gafgyt | cbd471a4ad96ad6016036e0295490ed833905fa2de4bd52dd6e8875b5d103b73 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

813d637ec2...e61b87

ubuntu-18.04-amd64

7

Sharing

General

Target

813d637ec255781399bc651bc1e61b87
Size

98KB
Sample

231220-d4appaacgp
MD5

813d637ec255781399bc651bc1e61b87
SHA1

f0507a59c9d52c334cbd1a922682cb469d431260
SHA256

cbd471a4ad96ad6016036e0295490ed833905fa2de4bd52dd6e8875b5d103b73
SHA512

fc26a25677f7005e55b8df5ddd1d5015dce8cfd2c7fe34e6535d71e9a2d980a1d93065cd06d04094b2d7bf59d7e1e6425490987407a996a164f73c3c59e1f6aa
SSDEEP

3072:K3Z7pJf6yG2i5HLdnxYMK9nCdsm4KKcXuGggYBK:AsDxhdxYlCKm4KKcXNggYBK

Score

10^/10

gafgyt linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

813d637ec255781399bc651bc1e61b87

Resource

ubuntu1804-amd64-20231215-en

ubuntu-18.04-amd64

3 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

102.165.48.81:17769

Targets

- Target
  
  813d637ec255781399bc651bc1e61b87
- Size
  
  98KB
- MD5
  
  813d637ec255781399bc651bc1e61b87
- SHA1
  
  f0507a59c9d52c334cbd1a922682cb469d431260
- SHA256
  
  cbd471a4ad96ad6016036e0295490ed833905fa2de4bd52dd6e8875b5d103b73
- SHA512
  
  fc26a25677f7005e55b8df5ddd1d5015dce8cfd2c7fe34e6535d71e9a2d980a1d93065cd06d04094b2d7bf59d7e1e6425490987407a996a164f73c3c59e1f6aa
- SSDEEP
  
  3072:K3Z7pJf6yG2i5HLdnxYMK9nCdsm4KKcXuGggYBK:AsDxhdxYlCKm4KKcXNggYBK
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy