gafgyt | cf6a1c185ba06df8b6ba2a4ec054973f310624cf6e46efa45749e0d92d22250b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

0abdd24c6b...cba430

debian-9-mips

7

Sharing

General

Target

0abdd24c6b76e897a34c61584ecba430
Size

253KB
Sample

231219-2dfp1sbcg6
MD5

0abdd24c6b76e897a34c61584ecba430
SHA1

d3007c28e61d54fd44822a9473c35c7816c28b17
SHA256

cf6a1c185ba06df8b6ba2a4ec054973f310624cf6e46efa45749e0d92d22250b
SHA512

0d2dc2864127a0997bc9d53adb9529cdadb2fa9c4b31f4a51e81a46220f0dbc810b126eb87a2d25a57c7bbcf8ce1e81b704de813e7c0713dce2c4471a7b85326
SSDEEP

6144:ngCo+zvGEtv6RxIcgvv/m1drLbI85f7kuCrlSP:ztyOvv/m1drLbI85f7kuCrlSP

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0abdd24c6b76e897a34c61584ecba430

Resource

debian9-mipsbe-20231215-en

debian-9-mips

3 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

206.189.167.201:2222

Targets

- Target
  
  0abdd24c6b76e897a34c61584ecba430
- Size
  
  253KB
- MD5
  
  0abdd24c6b76e897a34c61584ecba430
- SHA1
  
  d3007c28e61d54fd44822a9473c35c7816c28b17
- SHA256
  
  cf6a1c185ba06df8b6ba2a4ec054973f310624cf6e46efa45749e0d92d22250b
- SHA512
  
  0d2dc2864127a0997bc9d53adb9529cdadb2fa9c4b31f4a51e81a46220f0dbc810b126eb87a2d25a57c7bbcf8ce1e81b704de813e7c0713dce2c4471a7b85326
- SSDEEP
  
  6144:ngCo+zvGEtv6RxIcgvv/m1drLbI85f7kuCrlSP:ztyOvv/m1drLbI85f7kuCrlSP
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy