gafgyt | 55535e030845f8b36d26196a2445c0d025e5a6c244067e586b504a297036249c | Triage

Submit
Reports

Overview

overview

Static

static

mips.elf

debian-9-mips

6

Sharing

General

Target

mips.elf
Size

123KB
Sample

241216-ng5xeszjdj
MD5

bfca67d4779f0ef659e34fc884c0a1b2
SHA1

b4ada345e880bc8c76001eb2200ebafcc204fc3d
SHA256

55535e030845f8b36d26196a2445c0d025e5a6c244067e586b504a297036249c
SHA512

63351ceb2f62138948cba7df6d7c2029240855ee47e8b55b4943d0f93d03e59126744de2be3064c1facaafc2e0b679ad410f0b6c705dea2abfea7718a1fb7b5b
SSDEEP

1536:g7je1TYGq+f+A02rKXzeve1eTe8p2rKXIeum9Y0GAzQj1l72HBe7ERLWfRZrmW+i:/a1UW0MZQHfB6RZrmW+IFB1Dt1hR/

Score

10^/10

gafgyt discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

mips.elf

Resource

debian9-mipsbe-20240611-en

debian-9-mips

3 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

150.241.88.132:25565

Targets

- Target
  
  mips.elf
- Size
  
  123KB
- MD5
  
  bfca67d4779f0ef659e34fc884c0a1b2
- SHA1
  
  b4ada345e880bc8c76001eb2200ebafcc204fc3d
- SHA256
  
  55535e030845f8b36d26196a2445c0d025e5a6c244067e586b504a297036249c
- SHA512
  
  63351ceb2f62138948cba7df6d7c2029240855ee47e8b55b4943d0f93d03e59126744de2be3064c1facaafc2e0b679ad410f0b6c705dea2abfea7718a1fb7b5b
- SSDEEP
  
  1536:g7je1TYGq+f+A02rKXzeve1eTe8p2rKXIeum9Y0GAzQj1l72HBe7ERLWfRZrmW+i:/a1UW0MZQHfB6RZrmW+IFB1Dt1hR/
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy