MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b5abcef3e8dcdb0fce681aeef9102da1570da544e792c344b1fbe4f26493c716. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: b5abcef3e8dcdb0fce681aeef9102da1570da544e792c344b1fbe4f26493c716
SHA3-384 hash: 77655cbb720d4563349565ebdc78c446f21998b82b61c864c41db8bda367fa0febf76fd841d3f770cfb6452e741911df
SHA1 hash: b7402dd14ef719fe72ede7d251641077f3ad2c29
MD5 hash: 10dc6a03730f0046b4123bd5988600bc
humanhash: seventeen-earth-floor-lion
File name:bee
Download: download sample
Signature Gafgyt
Create hunting rule
File size:421 bytes
First seen:2025-01-27 18:51:50 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 6:SiqwMuwqTanIvCwqEIaCwq4rwqtRwq7NIl5gCwqxa0LKiqv:9rLwgvCwoaCwbwIRw8NIl5rw90LK9
TLSH T1DBE0158D3A6872970C6AEF43B072C8C1501FE6DC20785F1EA64514F98CB6721332CB89
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.121.15.223/armn/an/an/a
http://185.121.15.223/x86bbbd8da54939b309d5355cb37e5e526d0fd504634fe8e17d5b6a79635a951028 Gafgytddos elf gafgyt mirai
http://185.121.15.223/mips3609f8f3d45d41da70c11fc558eb7e37b6cae17d88c0179a4473d9991dad23cc Miraiddos elf mirai
http://185.121.15.223/arm4b4ab364f43de425342f4aca0f4b1986fcc8e88be840a4be9c4bd4fff3ea7ac57 Miraiddos elf mirai
http://185.121.15.223/arm5f641c646b09a47bce17d7c55b7323bb67bf16c151269d125f9615455955ab201 Miraiddos elf mirai
http://185.121.15.223/arm61200075da17d87d7748d66dde17eceb0f75fb2a2a491da622db0cdd3a61077a1 Miraiddos elf mirai
http://185.121.15.223/arm71473bb781c7add63f1a618d9a1a3ae5ab9fc8e58d3c734fd0eea422ff7436b70 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
48
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6798c01a29ae628cf42a4caelinux22vpnfull_triage
Tags:
mirai virus agent shell
Verdict:
Malicious
Labled as:
Downloader/Shell.Generic
Link:
https://www.hybrid-analysis.com/sample/b5abcef3e8dcdb0fce681aeef9102da1570da544e792c344b1fbe4f26493c716
Result
Verdict:
UNKNOWN
Score:
0%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/b5abcef3e8dcdb0fce681aeef9102da1570da544e792c344b1fbe4f26493c716
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/b5abcef3e8dcdb0fce681aeef9102da1570da544e792c344b1fbe4f26493c716/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Malicious
First seen:
2025-01-27 18:42:28 UTC
File Type:
Text (Shell)
AV detection:
11 of 38 (28.95%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=wwv4547i3tnq7ttidlxpsebnuflq3jke46jmgrfr7pspezety4la._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/b5abcef3e8dcdb0fce681aeef9102da1570da544e792c344b1fbe4f26493c716

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh b5abcef3e8dcdb0fce681aeef9102da1570da544e792c344b1fbe4f26493c716

(this sample)

Gafgyt

elf bbbd8da54939b309d5355cb37e5e526d0fd504634fe8e17d5b6a79635a951028

  
URLhaus
https://urlhaus.abuse.ch/url/3416379/
  
Delivery method
Distributed via web download
  
Dropping
MD5 1025ea436c3c70dc425095864925c263
  
Dropping
SHA256 bbbd8da54939b309d5355cb37e5e526d0fd504634fe8e17d5b6a79635a951028

Comments