gafgyt | feaf9566c04f81df2a33bb8a824fb7d309f9b650b9ef0b46071c8e83dad2d1df | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

435ebc48a8...806ba0

debian-9-armhf

7

Sharing

General

Target

435ebc48a8067d951ea6f8edd2806ba0
Size

191KB
Sample

231219-22xcnshegl
MD5

435ebc48a8067d951ea6f8edd2806ba0
SHA1

910b1740eb3df36d0ca495fd181341975ab10b5a
SHA256

feaf9566c04f81df2a33bb8a824fb7d309f9b650b9ef0b46071c8e83dad2d1df
SHA512

e522b5bce7f37c02572838e9db1eaead51a0685a7218ec545e66e6d9d9978e2148b09e9964074e5d3d89f3114fc0c44e109d0317acdee855b2ee6dd7c3e635b5
SSDEEP

3072:uGPP4rGXq11zXqwL5SYNZf1t3aLUUGPNhibtNf8eNgJs12Zhvc5PsEsEUxxQLSJa:usPa/KH4N9OIb8boZCQ9gOS1SeX

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

435ebc48a8067d951ea6f8edd2806ba0

Resource

debian9-armhf-20231215-en

debian-9-armhf

3 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

45.76.4.186:23

Targets

- Target
  
  435ebc48a8067d951ea6f8edd2806ba0
- Size
  
  191KB
- MD5
  
  435ebc48a8067d951ea6f8edd2806ba0
- SHA1
  
  910b1740eb3df36d0ca495fd181341975ab10b5a
- SHA256
  
  feaf9566c04f81df2a33bb8a824fb7d309f9b650b9ef0b46071c8e83dad2d1df
- SHA512
  
  e522b5bce7f37c02572838e9db1eaead51a0685a7218ec545e66e6d9d9978e2148b09e9964074e5d3d89f3114fc0c44e109d0317acdee855b2ee6dd7c3e635b5
- SSDEEP
  
  3072:uGPP4rGXq11zXqwL5SYNZf1t3aLUUGPNhibtNf8eNgJs12Zhvc5PsEsEUxxQLSJa:usPa/KH4N9OIb8boZCQ9gOS1SeX
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy