MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 f61cc795f9031778a10c122b77b1f50ba7cd1bdffa98d9de3a5dcf70530d442c. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: f61cc795f9031778a10c122b77b1f50ba7cd1bdffa98d9de3a5dcf70530d442c
SHA3-384 hash: 7935259b012f41f9942498063900e65987ab2f49c923bf595a7fb59991f3e8edcf0b59f652d53d64af02aaa373dbe75e
SHA1 hash: c79b8396ae90aed7d49eb1fe46caef6feafd138a
MD5 hash: accbbdab27605a96dd9342b2f175b6a0
humanhash: crazy-paris-snake-video
File name:phi.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:839 bytes
First seen:2025-04-09 10:32:49 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:03gkKTdk3zkk8z/khrckOPki/k9ukwO4kyNIfeknkYK73:ltZekBz/acvN/No42eSkYo3
TLSH T156013CCD1EE553FE89199EE8B460CD49908D65C3B5748F7CFEB108DA0CD6612780CE66
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://185.142.53.233/mips63e5d4c2ac320aa49bfc1c23e1a253c00ec5e51b4b64f0fb304c34f4d0a6fa56 Gafgytddos elf gafgyt mirai
http://185.142.53.233/mpsl1f20bd51306a7cd754a0d6864311ca2a4fc8def258607ba35285216eb39e6891 Gafgytddos elf gafgyt mirai
http://185.142.53.233/x8605e5afb5cf3997973ad7701749efddcc5876dcf7069d398c95c3e8dda1b2d088 Miraiddos elf mirai
http://185.142.53.233/i68618649e80c64bc1b3c27f82fb5b86424ac7d8b2c910dc10d888cdc1d4bd4db2bc Miraiddos elf mirai
http://185.142.53.233/sh4b2aae96dfe77848425790b7370da4c15fa7de04d3cb2c6469470c751bce0eb09 Gafgytgafgyt mirai ua-wget
http://185.142.53.233/ppc17277a6d4918a77790c1492d4595367a53249ad3e646589083488bba619b6fd3 Miraimirai ua-wget
http://185.142.53.233/arcn/an/amirai ua-wget
http://185.142.53.233/arm4e630d71a3ebf5faede6525d46ec1ce4880c2276b941e71f03fea47189efcbe4 Miraiddos elf mirai
http://185.142.53.233/arm571922b4599572f865e6446137409eddcca93ef567eeded9c2684c5adf9d33c72 Miraiddos elf mirai
http://185.142.53.233/arm6b1d10651ccda9afdfb1876f967df8b4f2971283e928dfcbc6f867abc58581dcb Miraiddos elf mirai
http://185.142.53.233/arm7b530d6edb5659f75331fac721a888aaae428a06d6b3f658b1b0c9d23c4b75ba0 Miraimirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
85
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
94.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=67f6516f71beff15dccdeeb2linux22vpnfull_triage
Tags:
backdoor trojan mirai agent
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/67f64ce740adfb5162bd542c/reports/8d1cabad-a1ed-4aee-b108-d31dcdd1694a/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/f61cc795f9031778a10c122b77b1f50ba7cd1bdffa98d9de3a5dcf70530d442c
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/f61cc795f9031778a10c122b77b1f50ba7cd1bdffa98d9de3a5dcf70530d442c/
Threat name:
Script-Shell.Trojan.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-04-09 10:33:12 UTC
File Type:
Text (Shell)
AV detection:
9 of 24 (37.50%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=6yompfpzamlxriimcivxpmpvbot42g677kmntxr2lxhxauyniqwa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250409-mljpbaxyby/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/f61cc795f9031778a10c122b77b1f50ba7cd1bdffa98d9de3a5dcf70530d442c

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh f61cc795f9031778a10c122b77b1f50ba7cd1bdffa98d9de3a5dcf70530d442c

(this sample)

Gafgyt

elf d49cb41dedd926fb75dd7e41f58549d7f5598801cc80fc1a60d491fae39a02a8

  
URLhaus
https://urlhaus.abuse.ch/url/3491725/
  
Delivery method
Distributed via web download
  
Dropping
MD5 893fdda544d7db0ebf700068e0887d61
  
Dropping
SHA256 d49cb41dedd926fb75dd7e41f58549d7f5598801cc80fc1a60d491fae39a02a8

Comments