MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 e76eeeeac4e6a4e8e7c996b0ebd24fdee126547bf9ec89026ba42e29608bbeae. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: e76eeeeac4e6a4e8e7c996b0ebd24fdee126547bf9ec89026ba42e29608bbeae
SHA3-384 hash: f5438acfce64d4cd94cd1cb3440664992bd25f1687d8600c7777f4caa52d427a19871bcc9f6a4d3736aaab820e9e2df2
SHA1 hash: b3020c7ab678334c4ba4e80775a7f86903f3b3b8
MD5 hash: e7bedca7578054f7d6b63125bf8e82b4
humanhash: twenty-nuts-lamp-diet
File name:gig.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:216 bytes
First seen:2025-02-10 16:41:24 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 3:L2UiMwWcqRvLdgoKxV7GBzSEyLTUWwOeXGUi9WFKV2UiMwWcqRvLdgoKoaBzSE89:LFwS8VCICX5FgFwSYNTxXk
TLSH T112D0C9C544D33D518598AC997A7A813F9082C7CCA2170BCFA8CD0625EA4DB59FCB0A42
Magika shell
Reporter abuse_ch
Tags:gafgyt sh
URLMalware sample (SHA256 hash)SignatureTags
http://94.156.167.35/mips4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74 Gafgytelf gafgyt ua-wget
http://94.156.167.35/mpsl18c99e6db38118a4d50a0bca8dd475f700d3ff172a73fb6a48bdd599d4abae95 Gafgytelf gafgyt ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
78
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67aa2c9f49f32dfb0d82dc20linux22vpnfull_triage
Tags:
hype sage
Result
Verdict:
UNKNOWN
Score:
2%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/e76eeeeac4e6a4e8e7c996b0ebd24fdee126547bf9ec89026ba42e29608bbeae
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/e76eeeeac4e6a4e8e7c996b0ebd24fdee126547bf9ec89026ba42e29608bbeae/
Threat name:
Script-Shell.Browser.Tsunami
Create hunting rule
Status:
Malicious
First seen:
2025-02-10 16:42:20 UTC
File Type:
Text (Shell)
AV detection:
5 of 24 (20.83%)
Threat level:
  4/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=45xo52we42sorz6js2yoxusp33qsmvd37hwisatluqxcsyelx2xa._file
Result
Malware family:
n/a
Score:
  8/10
Tags:
adware discovery persistence privilege_escalation stealer
Link:
https://tria.ge/reports/250210-t7rqdayjfx/
Behaviour
Modifies Internet Explorer settings
Modifies data under HKEY_USERS
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System policy modification
Uses Task Scheduler COM API
Enumerates physical storage devices
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Drops file in Program Files directory
Drops file in System32 directory
Checks installed software on the system
Installs/modifies Browser Helper Object
Event Triggered Execution: Component Object Model Hijacking
Executes dropped EXE
Boot or Logon Autostart Execution: Active Setup
Downloads MZ/PE file
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/e76eeeeac4e6a4e8e7c996b0ebd24fdee126547bf9ec89026ba42e29608bbeae

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh e76eeeeac4e6a4e8e7c996b0ebd24fdee126547bf9ec89026ba42e29608bbeae

(this sample)

Gafgyt

elf 4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74

  
URLhaus
https://urlhaus.abuse.ch/url/3434974/
  
Delivery method
Distributed via web download
  
Dropping
MD5 ebaf6768ac8705e48d2403468bf8df74
  
Dropping
SHA256 4fc73b02bd0cc4d44ee8da03ce5ab8b74fb67409fb223c3f36b06dc22dc0dd74

Comments