gafgyt | 4e3daff98cfe4b23524969083ed0334d006dbf122a2c3402b8a27be548902c40 | Triage

Submit
Reports

Overview

overview

Static

static

mipsel.elf

debian-12-mipsel

6

Sharing

General

Target

mipsel.elf
Size

123KB
Sample

241216-nms5taymaz
MD5

143dc31bc30615773f0cb4b52f4ba104
SHA1

524ce6913b57fdd8c6e038d5c7c19e13bca949de
SHA256

4e3daff98cfe4b23524969083ed0334d006dbf122a2c3402b8a27be548902c40
SHA512

95da2f8d91c950aaae459cf6812a93842af2d51b16f3d11aaaf476e902377693570b47a5fb3ff8c01517f434f689696523e17dcbc1e0a0f00b24e35596178d60
SSDEEP

1536:/RHeTECAms/Y8Zm3lKYA43gMJwSkJ8EpAyDzUh8rmW+IFB1Df11hR/:/R5LqAmgMJM8EiyDw8rmW+IFB1Dt1hR/

Score

10^/10

gafgyt discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

mipsel.elf

Resource

debian12-mipsel-20240221-en

debian-12-mipsel

3 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

150.241.88.132:25565

Targets

- Target
  
  mipsel.elf
- Size
  
  123KB
- MD5
  
  143dc31bc30615773f0cb4b52f4ba104
- SHA1
  
  524ce6913b57fdd8c6e038d5c7c19e13bca949de
- SHA256
  
  4e3daff98cfe4b23524969083ed0334d006dbf122a2c3402b8a27be548902c40
- SHA512
  
  95da2f8d91c950aaae459cf6812a93842af2d51b16f3d11aaaf476e902377693570b47a5fb3ff8c01517f434f689696523e17dcbc1e0a0f00b24e35596178d60
- SSDEEP
  
  1536:/RHeTECAms/Y8Zm3lKYA43gMJwSkJ8EpAyDzUh8rmW+IFB1Df11hR/:/R5LqAmgMJM8EiyDw8rmW+IFB1Dt1hR/
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy