MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ebe86738edc3342b23a640365cf34e2b26d131d0d25b86f61f48f050db1aa5f8. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: ebe86738edc3342b23a640365cf34e2b26d131d0d25b86f61f48f050db1aa5f8
SHA3-384 hash: cc4b5bc9dc6fa4a8e666ab0ad788397493cdaa1eca43f434dd075d79700d436d54a4756002ad5e851dd49c726657b07b
SHA1 hash: b63ad21caca63199a7f9ba069ab540f01453a493
MD5 hash: 0e274a0a1787c45da73a59e512ce34c2
humanhash: july-echo-violet-johnny
File name:uni
Download: download sample
Signature Gafgyt
Create hunting rule
File size:420 bytes
First seen:2025-05-02 09:51:34 UTC
Last seen:2025-05-03 02:50:50 UTC
File type: sh
MIME type:text/plain
ssdeep 12:oSgmyVeU5Sgz8f8e5Ss35LKxQJ5Ss9aQga425SspQK+:odSOdz80gbKxQ7BG
TLSH T186E06DCE32F31033C129DD1CA0B3E984A40EC8A016800E9AFEDC0036D0CCED2F4AEA84
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.188.82.240/lol.mipsf1b28e62c492e270fd7fc9869efc4dc682e5b8f141a8b65c01a374451713498a Gafgytelf gafgyt ua-wget
http://103.188.82.240/lol.mpsln/an/aelf ua-wget
http://103.188.82.240/lol.arm7f166e9e934173288ebc53565bccda8e8677c5ec32db06e4f8dd8dc1c691826fc Miraielf mirai
http://103.188.82.240/lol.arm5n/an/aelf
http://103.188.82.240/lol.arma5f373d08117f2649b6e5eb1cdd2594fdddc2a2000c19a98718de3b924f0fce1 Miraielf mirai

Intelligence

File Origin
# of uploads :
2
# of downloads :
75
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-35.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6814bdb2d5cdbfe0eb6833d1linux22vpnfull_triage
Tags:
downloader mirai virus shell
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Link:
https://www.filescan.io/uploads/681495cad95f3e34e95ed854/reports/4dd82e0c-60df-4fdf-88e1-5ae55a1ccf52/overview
Verdict:
Malicious
Labled as:
Downloader/Shell.Generic
Link:
https://www.hybrid-analysis.com/sample/ebe86738edc3342b23a640365cf34e2b26d131d0d25b86f61f48f050db1aa5f8
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/ebe86738edc3342b23a640365cf34e2b26d131d0d25b86f61f48f050db1aa5f8
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/ebe86738edc3342b23a640365cf34e2b26d131d0d25b86f61f48f050db1aa5f8/
Threat name:
Script.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-05-02 09:33:36 UTC
File Type:
Text (Shell)
AV detection:
10 of 24 (41.67%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5pugoohnym2cwi5gia3fz42ofmtncmoq2jnyn5q7jdyfbwy2ux4a._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250502-pmrgnaz1gz/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/ebe86738edc3342b23a640365cf34e2b26d131d0d25b86f61f48f050db1aa5f8

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh ebe86738edc3342b23a640365cf34e2b26d131d0d25b86f61f48f050db1aa5f8

(this sample)

Gafgyt

elf e7f9ca61cb11f77636c8b00720378d339f4bb9ade3ccd7c7880cf17b659a345c

  
URLhaus
https://urlhaus.abuse.ch/url/3532529/
  
Delivery method
Distributed via web download
  
Dropping
MD5 5b37e860af3a6fac698c83642570fc3d
  
Dropping
SHA256 e7f9ca61cb11f77636c8b00720378d339f4bb9ade3ccd7c7880cf17b659a345c

Comments