MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 fc3ce236af095224f7922f9260cecb17b4b7a19d55bf846b6af5e02a50e5b65d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Gafgyt


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: fc3ce236af095224f7922f9260cecb17b4b7a19d55bf846b6af5e02a50e5b65d
SHA3-384 hash: 3008a8ec644d65f8c7435f96a82c229fafb63712c77e39cb7f0ed2738f80329e767eaa4dc00b253ffc96ad474c683f36
SHA1 hash: 843f2f509474896405bea5a6560a05425d88dce1
MD5 hash: 40a092381f0ceaf0936cb8b4193df4bb
humanhash: shade-oxygen-edward-asparagus
File name:w.sh
Download: download sample
Signature Gafgyt
Create hunting rule
File size:1'519 bytes
First seen:2025-07-28 17:25:12 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 24:VENEPFV2fl45jG75ABAoA11unuauj1uQ9uQkuQ11u5uQuB1uYuxuL01U/1ETZS0p:LPFV2fl45jG75CXaQuPjQrSKQURBQJ8W
TLSH T1C43146C94E62950388BCCF31F04AC7AC6E8FC6A379A06E9A54CE5CF35548F147035E1A
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://196.251.73.115/HBTs/top1miku.arc3c50537e42808274d55be2ecc86d0f1a500b4035ab3909aecef40674b5e17376 Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.i58668ba5ec8df1009b7df49156b75101bd0cb995ec7c3f395e89fcaf4e0ffa021e0 Mirai32-bit elf geofenced honeypot mirai ua-wget USA
http://196.251.73.115/HBTs/top1miku.x86_64534ae1dae832cc0346b2668f297d6607146a284d52911745f66287e221e8eb6a Gafgyt64-bit elf gafgyt geofenced honeypot ua-wget USA
http://196.251.73.115/HBTs/top1miku.i6864effee870aa7a9d00e6ee7e91507f9baa7cc61f2a73a0ba2ed3313c5d1a1ded7 Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.mipsa45df75f26e340d38db002bb1efffbf223090e958d3c89b302e8e3296a70e4a5 Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.mipsele3dbf697428e94539ead3bf7be9031446c413d90c23fca0189322902913b9385 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.armv4lc6d6cd1f14b543ce376cb43f767526b2ee56006597b50d814e29d91ea87bd473 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.armv5lab3684d9e81eb52ac6d2de5b6cfb2c555ee9f4d281e98d21c7afad6fc7c86d60 Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.armv6le5473a4d57b8ddba7aaf61c94087164f486536eeb92937315d50b11285fcf745 Miraielf geofenced mirai opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.armv7l66dcb48a513212f97ea2d5854a75684e45205ef7df570537b6dccf9a50f884fe Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.powerpc0a5518cc7853e55a323b28b5f624b5fafd9117579b1aa146156673d5119f7a9b Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.sparcn/an/aelf opendir ua-wget
http://196.251.73.115/HBTs/top1miku.m68k24fceae9a3d9a561b077832522cbb11fc839d32c89b2019cb06374c4a52f269a Gafgytelf gafgyt geofenced opendir ua-wget USA
http://196.251.73.115/HBTs/top1miku.sh44e30c23211a643f52b7a509c8f9697a5d2b48a8fe84d02141b1be02ee4206c43 Gafgytelf gafgyt geofenced opendir ua-wget USA

Intelligence

File Origin
# of uploads :
1
# of downloads :
29
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
mirai
Link:
https://www.filescan.io/uploads/6887b28713488cfd44dc8bff/reports/1c7ddd79-7602-45e2-a960-4cf7d801d6ed/overview
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/fc3ce236af095224f7922f9260cecb17b4b7a19d55bf846b6af5e02a50e5b65d
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/fc3ce236af095224f7922f9260cecb17b4b7a19d55bf846b6af5e02a50e5b65d/
Verdict:
Malicious
Threat:
HEUR:Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/fc3ce236af095224f7922f9260cecb17b4b7a19d55bf846b6af5e02a50e5b65d
Threat name:
Script-Shell.Downloader.Heuristic
Create hunting rule
Status:
Malicious
First seen:
2025-07-25 10:34:53 UTC
File Type:
Text (Shell)
AV detection:
13 of 23 (56.52%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=7q6oenvpbfjcj54sf6jgbtwlc62lpim5kw7yi23k6xqcuuhfwzoq._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250728-vz1trazpv9/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/fc3ce236af095224f7922f9260cecb17b4b7a19d55bf846b6af5e02a50e5b65d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Gafgyt

sh fc3ce236af095224f7922f9260cecb17b4b7a19d55bf846b6af5e02a50e5b65d

(this sample)

Gafgyt

elf 3c50537e42808274d55be2ecc86d0f1a500b4035ab3909aecef40674b5e17376

  
URLhaus
https://urlhaus.abuse.ch/url/3590470/
  
Delivery method
Distributed via web download
  
Dropping
MD5 9c349cfb77751b1b611535390f6d7bef
  
Dropping
SHA256 3c50537e42808274d55be2ecc86d0f1a500b4035ab3909aecef40674b5e17376
  
URLhaus
https://urlhaus.abuse.ch/url/3592540/

Comments