MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bf82b79ca4803adef7ce4d2456d6d3adb04a867fedebd07de87feeb8d5761e11. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: bf82b79ca4803adef7ce4d2456d6d3adb04a867fedebd07de87feeb8d5761e11
SHA3-384 hash: 91963750d7fca6a1ef683ca6f660087811637410e14adda356b483ac2bac11a2174759d5ca150670d25c1de9975c35a0
SHA1 hash: 525929aa8a7bbc242440466c3d13bcc33e936c8a
MD5 hash: 67b124f46237ed974be78dd8bd75b509
humanhash: summer-pennsylvania-oscar-july
File name:arm
Download: download sample
Signature Gafgyt
Create hunting rule
File size:21'536 bytes
First seen:2024-12-13 06:31:09 UTC
Last seen:2025-01-03 23:39:06 UTC
File type: elf
MIME type:application/x-executable
ssdeep 384:KLkUNql60ng+cVFERDvp78PFZcJSLBjP5GNNDP5Xcjtmx4MMywHcF1q2VUFx4ePu:KLk8ql60bcVFExvpowQhP5udP5Xcjoqn
TLSH T10EA23A99B888DA56C2C0527AFE9C934D37326B64D1DF33430F267F522A8686A0F3F545
telfhash t17ad0a9320d8c0dca7aa0454108dd3a269910b0c77eee8c1732f2ded94287d83d425047
TrID 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12)
49.8% (.O) ELF Executable and Linkable format (generic) (4000/1)
Magika elf
Reporter abuse_ch
Tags:elf gafgyt mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
154
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.Mirai-7732430-0
Create hunting rule

Verdict:
Clean
Score:
82.2%
Link:
https://cyber-fortress.com/docs/result/index.php?id=675bd5f989dbe216234f3fd6linux22vpnfull_triage
Tags:
malware
Result
Verdict:
Clean
Maliciousness:
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug
Link:
https://www.filescan.io/uploads/675bd4e6d0bf6a811f2d961a/reports/69e066ed-ede2-458c-a85c-ed1382d1f886/overview
Verdict:
Malicious
Uses P2P?:
false
Uses anti-vm?:
false
Architecture:
arm
Packer:
not packed
Botnet:
unknown
Number of open files:
1
Number of processes launched:
0
Processes remaning?
false
Remote TCP ports scanned:
not identified
Full report:
https://elfdigest.com/brief/bf82b79ca4803adef7ce4d2456d6d3adb04a867fedebd07de87feeb8d5761e11
Behaviour
no suspicious findings
Botnet C2s
TCP botnet C2(s):
not identified
UDP botnet C2(s):
not identified
Result
Verdict:
UNKNOWN
Malware family:
LeetHozer
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/abf163f8-2acf-46cf-b60f-8bc80462bec8
Result
Threat name:
n/a
Detection:
malicious
Classification:
n/a
Score:
48 / 100
Link:
https://www.joesandbox.com/analysis/1574249
Signature
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1574249 Sample: arm.elf Startdate: 13/12/2024 Architecture: LINUX Score: 48 15 85.239.34.134, 31337, 50768 RAINBOW-HKRainbownetworklimitedHK Russian Federation 2->15 17 109.202.202.202, 80 INIT7CH Switzerland 2->17 19 2 other IPs or domains 2->19 21 Multi AV Scanner detection for submitted file 2->21 7 arm.elf 2->7         started        9 dash rm 2->9         started        11 dash rm 2->11         started        signatures3 process4 process5 13 arm.elf 7->13         started       
Score:
100%
Verdict:
Malware
File Type:
ELF
Link:
https://malprob.io/report/bf82b79ca4803adef7ce4d2456d6d3adb04a867fedebd07de87feeb8d5761e11
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/bf82b79ca4803adef7ce4d2456d6d3adb04a867fedebd07de87feeb8d5761e11/
Threat name:
Linux.Trojan.Mirai
Create hunting rule
Status:
Malicious
First seen:
2024-12-13 02:40:13 UTC
File Type:
ELF32 Little (Exe)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=x6blphfeqa5n556ojusfnvwtvwyevbt75xv5a7pip7xlrvlwdyiq._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
n/a
Link:
https://tria.ge/reports/241213-halx3sspdk/
Verdict:
Malicious
Tags:
Unix.Trojan.Mirai-7732430-0
YARA:
n/a
Link:
https://app.threat.zone/submission/4cf85fd8-77aa-426b-aa23-a7446870b293
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/bf82b79ca4803adef7ce4d2456d6d3adb04a867fedebd07de87feeb8d5761e11

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

elf bf82b79ca4803adef7ce4d2456d6d3adb04a867fedebd07de87feeb8d5761e11

(this sample)

  
URLhaus
https://urlhaus.abuse.ch/url/3347286/
  
Delivery method
Distributed via web download

Comments