gafgyt | 903a01e77c022de49a4b0caded85093d2738df1825c19decaedcedc8cd000829 | Triage

Submit
Reports

Overview

overview

Static

static

5c8f2b0527...dddc52

debian-9-armhf

7

Sharing

General

Target

5c8f2b05272a131055fc6384ffdddc52
Size

152KB
Sample

231219-3bycqadggl
MD5

5c8f2b05272a131055fc6384ffdddc52
SHA1

616d59fab5cfaa26aa981e58c4b1559aeeff0a8b
SHA256

903a01e77c022de49a4b0caded85093d2738df1825c19decaedcedc8cd000829
SHA512

38b525c21235391d0b13e589d273e8b239c2f089155af3967c4ef6542349d126966fbff8c6f6ced77fcc8ca52b9e4bd648f7ac9a8edd02805156a08a415bafd7
SSDEEP

3072:yXTV17g6Cy++t/8teNSZJYbla+YaJJYD1yHpiT6rkPE9GmyOEQrCUEGT:2TBSZGbla+Ya9pimkPwGmyOEQrCUEGT

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5c8f2b05272a131055fc6384ffdddc52

Resource

debian9-armhf-20231215-en

debian-9-armhf

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  5c8f2b05272a131055fc6384ffdddc52
- Size
  
  152KB
- MD5
  
  5c8f2b05272a131055fc6384ffdddc52
- SHA1
  
  616d59fab5cfaa26aa981e58c4b1559aeeff0a8b
- SHA256
  
  903a01e77c022de49a4b0caded85093d2738df1825c19decaedcedc8cd000829
- SHA512
  
  38b525c21235391d0b13e589d273e8b239c2f089155af3967c4ef6542349d126966fbff8c6f6ced77fcc8ca52b9e4bd648f7ac9a8edd02805156a08a415bafd7
- SSDEEP
  
  3072:yXTV17g6Cy++t/8teNSZJYbla+YaJJYD1yHpiT6rkPE9GmyOEQrCUEGT:2TBSZGbla+Ya9pimkPwGmyOEQrCUEGT
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy