gafgyt | 5ae5062621975a929992239a31bd99a137245aed0efa4551b0ab847a6386af5c | Triage

Submit
Reports

Overview

overview

Static

static

31ef6464f4...5c.elf

debian-9-mipsel

6

Sharing

General

Target

0e5051b1f3d41ef27ba72a8b6f8b0029.bin
Size

70KB
Sample

240429-bdawnadh5y
MD5

199431c1b07b1a30dbc44809e23cc2cc
SHA1

20f900ba32e67807b8379a59fd941bb27c3d1b5e
SHA256

5ae5062621975a929992239a31bd99a137245aed0efa4551b0ab847a6386af5c
SHA512

d16d702840b441efb414e4f7455486bcf007494430a67489119c1e19ace3e8d2f1e0dcd64477b9ba3c52a35051695f58c258df4c2e44a7056089a995eb304361
SSDEEP

1536:bQAw1fnFumB2/dh+WZoQLZ5FLZpoH88v19Fm9tSNmXqQh54:UpfAmyVNLZnW9Fzuqs54

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

31ef6464f4798017e299af3bdb62200f93b38d85c269f8501ca8211fe91f0d5c.elf

Resource

debian9-mipsel-20240226-en

debian-9-mipsel

4 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

2.58.95.131:65481

Targets

- Target
  
  31ef6464f4798017e299af3bdb62200f93b38d85c269f8501ca8211fe91f0d5c.elf
- Size
  
  244KB
- MD5
  
  0e5051b1f3d41ef27ba72a8b6f8b0029
- SHA1
  
  d6d0bbab3b2f334d380e5a749bab42dd3b198473
- SHA256
  
  31ef6464f4798017e299af3bdb62200f93b38d85c269f8501ca8211fe91f0d5c
- SHA512
  
  a9a2445d2a1fe7e4a88498747c27f671901057912c60c268d7feda21cb9be1b62836be2b5e62e6134b22e2a8d2ec6cc73aa52bab423438b49df88fa7d3846675
- SSDEEP
  
  6144:XcKDT4tAM7MBUXk5q9GZalny7TTb4m/fa1J8b:toyUm/fa1J8b
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy