gafgyt | e4fe2403a9219697a38d98cef7ea15502cae486a1f9487709ffdf6cb97ef73c9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

060e6c1355...66f18d

debian-9-armhf

9

Sharing

General

Target

060e6c1355f31fd4768b9c19aa66f18d
Size

235KB
Sample

231219-2blhgsaec7
MD5

060e6c1355f31fd4768b9c19aa66f18d
SHA1

e46d91d1b4969a3fc610563b1a636077169003d8
SHA256

e4fe2403a9219697a38d98cef7ea15502cae486a1f9487709ffdf6cb97ef73c9
SHA512

5945ef48cd0059f79bcb127cee994f76c0d93b5636cb1d4fa88ccb8cb67497febfbdbb205d33819d990b8cdc9e41ebbfd7a9af866af32e34c37ffecfa14d74f3
SSDEEP

6144:Z2RXM2tRNa+VqIYd0thgUQbWkIM/95uQWm/5k4yFTbQWr:Z2R82tRNa+VqIYdJnRx/vuQWm/5k4UTR

Score

10^/10

gafgyt discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

060e6c1355f31fd4768b9c19aa66f18d

Resource

debian9-armhf-20231215-en

debian-9-armhf

6 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

127.0.0.1:80

Targets

- Target
  
  060e6c1355f31fd4768b9c19aa66f18d
- Size
  
  235KB
- MD5
  
  060e6c1355f31fd4768b9c19aa66f18d
- SHA1
  
  e46d91d1b4969a3fc610563b1a636077169003d8
- SHA256
  
  e4fe2403a9219697a38d98cef7ea15502cae486a1f9487709ffdf6cb97ef73c9
- SHA512
  
  5945ef48cd0059f79bcb127cee994f76c0d93b5636cb1d4fa88ccb8cb67497febfbdbb205d33819d990b8cdc9e41ebbfd7a9af866af32e34c37ffecfa14d74f3
- SSDEEP
  
  6144:Z2RXM2tRNa+VqIYd0thgUQbWkIM/95uQWm/5k4yFTbQWr:Z2R82tRNa+VqIYdJnRx/vuQWm/5k4UTR
Score

9^/10

discovery
- Contacts a large (323755) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy