DCC0625E94DB56F8A0A02
Magika shell
Reporter abuse_ch
Tags:gafgyt sh
URLMalware sample (SHA256 hash)SignatureTags
http://193.143.1.54/mips4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74 Gafgyt501 censys elf gafgyt mirai ua-wget
http://193.143.1.54/mpsl18c99e6db38118a4d50a0bca8dd475f700d3ff172a73fb6a48bdd599d4abae95 Gafgyt501 censys elf gafgyt mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
122
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Clean
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=678ec0b9b5602ee8cdadede4linux22vpnfull_triage
Tags:
n/a
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/678ebeb7c485acb3170f1fe9/reports/4850f495-f788-4ab8-aef6-e66fe3781ca9/overview
Result
Verdict:
UNKNOWN
Score:
3%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/b4d8d8b7f5def6ed65a9e7c89755969831a820ca79b93f1da3fd81ddb6b527d9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b4d8d8b7f5def6ed65a9e7c89755969831a820ca79b93f1da3fd81ddb6b527d9/
Threat name:
Script.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-01-20 21:23:03 UTC
File Type:
Text (Shell)
AV detection:
6 of 24 (25.00%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wtmnrn7v333o2znj47ejovmwtay2qigkpg4t6hnd7wa53nvve7mq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/250120-z8fmdszmbl/
Behaviour
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b4d8d8b7f5def6ed65a9e7c89755969831a820ca79b93f1da3fd81ddb6b527d9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh b4d8d8b7f5def6ed65a9e7c89755969831a820ca79b93f1da3fd81ddb6b527d9

(this sample)

Gafgyt

elf 4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74

  
URLhaus
https://urlhaus.abuse.ch/url/3407697/
  
Delivery method
Distributed via web download
  
URLhaus
https://urlhaus.abuse.ch/url/3407868/
  
URLhaus
https://urlhaus.abuse.ch/url/3407950/
  
URLhaus
https://urlhaus.abuse.ch/url/3408114/
  
Dropping
MD5 ebaf6768ac8705e48d2403468bf8df74
  
Dropping
SHA256 4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74

Comments