gafgyt | 6b70b73f2402a014eaf5e2d64d14ff6009bb853eba66767447c5522542241522 | Triage

Submit
Reports

Overview

overview

Static

static

395d262d1c...763734

debian-9-armhf

7

Sharing

General

Target

395d262d1c22e57c5d44f2028f763734
Size

126KB
Sample

231231-rh9tjsbggp
MD5

395d262d1c22e57c5d44f2028f763734
SHA1

9e862246148b6a59210d3ca41a5c4abc1820a000
SHA256

6b70b73f2402a014eaf5e2d64d14ff6009bb853eba66767447c5522542241522
SHA512

059e5558413775936e77ebc67e258155d6493d65f6cb87f747ecc4e88542b99a8be40a209cf36bd4158612bcd3637d87470b09cdc229d704bec4d762ef985ac1
SSDEEP

3072:6jVlyaL5JCrIpv04sLbstiEiJmP46aQyfPluesNb:yoCJCN4sLb8YmP46aQyfPluesNb

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

395d262d1c22e57c5d44f2028f763734

Resource

debian9-armhf-20231222-en

debian-9-armhf

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  395d262d1c22e57c5d44f2028f763734
- Size
  
  126KB
- MD5
  
  395d262d1c22e57c5d44f2028f763734
- SHA1
  
  9e862246148b6a59210d3ca41a5c4abc1820a000
- SHA256
  
  6b70b73f2402a014eaf5e2d64d14ff6009bb853eba66767447c5522542241522
- SHA512
  
  059e5558413775936e77ebc67e258155d6493d65f6cb87f747ecc4e88542b99a8be40a209cf36bd4158612bcd3637d87470b09cdc229d704bec4d762ef985ac1
- SSDEEP
  
  3072:6jVlyaL5JCrIpv04sLbstiEiJmP46aQyfPluesNb:yoCJCN4sLb8YmP46aQyfPluesNb
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy