gafgyt | 949c54251bafe79c36d42ffa548e4e977be5c2595ff0e1f57ef0229d8a1a1b0b | Triage

Submit
Reports

Overview

overview

Static

static

3f505762f4...1dd160

debian-9-mips

7

Sharing

Copy URL Twitter E-mail

General

Target

3f505762f418ac7e71e5a74b871dd160
Size

154KB
Sample

231219-21efgacbf5
MD5

3f505762f418ac7e71e5a74b871dd160
SHA1

d952dce176ba42d3fec1bb2128ecd8c1a727ba64
SHA256

949c54251bafe79c36d42ffa548e4e977be5c2595ff0e1f57ef0229d8a1a1b0b
SHA512

174ba76d6a309ed7a217c34d640cb6404c16a9bf997fb61c2c44bfa6c0a7e3f13b6e1ee69486e517d56cab3d109d10f8783d989b91323896d051ae1ce7f75c96
SSDEEP

3072:3JsLB+MJZCV8tF/j9/Z9TBH+mwnmw6DLeTeWDEi+79Ng:GLBxRBqmwn2DLeTeWDEi+79Ng

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3f505762f418ac7e71e5a74b871dd160

Resource

debian9-mipsbe-20231215-en

debian-9-mips

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  3f505762f418ac7e71e5a74b871dd160
- Size
  
  154KB
- MD5
  
  3f505762f418ac7e71e5a74b871dd160
- SHA1
  
  d952dce176ba42d3fec1bb2128ecd8c1a727ba64
- SHA256
  
  949c54251bafe79c36d42ffa548e4e977be5c2595ff0e1f57ef0229d8a1a1b0b
- SHA512
  
  174ba76d6a309ed7a217c34d640cb6404c16a9bf997fb61c2c44bfa6c0a7e3f13b6e1ee69486e517d56cab3d109d10f8783d989b91323896d051ae1ce7f75c96
- SSDEEP
  
  3072:3JsLB+MJZCV8tF/j9/Z9TBH+mwnmw6DLeTeWDEi+79Ng:GLBxRBqmwn2DLeTeWDEi+79Ng
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy