gafgyt | 024039043a51be6ea258fb8b77a943871b0681b3727b9855b1a894350db87014 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

6493b9559f...64aaab

ubuntu-18.04-amd64

7

Sharing

General

Target

6493b9559f5f48d8ae3b6a472664aaab
Size

122KB
Sample

231219-3exwcsaaf3
MD5

6493b9559f5f48d8ae3b6a472664aaab
SHA1

329b6b202808b9496e15006451b54d1edc6a19a2
SHA256

024039043a51be6ea258fb8b77a943871b0681b3727b9855b1a894350db87014
SHA512

5e03e74e8c52252d17c0ed36870f8922dbe74b4be85d5f4f2cb5e8e1702bef907af485d523b952ef4af632c5c8a72bf8ba365544e781418219c47009dbc21d35
SSDEEP

3072:F6RiwWjJZq3uDXThmketJ8add9QzTs3Qzmg4mKcXeGcgqqK:F6cTjhmketJ8addQhmg4mKcXdcgqqK

Score

10^/10

gafgyt linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6493b9559f5f48d8ae3b6a472664aaab

Resource

ubuntu1804-amd64-20231215-en

ubuntu-18.04-amd64

3 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

199.180.133.174:23

Targets

- Target
  
  6493b9559f5f48d8ae3b6a472664aaab
- Size
  
  122KB
- MD5
  
  6493b9559f5f48d8ae3b6a472664aaab
- SHA1
  
  329b6b202808b9496e15006451b54d1edc6a19a2
- SHA256
  
  024039043a51be6ea258fb8b77a943871b0681b3727b9855b1a894350db87014
- SHA512
  
  5e03e74e8c52252d17c0ed36870f8922dbe74b4be85d5f4f2cb5e8e1702bef907af485d523b952ef4af632c5c8a72bf8ba365544e781418219c47009dbc21d35
- SSDEEP
  
  3072:F6RiwWjJZq3uDXThmketJ8add9QzTs3Qzmg4mKcXeGcgqqK:F6cTjhmketJ8addQhmg4mKcXdcgqqK
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy