gafgyt | e5e928fd9c23f6efb6396476c8337c80b3abba3f0896a2bbd88c3e645faa1e0b | Triage

Submit
Reports

Overview

overview

Static

static

47a4c78c49...60.elf

debian-9-armhf

7

Sharing

General

Target

dc5b37d191af0c6757d793e774f316b6.bin
Size

70KB
Sample

240123-dsffssgaa4
MD5

02853086b90ba998b2d06420e206d298
SHA1

ac0aaea0f333a21f9e670422b9b67ee76ccb8d02
SHA256

e5e928fd9c23f6efb6396476c8337c80b3abba3f0896a2bbd88c3e645faa1e0b
SHA512

5410ae214e090a1be0f0bf8b1baf33e1353841b04b4d58aa5dd0dd8901d9bd67551222385d3bf2841acb0d3ab16da2cf548f2a7abb1bed685ef96011b7ef6792
SSDEEP

1536:hQJeO5YnDukJuBWt/XWT5iYj7GpGpABpUyF1sz+LVgjSF5qt:qJunykgBWt+T57j76nRmzig+F5qt

Score

10^/10

gafgyt upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

47a4c78c491705b30cb872eab31319f6879bca66d62a04f63d2e0558d8631b60.elf

Resource

debian9-armhf-20231215-en

debian-9-armhf

3 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

193.35.18.187:64599

Targets

- Target
  
  47a4c78c491705b30cb872eab31319f6879bca66d62a04f63d2e0558d8631b60.elf
- Size
  
  163KB
- MD5
  
  dc5b37d191af0c6757d793e774f316b6
- SHA1
  
  666dd3ffcd51db02639c37091ac60dd352c5298d
- SHA256
  
  47a4c78c491705b30cb872eab31319f6879bca66d62a04f63d2e0558d8631b60
- SHA512
  
  9e0a4e0c167694440d39587bff344198fc18dde97f25274c3fc0206e6ec3df01651b67861c73352f0807ebe89aece556f0a2257d6e8a019a6489ec482dd800af
- SSDEEP
  
  3072:wC2qIZ7a76orzbfdnbx3Aj1PIeoHeV+hV72WmJhny2qAQYzc:C7a76orPfdRAjTweV+hV72WmJhny2qP3
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy