gafgyt | 8df9c2b7bf085261e91c2ceae0c032b693721f5ba15b718b989129cad6c40024 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

9fe5ea604e...86aabb

debian-9-mips

9

Sharing

General

Target

9fe5ea604ed3d4e68f75489ce286aabb
Size

199KB
Sample

231220-l494jscca6
MD5

9fe5ea604ed3d4e68f75489ce286aabb
SHA1

2639671a6bfce4bb16efdbdf2bbf2f1397d38390
SHA256

8df9c2b7bf085261e91c2ceae0c032b693721f5ba15b718b989129cad6c40024
SHA512

d5ed06934e902bfd6ea420a5dbc455508897006f01ccbbe4bdcc1c84c7490c07c48c76b0ecacb7581faf4f81d26fd7ae2b4a783d27ffc379a455ecf308cd4926
SSDEEP

3072:9hcxBZYmBqgTQ3xSdL76KIVT1i+YHx+QV5tVpk6chD3geyHiEo1yFNOBPWruMIlG:lgNogF9SOrcXgDDTlPWDyaejZh

Score

10^/10

gafgyt discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9fe5ea604ed3d4e68f75489ce286aabb

Resource

debian9-mipsbe-20231215-en

debian-9-mips

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  9fe5ea604ed3d4e68f75489ce286aabb
- Size
  
  199KB
- MD5
  
  9fe5ea604ed3d4e68f75489ce286aabb
- SHA1
  
  2639671a6bfce4bb16efdbdf2bbf2f1397d38390
- SHA256
  
  8df9c2b7bf085261e91c2ceae0c032b693721f5ba15b718b989129cad6c40024
- SHA512
  
  d5ed06934e902bfd6ea420a5dbc455508897006f01ccbbe4bdcc1c84c7490c07c48c76b0ecacb7581faf4f81d26fd7ae2b4a783d27ffc379a455ecf308cd4926
- SSDEEP
  
  3072:9hcxBZYmBqgTQ3xSdL76KIVT1i+YHx+QV5tVpk6chD3geyHiEo1yFNOBPWruMIlG:lgNogF9SOrcXgDDTlPWDyaejZh
Score

9^/10

discovery
- Contacts a large (45097) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.