gafgyt | 0763544d14fc47dcfdd1a36398f0e22f50a7b57b893cf263cbed17fc0d78d9ad | Triage

Submit
Reports

Overview

overview

Static

static

863809222a...acd396

ubuntu-18.04-amd64

9

Sharing

Copy URL Twitter E-mail

General

Target

863809222a4251995f076448a3acd396
Size

140KB
Sample

231220-fq8qnschfj
MD5

863809222a4251995f076448a3acd396
SHA1

957fadc0aa67fd6108cfb6dd994de3d5592ae5ec
SHA256

0763544d14fc47dcfdd1a36398f0e22f50a7b57b893cf263cbed17fc0d78d9ad
SHA512

80e3a30c8662a8d17e3fe1878d08b2aaba309d2c9e84f5a04424dbdcff9855662e989827d106c9523d80f7bfe235f0b1c1b1d6d42e8707ae2cd05724429e125a
SSDEEP

3072:ezwFzskMXc8TfskyCBkIOVPem4MSRMWRqDA6Dcoixgr1TkM3Q:eGMXxJyCbOIdVgDcoixgr1TkM3Q

Score

10^/10

gafgyt discovery linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

863809222a4251995f076448a3acd396

Resource

ubuntu1804-amd64-20231215-en

ubuntu-18.04-amd64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  863809222a4251995f076448a3acd396
- Size
  
  140KB
- MD5
  
  863809222a4251995f076448a3acd396
- SHA1
  
  957fadc0aa67fd6108cfb6dd994de3d5592ae5ec
- SHA256
  
  0763544d14fc47dcfdd1a36398f0e22f50a7b57b893cf263cbed17fc0d78d9ad
- SHA512
  
  80e3a30c8662a8d17e3fe1878d08b2aaba309d2c9e84f5a04424dbdcff9855662e989827d106c9523d80f7bfe235f0b1c1b1d6d42e8707ae2cd05724429e125a
- SSDEEP
  
  3072:ezwFzskMXc8TfskyCBkIOVPem4MSRMWRqDA6Dcoixgr1TkM3Q:eGMXxJyCbOIdVgDcoixgr1TkM3Q
Score

9^/10

discovery
- Contacts a large (71482) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy