Overview

overview

10

Static

static

10

Malware.20...f09f56

debian-9-mips

6

Malware.20...1d2347

ubuntu-18.04-amd64

Malware.20...1d2347

debian-9-armhf

Malware.20...1d2347

debian-9-mips

Malware.20...1d2347

debian-9-mipsel

Malware.20...465127

debian-9-armhf

6

Malware.20...37d14f

ubuntu-18.04-amd64

Malware.20...37d14f

debian-9-armhf

Malware.20...37d14f

debian-9-mips

Malware.20...37d14f

debian-9-mipsel

1

Malware.20...58207c

debian-9-armhf

6

Malware.20...ff8c1c

debian-12-mipsel

6

Malware.20...4315ee

debian-12-mipsel

9

Malware.20...207d62

ubuntu-18.04-amd64

Malware.20...207d62

debian-9-armhf

Malware.20...207d62

debian-9-mips

Malware.20...207d62

debian-9-mipsel

Malware.20...978e5b

ubuntu-18.04-amd64

Malware.20...978e5b

debian-9-armhf

Malware.20...978e5b

debian-9-mips

Malware.20...978e5b

debian-9-mipsel

Malware.20...dcd5e3

debian-9-mips

9

Malware.20...d11707

debian-12-mipsel

1

Malware.20...3bc67c

debian-9-armhf

1

Malware.20...67fb15

debian-9-mipsel

1

Malware.20...35453b

ubuntu-18.04-amd64

Malware.20...35453b

debian-9-armhf

Malware.20...35453b

debian-9-mips

Malware.20...35453b

debian-9-mipsel

Malware.20...567266

ubuntu-18.04-amd64

Malware.20...567266

debian-9-armhf

Malware.20...567266

debian-9-mips

Resubmissions

13-02-2025 13:04

250213-qaxnksymhs 10

Analysis

  • max time kernel
    146s
  • max time network
    310s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20240418-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    13-02-2025 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-54fe5560cb69338057594bfdf0911c042c625a22f54ea59d7d3cfd9d4cf09f56

  • Size

    207KB

  • MD5

    d9a674fbf18283b2457bed5acf6eeee3

  • SHA1

    4514cbde77537c8ecff0ed4fa3e8ea8c31eaae63

  • SHA256

    54fe5560cb69338057594bfdf0911c042c625a22f54ea59d7d3cfd9d4cf09f56

  • SHA512

    2372bf24f078b4fb282cdaf29b4218e8b6bf1475b0ef2a9bbfa22c054f48636a88bd794d13c408f70b87b5f5b30d9a1e21fcb29bcd002b2cc141568e99192ff5

  • SSDEEP

    3072:8WP0M+Qz7aFFzo7ksOIaCHA5hPgsz0Fl0mrpy6n9Nn:JpSgGJCHA5hP1mrpy6n9Nn

Score
6/10
discovery

Malware Config

Signatures

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

    discovery
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

    discovery

Processes

  • /tmp/Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-54fe5560cb69338057594bfdf0911c042c625a22f54ea59d7d3cfd9d4cf09f56
    /tmp/Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-54fe5560cb69338057594bfdf0911c042c625a22f54ea59d7d3cfd9d4cf09f56
    1⤵
    • Reads system routing table
    • Reads system network configuration
    PID:812

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads