gafgyt | 4f9e162882aa0d8619c7d8f391075d29bf656e943ea9eed7ef7a586dbbc59842 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

774c83dc5d...944dd2

debian-9-mips

9

Sharing

General

Target

774c83dc5d3445606dd21463e6944dd2
Size

211KB
Sample

231220-bfgrzsgeh7
MD5

774c83dc5d3445606dd21463e6944dd2
SHA1

118852631b0d7ed83e65b2a6f8224740e7443ef4
SHA256

4f9e162882aa0d8619c7d8f391075d29bf656e943ea9eed7ef7a586dbbc59842
SHA512

851ebfa3269b54fd85df8d2bedb4580c0016f7683b443553bf8a0f3e7e72cf48662e962185b44cfb3ec6dc504a622eb4b6b5fa6d3fdf6725200353d8235dd9ec
SSDEEP

3072:fhahz/4OQTeCJllo1yFIUEPM7V7Fqm7e1H1TXhkmU8h2aAOJHJZNJ:QFC1ogF5pU1H1rhkmU8h2aAOJHJZNJ

Score

10^/10

gafgyt discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

774c83dc5d3445606dd21463e6944dd2

Resource

debian9-mipsbe-20231215-en

debian-9-mips

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  774c83dc5d3445606dd21463e6944dd2
- Size
  
  211KB
- MD5
  
  774c83dc5d3445606dd21463e6944dd2
- SHA1
  
  118852631b0d7ed83e65b2a6f8224740e7443ef4
- SHA256
  
  4f9e162882aa0d8619c7d8f391075d29bf656e943ea9eed7ef7a586dbbc59842
- SHA512
  
  851ebfa3269b54fd85df8d2bedb4580c0016f7683b443553bf8a0f3e7e72cf48662e962185b44cfb3ec6dc504a622eb4b6b5fa6d3fdf6725200353d8235dd9ec
- SSDEEP
  
  3072:fhahz/4OQTeCJllo1yFIUEPM7V7Fqm7e1H1TXhkmU8h2aAOJHJZNJ:QFC1ogF5pU1H1rhkmU8h2aAOJHJZNJ
Score

9^/10

discovery
- Contacts a large (50158) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy