gafgyt | 95424b9917e28a4e25dcd3d0f72a38e41590d9d126655e52bcca59e2409517fd | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

885ca300b9...13d55f

debian-9-armhf

6

Sharing

General

Target

885ca300b9e1a5c3e546082eb913d55f
Size

147KB
Sample

231220-gcbdpahbh8
MD5

885ca300b9e1a5c3e546082eb913d55f
SHA1

ac354947aaa792087d3d179eea024e8540a41537
SHA256

95424b9917e28a4e25dcd3d0f72a38e41590d9d126655e52bcca59e2409517fd
SHA512

e2937d1dcf0dd0efe0b8d6db21cee9a5fcbaf5c229fbde193bd0b450264615504b0324aa0c598cc36c0a5ad720930008136931f49754d72a9feacf6722ccdf6b
SSDEEP

3072:jXSJRLX5Z953MNaNBkB/N6uNQ8M/9YDppN1mQwfCcQMAN:DSJRLP9BMNa8hN6ajM/9YDptmQwfCzMq

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

885ca300b9e1a5c3e546082eb913d55f

Resource

debian9-armhf-20231215-en

debian-9-armhf

2 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

87.236.212.240:666

Targets

- Target
  
  885ca300b9e1a5c3e546082eb913d55f
- Size
  
  147KB
- MD5
  
  885ca300b9e1a5c3e546082eb913d55f
- SHA1
  
  ac354947aaa792087d3d179eea024e8540a41537
- SHA256
  
  95424b9917e28a4e25dcd3d0f72a38e41590d9d126655e52bcca59e2409517fd
- SHA512
  
  e2937d1dcf0dd0efe0b8d6db21cee9a5fcbaf5c229fbde193bd0b450264615504b0324aa0c598cc36c0a5ad720930008136931f49754d72a9feacf6722ccdf6b
- SSDEEP
  
  3072:jXSJRLX5Z953MNaNBkB/N6uNQ8M/9YDppN1mQwfCcQMAN:DSJRLP9BMNa8hN6ajM/9YDptmQwfCzMq
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy