gafgyt | 695f529b99a56c2796231e95bfcd8ec001b18267d602d67efc646f7dce44c264 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

2c14fb5a5c...125604

ubuntu-18.04-amd64

9

Sharing

General

Target

2c14fb5a5ce3159107d36998a0125604
Size

124KB
Sample

231219-2r645adegj
MD5

2c14fb5a5ce3159107d36998a0125604
SHA1

dd7cb9eb4b6fd31a43022b551d6a1b42bbdca51e
SHA256

695f529b99a56c2796231e95bfcd8ec001b18267d602d67efc646f7dce44c264
SHA512

b2d16997264dbd8abcf6da0c23e67fe4e2b3158b91e3431fed9a54eca679232a57df2ba3e446b9582d9b56bc55bdb9188a75e89884e75b8929ba8a2dcbf4cc7b
SSDEEP

3072:EXK5gTpEEXRln17moxcQ+RxpusiG35ikhzD9oY4giAGaJpP:EXK5yEEXRdzc3OG35i+zD9oY4giAGaJ9

Score

10^/10

gafgyt discovery linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2c14fb5a5ce3159107d36998a0125604

Resource

ubuntu1804-amd64-20231215-en

ubuntu-18.04-amd64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  2c14fb5a5ce3159107d36998a0125604
- Size
  
  124KB
- MD5
  
  2c14fb5a5ce3159107d36998a0125604
- SHA1
  
  dd7cb9eb4b6fd31a43022b551d6a1b42bbdca51e
- SHA256
  
  695f529b99a56c2796231e95bfcd8ec001b18267d602d67efc646f7dce44c264
- SHA512
  
  b2d16997264dbd8abcf6da0c23e67fe4e2b3158b91e3431fed9a54eca679232a57df2ba3e446b9582d9b56bc55bdb9188a75e89884e75b8929ba8a2dcbf4cc7b
- SSDEEP
  
  3072:EXK5gTpEEXRln17moxcQ+RxpusiG35ikhzD9oY4giAGaJpP:EXK5yEEXRdzc3OG35i+zD9oY4giAGaJ9
Score

9^/10

discovery
- Contacts a large (70536) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy