gafgyt | 6b2c3b7e217939ddfe07bf5aa825c9f916664d1bcd76d38c2aaf2d490b752d9d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

a2cada49c2...fb3709

debian-9-mips

6

Sharing

General

Target

a2cada49c2a0e2fdd36665db7bfb3709
Size

110KB
Sample

231220-me6v9sdca2
MD5

a2cada49c2a0e2fdd36665db7bfb3709
SHA1

12b09e2a3c3254066539fe41ecd74cbf8da4f209
SHA256

6b2c3b7e217939ddfe07bf5aa825c9f916664d1bcd76d38c2aaf2d490b752d9d
SHA512

0a1100b5ef37ebde11571335e1e795a23287549c45d870014fad64befc14d0cf71c63fa2901de3e5f8785e94df02f804df29abd437e2c03b978b88a39a2b3dd6
SSDEEP

1536:t7j+1T+Bq+bkYQw2rKVJW1i7ZLTv8LrGV6eiNo+4sFlR7CimWt0zFufCy/02vI:AUrx7ZHErGW2+4ulgimWOzFufJ02vI

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a2cada49c2a0e2fdd36665db7bfb3709

Resource

debian9-mipsbe-20231215-en

debian-9-mips

2 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

107.175.217.226:51351

Targets

- Target
  
  a2cada49c2a0e2fdd36665db7bfb3709
- Size
  
  110KB
- MD5
  
  a2cada49c2a0e2fdd36665db7bfb3709
- SHA1
  
  12b09e2a3c3254066539fe41ecd74cbf8da4f209
- SHA256
  
  6b2c3b7e217939ddfe07bf5aa825c9f916664d1bcd76d38c2aaf2d490b752d9d
- SHA512
  
  0a1100b5ef37ebde11571335e1e795a23287549c45d870014fad64befc14d0cf71c63fa2901de3e5f8785e94df02f804df29abd437e2c03b978b88a39a2b3dd6
- SSDEEP
  
  1536:t7j+1T+Bq+bkYQw2rKVJW1i7ZLTv8LrGV6eiNo+4sFlR7CimWt0zFufCy/02vI:AUrx7ZHErGW2+4ulgimWOzFufJ02vI
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy