gafgyt | 5378af55452d8185b760bd834a2461e53afa8a8648ef7f7fe722f98a63df08aa | Triage

Submit
Reports

Overview

overview

Static

static

7b390233c7...e0a64d

debian-9-mipsel

9

Sharing

General

Target

7b390233c770250053080384b3e0a64d
Size

234KB
Sample

231220-b75ywsadb2
MD5

7b390233c770250053080384b3e0a64d
SHA1

6e73e44707cac3e0109c594dfee0e5900dff7017
SHA256

5378af55452d8185b760bd834a2461e53afa8a8648ef7f7fe722f98a63df08aa
SHA512

02a96d2d47e2949a1cfbcfdc8884657c5a7f7b1e6b8566ee50171ee3e1ce4092122be038abae672cf80bca6488fc5551aa2d7bb9157b5d6b2145e8618bd9dbe2
SSDEEP

3072:LlpaqZ4AkofAAu6HEHu9KAD6TluWDQvMRI2:LlpaqZ4AjYJ6kHED6TluWDQvMRI2

Score

10^/10

gafgyt discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

7b390233c770250053080384b3e0a64d

Resource

debian9-mipsel-20231215-en

debian-9-mipsel

6 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

127.0.0.1:80

Targets

- Target
  
  7b390233c770250053080384b3e0a64d
- Size
  
  234KB
- MD5
  
  7b390233c770250053080384b3e0a64d
- SHA1
  
  6e73e44707cac3e0109c594dfee0e5900dff7017
- SHA256
  
  5378af55452d8185b760bd834a2461e53afa8a8648ef7f7fe722f98a63df08aa
- SHA512
  
  02a96d2d47e2949a1cfbcfdc8884657c5a7f7b1e6b8566ee50171ee3e1ce4092122be038abae672cf80bca6488fc5551aa2d7bb9157b5d6b2145e8618bd9dbe2
- SSDEEP
  
  3072:LlpaqZ4AkofAAu6HEHu9KAD6TluWDQvMRI2:LlpaqZ4AjYJ6kHED6TluWDQvMRI2
Score

9^/10

discovery
- Contacts a large (314018) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy