gafgyt | dbd05dbe08e34da431196f96df5240e154edd98daa0cb913408efb1e0715fbd0 | Triage

Submit
Reports

Overview

overview

Static

static

7b3fde1bc6...5ccf65

debian-9-armhf

7

Sharing

Copy URL Twitter E-mail

General

Target

7b3fde1bc60bd7494e50bd3dfb5ccf65
Size

122KB
Sample

240127-zm8faadfgp
MD5

7b3fde1bc60bd7494e50bd3dfb5ccf65
SHA1

0546941ec53e7b5d230bf68dffceac356fffb09e
SHA256

dbd05dbe08e34da431196f96df5240e154edd98daa0cb913408efb1e0715fbd0
SHA512

67b94ddde276b8321de08fc05f12e8ad6118987ff098e8f619d6f111edf6470ab2745b0e1f1952a5f1d6083dbd77a4f1f53033064026f88bb1359f2cfa853fb9
SSDEEP

3072:4jDy/+mh1vtbPIKapbpcUPium7/L7QsvmGfIiNb:mOJ1vxfapbywm7/L7QsvmGfIiNb

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

7b3fde1bc60bd7494e50bd3dfb5ccf65

Resource

debian9-armhf-20231221-en

debian-9-armhf

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  7b3fde1bc60bd7494e50bd3dfb5ccf65
- Size
  
  122KB
- MD5
  
  7b3fde1bc60bd7494e50bd3dfb5ccf65
- SHA1
  
  0546941ec53e7b5d230bf68dffceac356fffb09e
- SHA256
  
  dbd05dbe08e34da431196f96df5240e154edd98daa0cb913408efb1e0715fbd0
- SHA512
  
  67b94ddde276b8321de08fc05f12e8ad6118987ff098e8f619d6f111edf6470ab2745b0e1f1952a5f1d6083dbd77a4f1f53033064026f88bb1359f2cfa853fb9
- SSDEEP
  
  3072:4jDy/+mh1vtbPIKapbpcUPium7/L7QsvmGfIiNb:mOJ1vxfapbywm7/L7QsvmGfIiNb
Score

7^/10
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy