gafgyt | 988e05b7568e013b37740bee511955e280e3bf26e1c31c4c28cc539d2d519811 | Triage

Submit
Reports

Overview

overview

Static

static

988e05b756...519811

debian-9-mips

7

Sharing

General

Target

988e05b7568e013b37740bee511955e280e3bf26e1c31c4c28cc539d2d519811
Size

147KB
Sample

220731-nefvhseffl
MD5

18ff3f726c3f7e82fdc4fa53c0b0501a
SHA1

090f423013c092de7ff84b858699818acda8121f
SHA256

988e05b7568e013b37740bee511955e280e3bf26e1c31c4c28cc539d2d519811
SHA512

b47ca97fa75e7f80e25710aa82c695805415b271b69608580ebc5b7a3082cbafa7387aabd306906ca89a92cacde4092c9354bf586613f9b02d004716746a284e

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

988e05b7568e013b37740bee511955e280e3bf26e1c31c4c28cc539d2d519811

Resource

debian9-mipsbe-en-20211208

debian-9-mips

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  988e05b7568e013b37740bee511955e280e3bf26e1c31c4c28cc539d2d519811
- Size
  
  147KB
- MD5
  
  18ff3f726c3f7e82fdc4fa53c0b0501a
- SHA1
  
  090f423013c092de7ff84b858699818acda8121f
- SHA256
  
  988e05b7568e013b37740bee511955e280e3bf26e1c31c4c28cc539d2d519811
- SHA512
  
  b47ca97fa75e7f80e25710aa82c695805415b271b69608580ebc5b7a3082cbafa7387aabd306906ca89a92cacde4092c9354bf586613f9b02d004716746a284e
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy