gafgyt | 52b6f31e6f2da1b3aa257863b16182d3c6b7e72460579aebce70ded6126ce686 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

1c2de2706d...9a.elf

debian-12-mipsel

9

Sharing

General

Target

1c2de2706da97d7858f14fb36404339a.elf
Size

199KB
Sample

240408-yvdp7sae56
MD5

1c2de2706da97d7858f14fb36404339a
SHA1

45b0a7d60cbe1b9051a61c4a7534a6768943a45e
SHA256

52b6f31e6f2da1b3aa257863b16182d3c6b7e72460579aebce70ded6126ce686
SHA512

bda3074fa565f8885c4647df063c8d9f5106a50cd3a0d362d3c241eec6c3c187a667b262d7a97ea25aca5a3871208ff228d999577e61df59d4ca437b1330d892
SSDEEP

3072:ooIR900aTESn9teFTmlaIRyOHDDTlPWDyaejZh:oowVSeFTm3rDDTlPWDyaejZh

Score

10^/10

gafgyt discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1c2de2706da97d7858f14fb36404339a.elf

Resource

debian12-mipsel-20240221-en

debian-12-mipsel

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  1c2de2706da97d7858f14fb36404339a.elf
- Size
  
  199KB
- MD5
  
  1c2de2706da97d7858f14fb36404339a
- SHA1
  
  45b0a7d60cbe1b9051a61c4a7534a6768943a45e
- SHA256
  
  52b6f31e6f2da1b3aa257863b16182d3c6b7e72460579aebce70ded6126ce686
- SHA512
  
  bda3074fa565f8885c4647df063c8d9f5106a50cd3a0d362d3c241eec6c3c187a667b262d7a97ea25aca5a3871208ff228d999577e61df59d4ca437b1330d892
- SSDEEP
  
  3072:ooIR900aTESn9teFTmlaIRyOHDDTlPWDyaejZh:oowVSeFTm3rDDTlPWDyaejZh
Score

9^/10

discovery
- Contacts a large (65892) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Changes its process name
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy