gafgyt | fdbd9b2a71f9a572aca410edc3de444419a3c2d238e836a687573d8bf372a9dc | Triage

Submit
Reports

Overview

overview

Static

static

mips.elf

debian-9-mips

6

Sharing

General

Target

mips.elf
Size

123KB
Sample

241128-wal5qszqbk
MD5

57bb77ecd8391e6c8fe342f9fc3e2a34
SHA1

a36a75019c2b551483b8557bbdb5d1970a71a683
SHA256

fdbd9b2a71f9a572aca410edc3de444419a3c2d238e836a687573d8bf372a9dc
SHA512

53c42369bbe854a396416adfcc30d416a8c3bbb5ad7bbda24dec6c6f95bbdd2dc18c7452cec92b5293b7612d5344fb0b37e60ba84a38496e09155899bf8e3513
SSDEEP

1536:M7je1TMGq+f+AQ2rK7zeXeReXe8V2rK7Ie+u60GAzQj1l72HBe0EdaAW/GrmW+IR:Ted0W0MZQHadaAW/GrmW+IFB1Dt1hR/

Score

10^/10

gafgyt discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

mips.elf

Resource

debian9-mipsbe-20240611-en

debian-9-mips

3 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

178.215.238.4:606

Targets

- Target
  
  mips.elf
- Size
  
  123KB
- MD5
  
  57bb77ecd8391e6c8fe342f9fc3e2a34
- SHA1
  
  a36a75019c2b551483b8557bbdb5d1970a71a683
- SHA256
  
  fdbd9b2a71f9a572aca410edc3de444419a3c2d238e836a687573d8bf372a9dc
- SHA512
  
  53c42369bbe854a396416adfcc30d416a8c3bbb5ad7bbda24dec6c6f95bbdd2dc18c7452cec92b5293b7612d5344fb0b37e60ba84a38496e09155899bf8e3513
- SSDEEP
  
  1536:M7je1TMGq+f+AQ2rK7zeXeReXe8V2rK7Ie+u60GAzQj1l72HBe0EdaAW/GrmW+IR:Ted0W0MZQHadaAW/GrmW+IFB1Dt1hR/
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy