MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bc147fa60e9dc9c133d17786f9f665091ca00be282c7edfcba358154e7bdd25c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bc147fa60e9dc9c133d17786f9f665091ca00be282c7edfcba358154e7bdd25c
SHA3-384 hash: cf88fe4f3c342313ea4f28a809511e6a8128c598cd6b1e8d5032b62e022c6cd8543f5883938288f4687fb00f936ea59b
SHA1 hash: 19cf088b50aa87964b4324c7bf75a8732e673178
MD5 hash: 47f5b0c094ccd6ad093e8bc882081f79
humanhash: vegan-kentucky-alabama-missouri
File name:massload
Download: download sample
Signature Gafgyt
Create hunting rule
File size:1'932 bytes
First seen:2025-04-27 18:22:19 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:QvZi4w8TW1W41o/v2bXq1Wt1o/8TgXYdpa/yAGDENjeftoBL9Q:AZi31W41ov2bXq1Wt1o8TgXuANteftok
TLSH T1304146A98772DE92AF57DF44A122D305BC439AB234634A30E8D810B6C87CE781166D2F
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://62.60.232.26/skid.mips8373c1e092654ddf2b6df9ab2972a5db78ff04702c48a202bc5e6bc51cc3f7a1 Gafgytelf gafgyt
http://62.60.232.26/skid.mpsln/an/aelf
http://62.60.232.26/skid.arm52e8a4647623af431a0a384f7d7b31a142f3195a1366288dba78a10564640bc8 Miraielf mirai
http://62.60.232.26/skid.arm5n/an/aelf
http://62.60.232.26/skid.arm794c8932063761ecd43ed95d0ca486fbf23eed31d11da30db9279a1805b7d7455 Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
80
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
97.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=680f2a05cc5fb3600cc3c72flinux22vpnfull_triage
Tags:
downloader mirai agent virus
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive expand lolbin remote
Link:
https://www.filescan.io/uploads/680e7617833df795debccbed/reports/48c2753c-e096-4de6-a7e9-04df113a6a0b/overview
Verdict:
Malicious
Labled as:
Trojan.Agent
Link:
https://www.hybrid-analysis.com/sample/bc147fa60e9dc9c133d17786f9f665091ca00be282c7edfcba358154e7bdd25c
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/bc147fa60e9dc9c133d17786f9f665091ca00be282c7edfcba358154e7bdd25c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bc147fa60e9dc9c133d17786f9f665091ca00be282c7edfcba358154e7bdd25c/
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-04-27 15:28:50 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=xqkh7jqotxe4cm6ro6dpt5tfbeokac7cqld637f2gwavjz552joa._file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bc147fa60e9dc9c133d17786f9f665091ca00be282c7edfcba358154e7bdd25c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh bc147fa60e9dc9c133d17786f9f665091ca00be282c7edfcba358154e7bdd25c

(this sample)

Gafgyt

elf 8373c1e092654ddf2b6df9ab2972a5db78ff04702c48a202bc5e6bc51cc3f7a1

  
URLhaus
https://urlhaus.abuse.ch/url/3526666/
  
Delivery method
Distributed via web download
  
Dropping
MD5 7a65b86014c1b1ba692ba15a5c3a76cf
  
Dropping
SHA256 8373c1e092654ddf2b6df9ab2972a5db78ff04702c48a202bc5e6bc51cc3f7a1

Comments