MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 cfcb2a312ad30027802280bf75db59e249707d48e263783d860f9a801219b02f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: cfcb2a312ad30027802280bf75db59e249707d48e263783d860f9a801219b02f
SHA3-384 hash: 04aa2e24732aa5f9e71c1b816365424fadfda77da955f01d649a5548a3e52aa24796a469b18f5c96f3faeabaa57862ef
SHA1 hash: 22fcb1cb2f3f2198a15cfc1eaba3c619922e1cbe
MD5 hash: a1c4a7fa1e6bdd3c6b366d3a1d9061d6
humanhash: september-mexico-six-april
File name:buf
Download: download sample
Signature Gafgyt
Create hunting rule
File size:834 bytes
First seen:2025-04-09 10:12:37 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:R3gkKTdk3zkk8z/khrckOPki/k9ukwO4kyNIfeknkYK7L:2tZekBz/acvN/No42eSkYoL
TLSH T13C017CCD1EE453FE85199EE8B460CD49908D65C3B5748F3CFAB108DA0CD6B12380CE66
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.142.53.233/mips1115f758d81297173822b6403732150d67679c78959e03e4ca859337be0821f0 Gafgytddos elf gafgyt mirai
http://185.142.53.233/mpsl0838726b7805ee5198b7826afa3629936a4934fd98bd0df583b541e44ea0ad6b Gafgytddos elf gafgyt mirai
http://185.142.53.233/x8618c54bb07726b64710800d9fdc6154fa6a9eb18076b3b3803085809cb3f709af Miraiddos elf mirai
http://185.142.53.233/i6869e2207583a555e052572b26d105f58caacf8e65793b501caa064569d32aaffec Miraiddos elf mirai
http://185.142.53.233/sh4c402d76e0eceddf041567bc80914549ec7371ed091d0f66878b924703017a3ec Gafgytgafgyt mirai ua-wget
http://185.142.53.233/ppcn/an/amirai ua-wget
http://185.142.53.233/arcn/an/amirai ua-wget
http://185.142.53.233/arm66e52629466f769be17bcf6b20aee63e2bacbc19497749713d7b95da96571a70 Miraiddos elf mirai
http://185.142.53.233/arm5152a0a31ba2f6df93ae927ad82c8288f2bac69583236f6fe7855e9237bcbd06f Miraiddos elf mirai
http://185.142.53.233/arm67e44021f9458606e1deb53f19e80ec81d358b76341065451345f40e0f2454513 Miraiddos elf mirai
http://185.142.53.233/arm7fc4b814d40c1602ae693c8ddf483b659bbf0b63e301c11a9b4928fea74e01c56 Miraimirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
93.3%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f687f471beff15dcce4690linux22vpnfull_triage
Tags:
backdoor trojan agent
Verdict:
Malicious
Labled as:
Linux/TrojanDownloader.SH
Link:
https://www.hybrid-analysis.com/sample/cfcb2a312ad30027802280bf75db59e249707d48e263783d860f9a801219b02f
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/cfcb2a312ad30027802280bf75db59e249707d48e263783d860f9a801219b02f
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/cfcb2a312ad30027802280bf75db59e249707d48e263783d860f9a801219b02f/
Threat name:
Script-Shell.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-04-09 14:31:11 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=z7fsumjk2macpabcqc7xlw2z4jexa7ki4jrxqpmgb6niaeqzwaxq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250409-rvqanstvey/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/cfcb2a312ad30027802280bf75db59e249707d48e263783d860f9a801219b02f

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh cfcb2a312ad30027802280bf75db59e249707d48e263783d860f9a801219b02f

(this sample)

Gafgyt

elf d49cb41dedd926fb75dd7e41f58549d7f5598801cc80fc1a60d491fae39a02a8

  
URLhaus
https://urlhaus.abuse.ch/url/3491722/
  
Delivery method
Distributed via web download
  
Dropping
MD5 893fdda544d7db0ebf700068e0887d61
  
Dropping
SHA256 d49cb41dedd926fb75dd7e41f58549d7f5598801cc80fc1a60d491fae39a02a8

Comments