gafgyt | 3c8123a8a0ec8b8282782106dd5bc2279367732377813fa93d383dbedd5fc9f1 | Triage

Submit
Reports

Overview

overview

Static

static

hidakibest.mips.elf

debian-9-mips

6

Sharing

General

Target

hidakibest.mips.elf
Size

111KB
Sample

241222-sblc2sskdj
MD5

0faba175f8b037661975056bed631c15
SHA1

668150ff8d38aeb805394a1169607facc7c79d4e
SHA256

3c8123a8a0ec8b8282782106dd5bc2279367732377813fa93d383dbedd5fc9f1
SHA512

a6657212b3fc60d8ae90cb37b4530a11be86e2f2910d404583f50c0433b66a9209e258536a2ec8f7dbc69fbcd6d05e18618b19c3b51fe3d705e1292c6bbce4c8
SSDEEP

3072:DWmzrbF74jl5hU8tRreU4gQKdwwzF9GhsRiAe:DLzrJ8l5hU8t2KdwwzF9GhsRiAe

Score

10^/10

gafgyt discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

hidakibest.mips.elf

Resource

debian9-mipsbe-20240418-en

debian-9-mips

3 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

31.172.83.147:4258

Targets

- Target
  
  hidakibest.mips.elf
- Size
  
  111KB
- MD5
  
  0faba175f8b037661975056bed631c15
- SHA1
  
  668150ff8d38aeb805394a1169607facc7c79d4e
- SHA256
  
  3c8123a8a0ec8b8282782106dd5bc2279367732377813fa93d383dbedd5fc9f1
- SHA512
  
  a6657212b3fc60d8ae90cb37b4530a11be86e2f2910d404583f50c0433b66a9209e258536a2ec8f7dbc69fbcd6d05e18618b19c3b51fe3d705e1292c6bbce4c8
- SSDEEP
  
  3072:DWmzrbF74jl5hU8tRreU4gQKdwwzF9GhsRiAe:DLzrJ8l5hU8t2KdwwzF9GhsRiAe
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy