gafgyt | 298dfab193d7b0de97f63d7de139b198c73b572a3c3385dfdc7ed1638145d487 | Triage

Submit
Reports

Overview

overview

Static

static

0b9ce873a4...9df599

debian-9-armhf

7

Sharing

General

Target

0b9ce873a4bf5aaa97d42f0e149df599
Size

132KB
Sample

231219-2dsdtagcdm
MD5

0b9ce873a4bf5aaa97d42f0e149df599
SHA1

b06103d4519373c0ea07926d5756949ee5d84282
SHA256

298dfab193d7b0de97f63d7de139b198c73b572a3c3385dfdc7ed1638145d487
SHA512

7dd459ac6f84e4ac5c21d8beb051d8ad3c3134cc2fbf19048b2104864e24907f517be2c47c4b76508450acd4e06b14b9cc775fd65da0b88d116e176c63d33872
SSDEEP

3072:Kf/Qn5pOO6KpMBr+p9nl1GNbPJ9A62Qv9ybcQ17YfDQNLBmQWOO:ggG5zcQv/Q17YfDQNLBmQWOO

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0b9ce873a4bf5aaa97d42f0e149df599

Resource

debian9-armhf-20231215-en

debian-9-armhf

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  0b9ce873a4bf5aaa97d42f0e149df599
- Size
  
  132KB
- MD5
  
  0b9ce873a4bf5aaa97d42f0e149df599
- SHA1
  
  b06103d4519373c0ea07926d5756949ee5d84282
- SHA256
  
  298dfab193d7b0de97f63d7de139b198c73b572a3c3385dfdc7ed1638145d487
- SHA512
  
  7dd459ac6f84e4ac5c21d8beb051d8ad3c3134cc2fbf19048b2104864e24907f517be2c47c4b76508450acd4e06b14b9cc775fd65da0b88d116e176c63d33872
- SSDEEP
  
  3072:Kf/Qn5pOO6KpMBr+p9nl1GNbPJ9A62Qv9ybcQ17YfDQNLBmQWOO:ggG5zcQv/Q17YfDQNLBmQWOO
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy