MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fb3c680bead66e145c31d16e0bdc7dcdda632247e457daa93f1367664fdd5328. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 8


Intelligence 8 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fb3c680bead66e145c31d16e0bdc7dcdda632247e457daa93f1367664fdd5328
SHA3-384 hash: 4168958da755ad5bd203c448e27d3cb4dc673f179213d9e1c2871350ecd79b4a139ca74e8dd4e115a11e743669e7f5fd
SHA1 hash: 8098d412f9f2e92e47ee158b2bc49e212e5701b6
MD5 hash: 5e47fa482450f244179896fd4eb9a8df
humanhash: twelve-quebec-burger-shade
File name:massload
Download: download sample
Signature Gafgyt
Create hunting rule
File size:1'972 bytes
First seen:2025-05-02 09:51:37 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:QvZi4wDIbTWW0o/aKA/6WLo/lKA/2n7M/A2UzjKKA/qwgv35QeDVGUGKA/w:QvZi4w8TWW0o/aaWLo/lqw/355CpNGQ
TLSH T19D41C8A81732DE26D603DF94A0629344BC4ADEB639A30D70E5DC00B6D5ECE743562D6F
Magika shell
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://103.188.82.240/skid.mips4baa8232e960916b0718f13163b3cfc72ea98a4dfbe92308ead25ca308a353ff Gafgytelf gafgyt ua-wget
http://103.188.82.240/skid.mpsln/an/aelf ua-wget
http://103.188.82.240/skid.arm0d69826a2d0861d1a22985cadf7df3693ff97c110df1ec8d90ca3b4a3f5f53aa Miraielf mirai
http://103.188.82.240/skid.arm5n/an/aelf mirai
http://103.188.82.240/skid.arm79af6d65181a6f3a7d75443586c298a27904083ee7a931a8d4601625fc4ca016f Miraielf mirai

Intelligence

File Origin
# of uploads :
1
# of downloads :
74
Origin country :
DE DE
Vendor Threat Intelligence
Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6814bdb44355f44aee68619flinux22vpnfull_triage
Tags:
downloader mirai virus hype
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
evasive
Link:
https://www.filescan.io/uploads/681495cdd95f3e34e95ed859/reports/44b7ffc2-6c80-45df-9efb-2771b05c6751/overview
Verdict:
Malicious
Labled as:
Trojan.Agent
Link:
https://www.hybrid-analysis.com/sample/fb3c680bead66e145c31d16e0bdc7dcdda632247e457daa93f1367664fdd5328
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/fb3c680bead66e145c31d16e0bdc7dcdda632247e457daa93f1367664fdd5328
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fb3c680bead66e145c31d16e0bdc7dcdda632247e457daa93f1367664fdd5328/
Threat name:
Script.Trojan.Multiverze
Create hunting rule
Status:
Malicious
First seen:
2025-05-02 09:33:40 UTC
File Type:
Text (Shell)
AV detection:
13 of 36 (36.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7m6gqc7k2zxbixbr2fxaxxd5zxnggish4rl5vkj7cntwmt65kmua._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250502-pmrsescj4y/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/fb3c680bead66e145c31d16e0bdc7dcdda632247e457daa93f1367664fdd5328

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh fb3c680bead66e145c31d16e0bdc7dcdda632247e457daa93f1367664fdd5328

(this sample)

Gafgyt

elf db6c6caa297a619141163efa294ed0195428d38e86a28659d5d8857a66088f44

  
URLhaus
https://urlhaus.abuse.ch/url/3532532/
  
Delivery method
Distributed via web download
  
Dropping
MD5 9df35a98c836c75eb3f3c734d2a20a08
  
Dropping
SHA256 db6c6caa297a619141163efa294ed0195428d38e86a28659d5d8857a66088f44

Comments