gafgyt | a0e5d48258b23d1d9ebbfd4f6aa02237041f861f4b9108f04aa34267756296d3 | Triage

Submit
Reports

Overview

overview

Static

static

89.250.72....09.elf

debian-12-mipsel

6

Sharing

General

Target

89.250.72.36-mipsel-2024-12-31T133309.elf
Size

51KB
Sample

241231-thb9dsxqev
MD5

55cb568389694191bbbbb32b473596e4
SHA1

51e2020dd084e77c23b2b589464d4e2d88f85e02
SHA256

a0e5d48258b23d1d9ebbfd4f6aa02237041f861f4b9108f04aa34267756296d3
SHA512

7f18316cb5ca6c8d5530b2ca3194efaf8cf10714e4012360f1a044c9b64c7ad1dff772600a8d1ec82ba7277abd0327a35a3bfc9d143101f49aacf27c4de886fa
SSDEEP

384:ymUDkJPyQonihuSMzXk92IHXyLT6BMCq1WYwHuwtyngFi3cjIErBt1OdkrNLNmLV:ymUAyfnGTR+9WYwzyn7Ja8xLvDBC8

Score

10^/10

gafgyt discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

89.250.72.36-mipsel-2024-12-31T133309.elf

Resource

debian12-mipsel-20240729-en

debian-12-mipsel

3 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

89.250.72.36:666

Targets

- Target
  
  89.250.72.36-mipsel-2024-12-31T133309.elf
- Size
  
  51KB
- MD5
  
  55cb568389694191bbbbb32b473596e4
- SHA1
  
  51e2020dd084e77c23b2b589464d4e2d88f85e02
- SHA256
  
  a0e5d48258b23d1d9ebbfd4f6aa02237041f861f4b9108f04aa34267756296d3
- SHA512
  
  7f18316cb5ca6c8d5530b2ca3194efaf8cf10714e4012360f1a044c9b64c7ad1dff772600a8d1ec82ba7277abd0327a35a3bfc9d143101f49aacf27c4de886fa
- SSDEEP
  
  384:ymUDkJPyQonihuSMzXk92IHXyLT6BMCq1WYwHuwtyngFi3cjIErBt1OdkrNLNmLV:ymUAyfnGTR+9WYwzyn7Ja8xLvDBC8
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy