gafgyt | f3a1e42c16c9528cb68a1d35bb5a393e0e6bacb192f11e4a9951a2ed8ca491b0 | Triage

Submit
Reports

Overview

overview

Static

static

efc9d4805c...a8.elf

debian-9-mips

7

Sharing

Copy URL Twitter E-mail

General

Target

efc9d4805c525173f17f59484bbebca8.elf
Size

151KB
Sample

231116-hgxcdshc6v
MD5

efc9d4805c525173f17f59484bbebca8
SHA1

b1757eb4d22fe79bca4b5b78bb6f941e5eb345e0
SHA256

f3a1e42c16c9528cb68a1d35bb5a393e0e6bacb192f11e4a9951a2ed8ca491b0
SHA512

faeb537e0f03d981a0182897f98772841fc56e3def4e16a7eb3b8e9a7f869607061f70a85c0329b61154fcd080132862fdad6567394ab4c4ad8f854f746dcff6
SSDEEP

3072:JW6dm9tS1aRGQdK76t/zCuI5mrThPaLEnvPrNb:c6IG+LC/mrThPaLEnvPrNb

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

efc9d4805c525173f17f59484bbebca8.elf

Resource

debian9-mipsbe-20231026-en

debian-9-mips

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  efc9d4805c525173f17f59484bbebca8.elf
- Size
  
  151KB
- MD5
  
  efc9d4805c525173f17f59484bbebca8
- SHA1
  
  b1757eb4d22fe79bca4b5b78bb6f941e5eb345e0
- SHA256
  
  f3a1e42c16c9528cb68a1d35bb5a393e0e6bacb192f11e4a9951a2ed8ca491b0
- SHA512
  
  faeb537e0f03d981a0182897f98772841fc56e3def4e16a7eb3b8e9a7f869607061f70a85c0329b61154fcd080132862fdad6567394ab4c4ad8f854f746dcff6
- SSDEEP
  
  3072:JW6dm9tS1aRGQdK76t/zCuI5mrThPaLEnvPrNb:c6IG+LC/mrThPaLEnvPrNb
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy