gafgyt | 54476f3c59642eec25e8c1d1029ba44a5cb266432bd77d8213d5a2cc87432f2d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

688a985d75...eee121

debian-9-armhf

6

Sharing

General

Target

688a985d75e80909f96e7724b5eee121
Size

108KB
Sample

231219-3gcyzafhen
MD5

688a985d75e80909f96e7724b5eee121
SHA1

a2eb98c92eb73b0214d9542a1bf3f242c0634db5
SHA256

54476f3c59642eec25e8c1d1029ba44a5cb266432bd77d8213d5a2cc87432f2d
SHA512

08d5e0667d37aa9f289b571c0c3cf7c4bd75791629c94643d6490d6a8304267f59b61c5bceb353d5f2d97fbd3a4299fc16acf309d6fbce754d9c1ed07a5e148f
SSDEEP

3072:b6an17WtsWhdgYJw0D6mbPbmTQOWsXAOn:Wan17WPJw0D6ibmTQOWCAOn

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

688a985d75e80909f96e7724b5eee121

Resource

debian9-armhf-20231215-en

debian-9-armhf

2 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

80.211.172.24:818

Targets

- Target
  
  688a985d75e80909f96e7724b5eee121
- Size
  
  108KB
- MD5
  
  688a985d75e80909f96e7724b5eee121
- SHA1
  
  a2eb98c92eb73b0214d9542a1bf3f242c0634db5
- SHA256
  
  54476f3c59642eec25e8c1d1029ba44a5cb266432bd77d8213d5a2cc87432f2d
- SHA512
  
  08d5e0667d37aa9f289b571c0c3cf7c4bd75791629c94643d6490d6a8304267f59b61c5bceb353d5f2d97fbd3a4299fc16acf309d6fbce754d9c1ed07a5e148f
- SSDEEP
  
  3072:b6an17WtsWhdgYJw0D6mbPbmTQOWsXAOn:Wan17WPJw0D6ibmTQOWCAOn
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy