MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 d7e4e6df87f3cbe30a24e6b6b8df6d8d0f1e9251f60261d578fc115b24586011. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: d7e4e6df87f3cbe30a24e6b6b8df6d8d0f1e9251f60261d578fc115b24586011
SHA3-384 hash: 7afb8513d2233c4902788d8ea672e741b0eb024955093c685b970fa1eaa74ff6835b9750c6970cc6468d78d1e8cfdb5d
SHA1 hash: 8a73c145cb1318af1dc72eeef7ea1503fa3b1524
MD5 hash: cb7398c6bfa8cbe161dba64a767563b3
humanhash: green-wolfram-montana-seventeen
File name:Sakura.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:1'875 bytes
First seen:2025-12-12 18:24:25 UTC
Last seen:2025-12-13 16:40:46 UTC
File type: sh
MIME type:text/plain
ssdeep 24:1ied2ieUtvYJMioT72rirUiGbMriHvickih0uviTvircqil5i5hfiQe4nP:1p2Kx5TKrPiJovbkxWOvMnK5+hf//P
TLSH T1A53172DB225206F76DE1F973316884D5F8D8A1C660C82F586BDC3DE644BFE2CB044A92
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.121.14.176/mips.Sakuraf69fcf30eb52d7c0a517f0342bdd3ca80af987e6d20ffba2f0e69001a5ef7076 Gafgytgafgyt mirai opendir
http://185.121.14.176/mipsel.Sakurac3092111ffa42da764ad13fd8ce86cb9275043a8fcc28f2b777f37a27063c016 Gafgytgafgyt mirai opendir
http://185.121.14.176/sh4.Sakura025a635c98791f0c2f2498e58f1337bc69573b5390a6325fda79ec21a500b92e Miraimirai opendir
http://185.121.14.176/x86_64.Sakurabf23ada4496bd18a02fb81323482cce0cc07d81eaaa68557199a2b6721ac7cef Gafgytgafgyt mirai opendir
http://185.121.14.176/arm6.Sakura125f499012edc6534dffa3b09899bdc20890e74938c82a54a81da35a6d2c6680 Gafgytgafgyt mirai opendir
http://185.121.14.176/i686.Sakuraf58a58117616dbb54d010dbe90fe9513005118c18baa699282c39c7af34e6005 Gafgytgafgyt mirai opendir
http://185.121.14.176/arm7.Sakura463151ea89ac13b9ef0f97b3878f70ecc3a3bc17de5102244745c4a2c9ec6833 Gafgytgafgyt mirai opendir
http://185.121.14.176/powerpc.Sakura03252c6ef5927f6135a2a20f346678fec3150454d6e43b0e75a26722052d8610 Gafgytgafgyt mirai opendir
http://185.121.14.176/i586.Sakura7832769ad06fa3451f7cf9caf998ce7664dc8c4e3c822081be6d3e5308ddd8b0 Gafgytgafgyt mirai opendir
http://185.121.14.176/m68k.Sakura4c240dd7fae03f36b7f470bed60dfc3aaaea3bd6493403f9f3f40cb61b4a86e3 Gafgytgafgyt mirai opendir
http://185.121.14.176/arm4.Sakura6a0b377d9084556b31da46a9ddde4f3994fe47ddb391b0cfb2e492ea5f1f09e5 Gafgytgafgyt mirai opendir
http://185.121.14.176/arm5.Sakura5cf788b4998959370e950fc17b05f43f2a7c5451190807c4567706b82e8847d6 Gafgytgafgyt mirai opendir

Intelligence

File Origin
# of uploads :
2
# of downloads :
43
Origin country :
DE DE
Vendor Threat Intelligence
No detections
Detection(s):
Sanesecurity.Malware.30790.LX.BOT.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-29.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Linux.Downloader-6.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive medusa mirai
Link:
https://www.filescan.io/uploads/693c5e20cf690d27f3de183a/reports/354ba001-4482-4bdf-a539-c8fa62bd58fa/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-12-12T19:38:00Z UTC
Last seen:
2025-12-12T19:52:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/d7e4e6df87f3cbe30a24e6b6b8df6d8d0f1e9251f60261d578fc115b24586011/results?tab=lookup
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/d7e4e6df87f3cbe30a24e6b6b8df6d8d0f1e9251f60261d578fc115b24586011
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/d7e4e6df87f3cbe30a24e6b6b8df6d8d0f1e9251f60261d578fc115b24586011/
Threat name:
Linux.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-12-12 18:25:30 UTC
File Type:
Text (Shell)
AV detection:
16 of 24 (66.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=27sonx4h6pf6gcre423lrx3nruhr5esr6ybgdvly7qivwjcymaiq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/251212-w2v7qavjbq/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/d7e4e6df87f3cbe30a24e6b6b8df6d8d0f1e9251f60261d578fc115b24586011

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh d7e4e6df87f3cbe30a24e6b6b8df6d8d0f1e9251f60261d578fc115b24586011

(this sample)

Gafgyt

elf f69fcf30eb52d7c0a517f0342bdd3ca80af987e6d20ffba2f0e69001a5ef7076

  
URLhaus
https://urlhaus.abuse.ch/url/3732445/
  
Delivery method
Distributed via web download
  
Dropping
MD5 c822f225bc44d167a6cfc8ecae8ea70c
  
Dropping
SHA256 f69fcf30eb52d7c0a517f0342bdd3ca80af987e6d20ffba2f0e69001a5ef7076

Comments