gafgyt | a68d50b8a60f5d187d983e2d9d279e733651be2523be15a755530e65a46c8f94 | Triage

Submit
Reports

Overview

overview

Static

static

8caa442b45...92.elf

debian-9-mipsel

7

Sharing

Copy URL Twitter E-mail

General

Target

02ae8c4fc83a3b27ffa151b314e87fcb.bin
Size

49KB
Sample

230711-j59s3agf6v
MD5

52638e33ccafdc558d2d6c8f772e97e2
SHA1

7271b54f1d603d60989aac641ac0d28490e88a00
SHA256

a68d50b8a60f5d187d983e2d9d279e733651be2523be15a755530e65a46c8f94
SHA512

424d9af2cd923f008352099b21c12182393b07124bf9b34600f469c23b7b04861714a31fdaeecddf1df4da4bf8472542f018e51a737efff7d5e7c412239ef557
SSDEEP

1536:TvceKeNB8SCPx8cSNc5QcRmiNIhwCxBTa:bc+NB8z8a1miahwuTa

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8caa442b4596087ee8365af5780facb3357c5621bd98dc24f1a5ba82b7181492.elf

Resource

debian9-mipsel-20221111-en

debian-9-mipsel

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  8caa442b4596087ee8365af5780facb3357c5621bd98dc24f1a5ba82b7181492.elf
- Size
  
  151KB
- MD5
  
  02ae8c4fc83a3b27ffa151b314e87fcb
- SHA1
  
  32798f2517ec62c908eead0d1570f04443419b7b
- SHA256
  
  8caa442b4596087ee8365af5780facb3357c5621bd98dc24f1a5ba82b7181492
- SHA512
  
  3783ae60106297ee7155a17f1e35c7a299bf3128f68cefef669da6dfcb189ee51a152e23fe45c44643d142a969bbd126327bc50ea4b28bdd960e612b98aa311d
- SSDEEP
  
  3072:dgZc9h1jlnLA2PiXYeyCchVNMVGuo9mrThPaLEnvPrNb:dd7lnLA2PiIeyZhVWDo9mrThPaLEnvP5
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy