gafgyt | 0109db3a9eb3534d4e64b511f7175048d95a1a45d6fdb462ee8870e29e55acd8 | Triage

Submit
Reports

Overview

overview

Static

static

4a9d833d55...4e3526

debian-9-mips

9

Sharing

General

Target

4a9d833d550ff6f4cdfa2b91a54e3526
Size

226KB
Sample

231219-25jkzsdhf8
MD5

4a9d833d550ff6f4cdfa2b91a54e3526
SHA1

e52cc45266d8e91c2f54ddd1f8d87b026bf77c6d
SHA256

0109db3a9eb3534d4e64b511f7175048d95a1a45d6fdb462ee8870e29e55acd8
SHA512

27b787a4c22fbd785923492c69fa76c9c614ad7ce9d1ec8fb870733f1acbbbd612490004fb14fedf80cecb654dd179b0c328c05dc19b6099aa10632961bd9365
SSDEEP

6144:rrkjUUWqMTFogF4rWx9K2zD6TltWDyL/4H+:pogF4ixQoD6TltWDyL/4H+

Score

10^/10

gafgyt discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4a9d833d550ff6f4cdfa2b91a54e3526

Resource

debian9-mipsbe-20231215-en

debian-9-mips

6 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

127.0.0.1:7547

Targets

- Target
  
  4a9d833d550ff6f4cdfa2b91a54e3526
- Size
  
  226KB
- MD5
  
  4a9d833d550ff6f4cdfa2b91a54e3526
- SHA1
  
  e52cc45266d8e91c2f54ddd1f8d87b026bf77c6d
- SHA256
  
  0109db3a9eb3534d4e64b511f7175048d95a1a45d6fdb462ee8870e29e55acd8
- SHA512
  
  27b787a4c22fbd785923492c69fa76c9c614ad7ce9d1ec8fb870733f1acbbbd612490004fb14fedf80cecb654dd179b0c328c05dc19b6099aa10632961bd9365
- SSDEEP
  
  6144:rrkjUUWqMTFogF4rWx9K2zD6TltWDyL/4H+:pogF4ixQoD6TltWDyL/4H+
Score

9^/10

discovery
- Contacts a large (161874) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy