gafgyt | 8fe263c05b347c96f9ba8605ae1b5b386a9f4be51396a47e5b383ebd82fb1937 | Triage

Submit
Reports

Overview

overview

Static

static

70b073cf0c...0dbbdf

debian-9-mipsel

9

Sharing

General

Target

70b073cf0cf0411316fbbfe8400dbbdf
Size

199KB
Sample

231220-acbacsaeam
MD5

70b073cf0cf0411316fbbfe8400dbbdf
SHA1

1afa18d713a4f526e6039b620415be274591d015
SHA256

8fe263c05b347c96f9ba8605ae1b5b386a9f4be51396a47e5b383ebd82fb1937
SHA512

f613c3e3d1625fbc08594e2bc3f2338e71a50bdf6647ef2ee27427d3c526822e55955c3435bf90883b4dee5290cb86389cf429c72a39c847742e21622042cc22
SSDEEP

3072:ooIR900aTESn9teFTmlaIRvOHDDTlPWDyaejZh:oowVSeFTmvKDDTlPWDyaejZh

Score

10^/10

gafgyt discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

70b073cf0cf0411316fbbfe8400dbbdf

Resource

debian9-mipsel-20231215-en

debian-9-mipsel

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  70b073cf0cf0411316fbbfe8400dbbdf
- Size
  
  199KB
- MD5
  
  70b073cf0cf0411316fbbfe8400dbbdf
- SHA1
  
  1afa18d713a4f526e6039b620415be274591d015
- SHA256
  
  8fe263c05b347c96f9ba8605ae1b5b386a9f4be51396a47e5b383ebd82fb1937
- SHA512
  
  f613c3e3d1625fbc08594e2bc3f2338e71a50bdf6647ef2ee27427d3c526822e55955c3435bf90883b4dee5290cb86389cf429c72a39c847742e21622042cc22
- SSDEEP
  
  3072:ooIR900aTESn9teFTmlaIRvOHDDTlPWDyaejZh:oowVSeFTmvKDDTlPWDyaejZh
Score

9^/10

discovery
- Contacts a large (67812) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy