gafgyt | 6429fd5f5a9324636b93c63976f262653f8646429ea6c3002c874fabe065115c | Triage

Submit
Reports

Overview

overview

Static

static

b60f389642...c5.elf

debian-9-armhf

7

Sharing

General

Target

b60f3896427ee815d81a400f332805c5.elf
Size

156KB
Sample

240719-l7cx8avhpp
MD5

b60f3896427ee815d81a400f332805c5
SHA1

93324997f74b0bb3e5bb59122da6024200f39213
SHA256

6429fd5f5a9324636b93c63976f262653f8646429ea6c3002c874fabe065115c
SHA512

aadf2948f59a9c643f476c16b43c587804f71db0b69608adb83dfabf6a40254e2023f439443276c804c0464c1ef20bb600d22ca9111c059373d7fdc0970fbac9
SSDEEP

3072:wSCaz+WranFP3QHbqOjRjY/+8uqXZSkmhmQwoVqJNu:k4/anFPkRjr8uqIkmhmQwoVqJNu

Score

10^/10

gafgyt

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b60f3896427ee815d81a400f332805c5.elf

Resource

debian9-armhf-20240418-en

debian-9-armhf

4 signatures

150 seconds

Malware Config

Targets

- Target
  
  b60f3896427ee815d81a400f332805c5.elf
- Size
  
  156KB
- MD5
  
  b60f3896427ee815d81a400f332805c5
- SHA1
  
  93324997f74b0bb3e5bb59122da6024200f39213
- SHA256
  
  6429fd5f5a9324636b93c63976f262653f8646429ea6c3002c874fabe065115c
- SHA512
  
  aadf2948f59a9c643f476c16b43c587804f71db0b69608adb83dfabf6a40254e2023f439443276c804c0464c1ef20bb600d22ca9111c059373d7fdc0970fbac9
- SSDEEP
  
  3072:wSCaz+WranFP3QHbqOjRjY/+8uqXZSkmhmQwoVqJNu:k4/anFPkRjr8uqIkmhmQwoVqJNu
Score

7^/10
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy