gafgyt | fea7c396f754d0bdeceb5b12a89d4cf37ab1a95556a63111577ce86076f9ea86 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

a507c28370...fe0daa

debian-9-armhf

6

Sharing

General

Target

a507c283700ca74bc4ddd0fb4dfe0daa
Size

95KB
Sample

231220-mq923aahhl
MD5

a507c283700ca74bc4ddd0fb4dfe0daa
SHA1

20ab25198750677e7f2ae15aa799956244fff2ae
SHA256

fea7c396f754d0bdeceb5b12a89d4cf37ab1a95556a63111577ce86076f9ea86
SHA512

a1373d34e71b2fc2d7195c377a13b7c47fde2abc33f8e0464c7566390b5b8ffa780ff046082c10d73faffc7f6fd6786d52a9cbf62b539180b7d205c6bf35a447
SSDEEP

1536:v2G7IuzVxAf2I9K25Ux5O8KXQeYNWAvOhi2t1sSPnfRhtPTHl/mqzgrQxFWOBX8u:NIuDK5UeX0lOhiMPn5h5l/magrQxFxBJ

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a507c283700ca74bc4ddd0fb4dfe0daa

Resource

debian9-armhf-20231215-en

debian-9-armhf

2 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

80.211.82.185:61271

Targets

- Target
  
  a507c283700ca74bc4ddd0fb4dfe0daa
- Size
  
  95KB
- MD5
  
  a507c283700ca74bc4ddd0fb4dfe0daa
- SHA1
  
  20ab25198750677e7f2ae15aa799956244fff2ae
- SHA256
  
  fea7c396f754d0bdeceb5b12a89d4cf37ab1a95556a63111577ce86076f9ea86
- SHA512
  
  a1373d34e71b2fc2d7195c377a13b7c47fde2abc33f8e0464c7566390b5b8ffa780ff046082c10d73faffc7f6fd6786d52a9cbf62b539180b7d205c6bf35a447
- SSDEEP
  
  1536:v2G7IuzVxAf2I9K25Ux5O8KXQeYNWAvOhi2t1sSPnfRhtPTHl/mqzgrQxFWOBX8u:NIuDK5UeX0lOhiMPn5h5l/magrQxFxBJ
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy