MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d6ccc737f8f8195bd472e56d405f3dba28bb338e9f5a83814a84e43d3910f7a0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 2


Intelligence 2 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d6ccc737f8f8195bd472e56d405f3dba28bb338e9f5a83814a84e43d3910f7a0
SHA3-384 hash: ddf5dae74a2573d4e1961a401114b410d221d66bbbe7dae8ce7073588d4319eb050a2d0bbab252f99e3959c79057b524
SHA1 hash: bb70543ac0347d3671740e76efc5453702e29d15
MD5 hash: 41b9b0496fc3c3ee4661dac83497b17e
humanhash: oscar-queen-utah-jersey
File name:g.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:894 bytes
First seen:2025-11-29 10:43:09 UTC
Last seen:Never
File type: sh
MIME type:text/x-shellscript
ssdeep 24:gpb5GKBo/hseTX9hXZ1gYcq0ECQPeV242L8L7wEKfYxn:WHuScNtZG1q0/BVGo41Yxn
TLSH T15E11EB36E81DE820077A4098EE06A285FD2A89030F242933711CA0F0BF3C053A1BEF6D
TrID 69.9% (.SH) Linux/UNIX shell script (7000/1)
29.9% (.) Unix-like shebang (var.3) (gen) (3000/1)
0.0% (.PIC) Bio-Rad Image(s) bitmap (2/1)
Magika shell
Reporter juroots
Tags:gafgyt sh

Intelligence

File Origin
# of uploads :
1
# of downloads :
32
Origin country :
CH CH
Vendor Threat Intelligence
No detections
Verdict:
Unknown
File Type:
unix shell
First seen:
2025-11-29T11:07:00Z UTC
Last seen:
2025-11-30T08:47:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/d6ccc737f8f8195bd472e56d405f3dba28bb338e9f5a83814a84e43d3910f7a0/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/9681b377-1f8c-4c6b-9a7e-762f0dbdaed5
Behavior Graph:
Download SVG
%3
Score:
3%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/d6ccc737f8f8195bd472e56d405f3dba28bb338e9f5a83814a84e43d3910f7a0
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d6ccc737f8f8195bd472e56d405f3dba28bb338e9f5a83814a84e43d3910f7a0/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=23gmon7y7amvxvds4vwuaxz5xiulwm4ot5nihakkqtsd2oiq66qa._file
Result
Malware family:
n/a
Score:
  1/10
Tags:
linux
Link:
https://tria.ge/reports/251129-ms4ytsf15f/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d6ccc737f8f8195bd472e56d405f3dba28bb338e9f5a83814a84e43d3910f7a0

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments