gafgyt | f6bba7e9aec4605a11603ddd3bf6ccc4589505b700ce8a15444dc3a1a76f330b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

78032d1b18...a5.elf

debian-9-armhf

6

Sharing

General

Target

1e0751e538197735aec2639cccfabe43.bin
Size

67KB
Sample

231031-bsxc7shg86
MD5

bf0677ce9b50c0f8aa2c0a35e8260c32
SHA1

a8f6550575b494c14d5af28e3115ccf579aced15
SHA256

f6bba7e9aec4605a11603ddd3bf6ccc4589505b700ce8a15444dc3a1a76f330b
SHA512

0027adee5ea2a5aca6045c8f8bc23355db82d72c0612fbf6e35c9f7291c5781eacbb9dc93b3b5dd064a6f9ae9b9cd8403a2e8c3ac2f793430ab9650ecc4d6452
SSDEEP

1536:x+PPOy3XFSltHMWKtWNPZvr8E2pOB/a3qsD:x+P2yHFYKwNPZvrSEB/wD

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

78032d1b18047673e460ae768ed38f900d9f8cd85b81dcab42dfcb5cbb95a7a5.elf

Resource

debian9-armhf-20231026-en

debian-9-armhf

2 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

178.218.146.89:12345

Targets

- Target
  
  78032d1b18047673e460ae768ed38f900d9f8cd85b81dcab42dfcb5cbb95a7a5.elf
- Size
  
  156KB
- MD5
  
  1e0751e538197735aec2639cccfabe43
- SHA1
  
  e3ab65e52c96dd84d750bce9b878247eaeb3d635
- SHA256
  
  78032d1b18047673e460ae768ed38f900d9f8cd85b81dcab42dfcb5cbb95a7a5
- SHA512
  
  f57b130450eb7184430d01ae329aa69f09c2d90d4c01dbb08af301261aad2d8bbb12698a95c69aace9e3cd0fe6ad7b43b22c325aa7fce5b0bf3f3154c8a04df0
- SSDEEP
  
  3072:f1g2iIFdVzqKA7Y6ISag0/RTqnyLRM/9lzNmFwfBxKQodn:tg2VFdVzBA7fISanxqnydM/9/mFwfBxE
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy