gafgyt | daddbed8cf66f2cd976966370de663642e457f31ddfcc872ad9b09385182b87e | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

61cb47c646...a5.elf

debian-12-mipsel

6

Sharing

General

Target

61cb47c6462b5b55a0ed412065f7b8a5.elf
Size

209KB
Sample

240418-jbtjzseg92
MD5

61cb47c6462b5b55a0ed412065f7b8a5
SHA1

c1ec291daac104b125231683b4bff3b85d1f1917
SHA256

daddbed8cf66f2cd976966370de663642e457f31ddfcc872ad9b09385182b87e
SHA512

b652c87af3e6cd9dde22d5eb81c53ab6afa54487e08d715c36428efe052d90f9e09a3a866b2c939b38d3135b66b173cbb1736d8727a462d96649638dbd664695
SSDEEP

3072:T4mSFGv/kuidcX1qRdcB5hfH3TwpCMtmrpy6n9Nn:pn/ZmbRCB5hfXJMtmrpy6n9Nn

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

61cb47c6462b5b55a0ed412065f7b8a5.elf

Resource

debian12-mipsel-20240221-en

debian-12-mipsel

2 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

94.156.8.161:4444

Targets

- Target
  
  61cb47c6462b5b55a0ed412065f7b8a5.elf
- Size
  
  209KB
- MD5
  
  61cb47c6462b5b55a0ed412065f7b8a5
- SHA1
  
  c1ec291daac104b125231683b4bff3b85d1f1917
- SHA256
  
  daddbed8cf66f2cd976966370de663642e457f31ddfcc872ad9b09385182b87e
- SHA512
  
  b652c87af3e6cd9dde22d5eb81c53ab6afa54487e08d715c36428efe052d90f9e09a3a866b2c939b38d3135b66b173cbb1736d8727a462d96649638dbd664695
- SSDEEP
  
  3072:T4mSFGv/kuidcX1qRdcB5hfH3TwpCMtmrpy6n9Nn:pn/ZmbRCB5hfXJMtmrpy6n9Nn
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy