gafgyt | f43328abf3ea49b072921c9baa40005d2880b16754315cf42c34cad29f9a0fc7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

c5df5123d6...a3.elf

debian-12-mipsel

6

Sharing

General

Target

7192be9d0197e6e6e2a5d0a9d439b574.bin
Size

64KB
Sample

240306-bzkmzsge69
MD5

f0b2fc0e61f0888732fa0ca59700d7a5
SHA1

d540f46121cd393f9feb852b3a79500b6d5a29ac
SHA256

f43328abf3ea49b072921c9baa40005d2880b16754315cf42c34cad29f9a0fc7
SHA512

40d10d2d406f547aa4bb4c6be007a35d8ca5a9bb0bfc404b600fafc867510b424f16d50973d31997a00c8ea8f2f5430b08ca7d2405f84d8de899956cb3c6365e
SSDEEP

1536:zALNHVyzbLTqGORYk4mTnX+HztOZO22mf3cTmWP4:cNozfTyKE7OqfMTmR

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

c5df5123d65b2aa40e6174c3f4d89108ddb825f338c29f8e0e54239c981e2ea3.elf

Resource

debian12-mipsel-20240221-en

debian-12-mipsel

2 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

91.92.244.11:19302

Targets

- Target
  
  c5df5123d65b2aa40e6174c3f4d89108ddb825f338c29f8e0e54239c981e2ea3.elf
- Size
  
  271KB
- MD5
  
  7192be9d0197e6e6e2a5d0a9d439b574
- SHA1
  
  73cbdad25a9bd5c6d164a9637078c14bf1e95a26
- SHA256
  
  c5df5123d65b2aa40e6174c3f4d89108ddb825f338c29f8e0e54239c981e2ea3
- SHA512
  
  a69006f77428f2bdf8b36858504e665403a807dad39a3d46b9fc0c5d09ed7b3c6722c961b55ad1ad91d1b1bf41d523dc714cb7b4d237a722c34e3ac74297bfb5
- SSDEEP
  
  6144:kejgoSLW38X/bT5hWWmCwadvN2q5nm38kQ:k+gpLq8X35hW7CwadvN2q5nm38kQ
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy