gafgyt | c8cad482a8b6eb6fbae20087206e4a0114bc987a4b60012ca4629dce7b9dd039 | Triage

Submit
Reports

Overview

overview

Static

static

27e85278a9...84d039

debian-9-armhf

7

Sharing

Copy URL Twitter E-mail

General

Target

27e85278a9c1727603aa0aab6684d039
Size

152KB
Sample

231219-2qmzvsgcc6
MD5

27e85278a9c1727603aa0aab6684d039
SHA1

aa71105614cc964ed47f9954ef2c5a4ef9f2149c
SHA256

c8cad482a8b6eb6fbae20087206e4a0114bc987a4b60012ca4629dce7b9dd039
SHA512

64b0cef522eda45b470a37502066126be04077769a510a821731a1a3199aac581a1f684e6459c960f5a129b0b2a4d1ecc615b10a38e1774d0e2784f1700526f3
SSDEEP

3072:yXTV17g6Cy++t/8teNSZJYbla+YaJJYD1yHpil6rkPE9GmyOEQrCUEGT:2TBSZGbla+Ya9piIkPwGmyOEQrCUEGT

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

27e85278a9c1727603aa0aab6684d039

Resource

debian9-armhf-20231215-en

debian-9-armhf

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  27e85278a9c1727603aa0aab6684d039
- Size
  
  152KB
- MD5
  
  27e85278a9c1727603aa0aab6684d039
- SHA1
  
  aa71105614cc964ed47f9954ef2c5a4ef9f2149c
- SHA256
  
  c8cad482a8b6eb6fbae20087206e4a0114bc987a4b60012ca4629dce7b9dd039
- SHA512
  
  64b0cef522eda45b470a37502066126be04077769a510a821731a1a3199aac581a1f684e6459c960f5a129b0b2a4d1ecc615b10a38e1774d0e2784f1700526f3
- SSDEEP
  
  3072:yXTV17g6Cy++t/8teNSZJYbla+YaJJYD1yHpil6rkPE9GmyOEQrCUEGT:2TBSZGbla+Ya9piIkPwGmyOEQrCUEGT
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy