gafgyt | 9f98d39caccd6dbb588a802cc4ecc419[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

9f98d39caccd6dbb588a802cc4ecc419.bin
Size

48KB
MD5

3694254f4c3b2fc47254cc1c11a2477a
SHA1

bd9a353f93378dcbf5c147773490bc19ffe72387
SHA256

1ca975a83734d07364f7a6f83da992a3eaa6239065af12a6e03e6ddfc5726225
SHA512

5b763963d12ad99c05788b64bf3a5dd6c157ba7452e414f60301d57f59587587deac48c0fc395fb69e2f6fc561b8b7edf218803f22b73657fdf4b1c9ed6570cf
SSDEEP

1536:DeWvGD0XvxpEN4aYBcFdTuzkRVaLnzGm5:BvGDyxpLcbTaLzGm5

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

139.177.202.27:23

Signatures

Detected Gafgyt variant 1 IoCs

resource	yara_rule
static1/unpack001/f5d84e6beec187cecf663ac96713dc1ee2438227a179d4f7ee111d40f544a8e3.elf	family_gafgyt

Gafgyt family
gafgyt

Files

9f98d39caccd6dbb588a802cc4ecc419.bin
.zip

Password: infected
f5d84e6beec187cecf663ac96713dc1ee2438227a179d4f7ee111d40f544a8e3.elf
.elf linux mipsbe