MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e3d61518912e281c08d6227e80fa5f98093faa354f5ad458cfdadc32d04d20f1. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e3d61518912e281c08d6227e80fa5f98093faa354f5ad458cfdadc32d04d20f1
SHA3-384 hash: a345e320a936f8055c9579263f5e36f9cf806c8dd3b3b65050a9d78b87e129937481d36ce34953c84a5643b0118be17b
SHA1 hash: b3dc35a4cffb01af7bca7bd529a66f880be8cc5c
MD5 hash: 99f017bf33a08481914292c39f5aace5
humanhash: princess-enemy-december-quiet
File name:toto
Download: download sample
Signature Gafgyt
Create hunting rule
File size:2'228 bytes
First seen:2025-08-14 10:16:27 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 48:QvZi4wh3G1949Q9Y9M91AFgW9ptEIcsGkL6L8qSL8qli8qWF8qV5:AZi2QYwECFZ9f5DGLWLpiCFp5
TLSH T1CB41F3EF1361B6F52A81CCEAF6630A389A49E5E70CC20D6CFA9D95625AECD5C3014DD0
Magika shell
Reporter abuse_ch
Tags:gafgyt sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.188.83.28/lmips4cc60746df828d8a6d7bc51881a1078a4f8854a5b7ebd7df9ac3855e8b10817f Gafgytelf gafgyt ua-wget
http://103.188.83.28/lmpsl9996d7334c378cb7a5fe762694784d903da1465eddaaf48f7a3c251d3402aea1 Gafgytelf gafgyt ua-wget
http://103.188.83.28/larm4e2614e30221d3aa30eab0871a643e49ffccead7538bcc58563cafc87f854467a Miraielf mirai ua-wget
http://103.188.83.28/larm5377eb7d0dbf209450e4c6cbfd5db6c1789e53b3f71149cfc61a3ca7982ff6d44 Miraielf mirai ua-wget
http://103.188.83.28/larm739deb6b227df9d3ceda2c754d72c8485d2aa739af2303403665d769e3be9ff9c Miraielf mirai ua-wget
ftp://3.188.83.28:21/larm7n/an/an/a
ftp://3.188.83.28:21/larm5n/an/an/a
ftp://3.188.83.28:21/larm4n/an/an/a
ftp://3.188.83.28:21/lmipsn/an/an/a
ftp://3.188.83.28:21/lmpsln/an/an/a

Intelligence

File Origin
# of uploads :
1
# of downloads :
27
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-36.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Labled as:
TrojanDownloader/Linux.Agent
Link:
https://www.hybrid-analysis.com/sample/e3d61518912e281c08d6227e80fa5f98093faa354f5ad458cfdadc32d04d20f1
Score:
93%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/e3d61518912e281c08d6227e80fa5f98093faa354f5ad458cfdadc32d04d20f1
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e3d61518912e281c08d6227e80fa5f98093faa354f5ad458cfdadc32d04d20f1/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/e3d61518912e281c08d6227e80fa5f98093faa354f5ad458cfdadc32d04d20f1
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-08-14 13:13:33 UTC
File Type:
Text (Shell)
AV detection:
6 of 23 (26.09%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=4plbkgerfyubycgwej7ib6s7taet7krvj5nniwgp3lodfucnedyq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250814-qgc8hstq16/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e3d61518912e281c08d6227e80fa5f98093faa354f5ad458cfdadc32d04d20f1

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh e3d61518912e281c08d6227e80fa5f98093faa354f5ad458cfdadc32d04d20f1

(this sample)

Gafgyt

elf 4cc60746df828d8a6d7bc51881a1078a4f8854a5b7ebd7df9ac3855e8b10817f

  
URLhaus
https://urlhaus.abuse.ch/url/3588358/
  
Delivery method
Distributed via web download
  
Dropping
MD5 288c8a7778cf3991b093c609aca1b851
  
Dropping
SHA256 4cc60746df828d8a6d7bc51881a1078a4f8854a5b7ebd7df9ac3855e8b10817f

Comments