gafgyt | 18d175a677aea43ae7aeac4d2533819f314abce6447d9fe90e6e77ea035639f4 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

0017600983...88bc2b

debian-9-mips

7

Sharing

General

Target

00176009837046cf869c0933a488bc2b
Size

234KB
Sample

231219-19myjaeebq
MD5

00176009837046cf869c0933a488bc2b
SHA1

2b961628a604632b289d6346d3838b9eb9e9b572
SHA256

18d175a677aea43ae7aeac4d2533819f314abce6447d9fe90e6e77ea035639f4
SHA512

75e24fa0bdc75ff02284683d1925620f669b2fceb1f63ca14aa6028a6267c06a3c528c6e982a6140d78a95f4e799145f623d8f35e9d56e10dc6b91b07c4b7393
SSDEEP

3072:pGrWCHDRpQBRtCeD29Fri1YKjqR/49qHEkuOSX:kTtOBuei98ZqR/49qHEkuOSX

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

00176009837046cf869c0933a488bc2b

Resource

debian9-mipsbe-20231215-en

debian-9-mips

3 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

68.183.114.201:23

Targets

- Target
  
  00176009837046cf869c0933a488bc2b
- Size
  
  234KB
- MD5
  
  00176009837046cf869c0933a488bc2b
- SHA1
  
  2b961628a604632b289d6346d3838b9eb9e9b572
- SHA256
  
  18d175a677aea43ae7aeac4d2533819f314abce6447d9fe90e6e77ea035639f4
- SHA512
  
  75e24fa0bdc75ff02284683d1925620f669b2fceb1f63ca14aa6028a6267c06a3c528c6e982a6140d78a95f4e799145f623d8f35e9d56e10dc6b91b07c4b7393
- SSDEEP
  
  3072:pGrWCHDRpQBRtCeD29Fri1YKjqR/49qHEkuOSX:kTtOBuei98ZqR/49qHEkuOSX
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy