gafgyt | 381db69de5281fe22e996eaf5d6937f6bef00990bbdd01d12b711560f4f0915c | Triage

Submit
Reports

Overview

overview

Static

static

29dbbf7c96...a588fb

debian-9-mips

7

Sharing

General

Target

29dbbf7c9619e2d750f6d65207a588fb
Size

222KB
Sample

231219-2rcwaadbgn
MD5

29dbbf7c9619e2d750f6d65207a588fb
SHA1

37b55a46e25d40591d2f69f883a305a7d2d77068
SHA256

381db69de5281fe22e996eaf5d6937f6bef00990bbdd01d12b711560f4f0915c
SHA512

5c2beb232573efd64b6ce704982a45c29453c9116625c4866629eafd43b87da6ee37f18c18c1686a7cf3f0d8bbe1507539101113cfd994fb1ebde572c290c388
SSDEEP

3072:9Z97EGKs+rI+Ecjo1yFDsvI5OIH5He/kA3m70zeaFOwGQcYK:bzJ+s6ogFwAn5Huj3m70zeaFOwGQcYK

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

29dbbf7c9619e2d750f6d65207a588fb

Resource

debian9-mipsbe-20231215-en

debian-9-mips

6 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

127.0.0.1:7547

Targets

- Target
  
  29dbbf7c9619e2d750f6d65207a588fb
- Size
  
  222KB
- MD5
  
  29dbbf7c9619e2d750f6d65207a588fb
- SHA1
  
  37b55a46e25d40591d2f69f883a305a7d2d77068
- SHA256
  
  381db69de5281fe22e996eaf5d6937f6bef00990bbdd01d12b711560f4f0915c
- SHA512
  
  5c2beb232573efd64b6ce704982a45c29453c9116625c4866629eafd43b87da6ee37f18c18c1686a7cf3f0d8bbe1507539101113cfd994fb1ebde572c290c388
- SSDEEP
  
  3072:9Z97EGKs+rI+Ecjo1yFDsvI5OIH5He/kA3m70zeaFOwGQcYK:bzJ+s6ogFwAn5Huj3m70zeaFOwGQcYK
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy