gafgyt | eb8f11ca0a3cc413fe89e259800c6b88a5c5c4856de058f5f31990b65767982f | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

04c653a955...92.elf

debian-9-armhf

7

Sharing

General

Target

04c653a9551ea7cedcc949d26756e192.elf
Size

109KB
Sample

221026-gpqddaegg8
MD5

04c653a9551ea7cedcc949d26756e192
SHA1

7413002654c21133a914795c841e730cb426b803
SHA256

eb8f11ca0a3cc413fe89e259800c6b88a5c5c4856de058f5f31990b65767982f
SHA512

d04ce35603cde936d8b1bc6a02cfa34cdfb984879ce36727d73e2ebe05991ad7a02d913d5615edb16f74a3eaa6332a4dd88b8f7884ae4d838f25379d4d900aab
SSDEEP

3072:HRfJzb4aEz/qtymaEaaD2CDRVg7IbmTQOWsXAOn:HRfJzcaEz/qzD2CDRbmTQOWCAOn

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

04c653a9551ea7cedcc949d26756e192.elf

Resource

debian9-armhf-en-20211208

debian-9-armhf

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  04c653a9551ea7cedcc949d26756e192.elf
- Size
  
  109KB
- MD5
  
  04c653a9551ea7cedcc949d26756e192
- SHA1
  
  7413002654c21133a914795c841e730cb426b803
- SHA256
  
  eb8f11ca0a3cc413fe89e259800c6b88a5c5c4856de058f5f31990b65767982f
- SHA512
  
  d04ce35603cde936d8b1bc6a02cfa34cdfb984879ce36727d73e2ebe05991ad7a02d913d5615edb16f74a3eaa6332a4dd88b8f7884ae4d838f25379d4d900aab
- SSDEEP
  
  3072:HRfJzb4aEz/qtymaEaaD2CDRVg7IbmTQOWsXAOn:HRfJzcaEz/qzD2CDRbmTQOWCAOn
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy