MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 ecfb22505b6fd196952a778df55dd949b67b7aadc0f71d9e6aa17d241981847b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Gafgyt

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	ecfb22505b6fd196952a778df55dd949b67b7aadc0f71d9e6aa17d241981847b
SHA3-384 hash:	28521d41b6be1c7fe3d66f19e16f60d264a3191cd6392c8e0c445e5f3d272ae8448cc114992b4421fa28d23bbfeebbb4
SHA1 hash:	1870328f5c8913ba20daaee2907bce134e6ab530
MD5 hash:	a6c7a4c983707ecee624ac67a1aa43b3
humanhash:	black-louisiana-pennsylvania-william
File name:	a6c7a4c983707ecee624ac67a1aa43b3
Download:	download sample
Signature	Gafgyt Create hunting rule
File size:	63'412 bytes
First seen:	2021-06-19 21:03:10 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	1536:WqbsJVy12Qd7kMdVTiXhsreJYqQibwzY1HBRgs/DC:WPJVyNdfXTiXqrrEbwQfW
TLSH	86530290164B3884F6250D398A4DA5C707339AF5DB37A36EB4587C46F9293C83BBE5C2
Reporter	zbetcheckin
Tags:	32 arm elf gafgyt mirai

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

arm

Packer:

UPX

Botnet:

Number of open files:

1213

Number of processes launched:

Processes remaning?

true

Full report:

https://elfdigest.com/brief/ecfb22505b6fd196952a778df55dd949b67b7aadc0f71d9e6aa17d241981847b

Behaviour

Persistence

Process Renaming

Botnet C2s

TCP botnet C2(s):

136.144.41.164:1

Result

Verdict:

UNKNOWN

Malware family:

Mirai

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/22711e56-260f-428b-9661-7e96bad56a68

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/ecfb22505b6fd196952a778df55dd949b67b7aadc0f71d9e6aa17d241981847b/

Threat name:

Linux.Trojan.Gafgyt

Status:

Malicious

First seen:

2021-06-19 21:03:15 UTC

AV detection:

11 of 29 (37.93%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

1/10

Tags:

linux

Link:

https://tria.ge/reports/210619-fk3cplxp3e/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Legit

Score:

0.20

Link:

https://yomi.yoroi.company/submissions/ecfb22505b6fd196952a778df55dd949b67b7aadc0f71d9e6aa17d241981847b

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

elf ecfb22505b6fd196952a778df55dd949b67b7aadc0f71d9e6aa17d241981847b

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/1380463/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample