Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

gafgyt

ubuntu-22.04-amd64

6

Analysis

  • max time kernel
    60s
  • max time network
    63s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    28/09/2024, 09:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    gafgyt

  • Size

    175KB

  • MD5

    c0153aa7187e4eb21e65653e3d9fb54f

  • SHA1

    b7b196a011b5252a62f67075a0a9893d2effb704

  • SHA256

    169579c6cb5821c23bf3deaaa749761e440ebe216c11c3633e6d2ce97ca8e5f7

  • SHA512

    f17e44ff196ed1ae68e7740d264ff7ea11792e1aa7b33bf7dcc503060efa3045f1de01dc08997547ef064a491b0d9ae66f4d6d75662a0b1587d912d0b2627d98

  • SSDEEP

    3072:K1ggSfoLKaxUOPxXBIOY2ILeTOutJ8adPF4KQTjsz3EosWIeebUfAP2G+STxk:Bva6CXmJxxutJ8adPF4f0EosWIeebUf5

Score
6/10
discovery

Malware Config

Signatures

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

    discovery
  • Changes its process name 1 IoCs
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

    discovery

Processes

  • /tmp/gafgyt
    /tmp/gafgyt
    1⤵
    • Reads system routing table
    • Changes its process name
    • Reads system network configuration
    PID:1580

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads