Overview

overview

10

Static

static

10

Malware.20...f09f56

debian-9-mips

6

Malware.20...1d2347

ubuntu-18.04-amd64

Malware.20...1d2347

debian-9-armhf

Malware.20...1d2347

debian-9-mips

Malware.20...1d2347

debian-9-mipsel

Malware.20...465127

debian-9-armhf

6

Malware.20...37d14f

ubuntu-18.04-amd64

Malware.20...37d14f

debian-9-armhf

Malware.20...37d14f

debian-9-mips

Malware.20...37d14f

debian-9-mipsel

1

Malware.20...58207c

debian-9-armhf

6

Malware.20...ff8c1c

debian-12-mipsel

6

Malware.20...4315ee

debian-12-mipsel

9

Malware.20...207d62

ubuntu-18.04-amd64

Malware.20...207d62

debian-9-armhf

Malware.20...207d62

debian-9-mips

Malware.20...207d62

debian-9-mipsel

Malware.20...978e5b

ubuntu-18.04-amd64

Malware.20...978e5b

debian-9-armhf

Malware.20...978e5b

debian-9-mips

Malware.20...978e5b

debian-9-mipsel

Malware.20...dcd5e3

debian-9-mips

9

Malware.20...d11707

debian-12-mipsel

1

Malware.20...3bc67c

debian-9-armhf

1

Malware.20...67fb15

debian-9-mipsel

1

Malware.20...35453b

ubuntu-18.04-amd64

Malware.20...35453b

debian-9-armhf

Malware.20...35453b

debian-9-mips

Malware.20...35453b

debian-9-mipsel

Malware.20...567266

ubuntu-18.04-amd64

Malware.20...567266

debian-9-armhf

Malware.20...567266

debian-9-mips

Resubmissions

13-02-2025 13:04

250213-qaxnksymhs 10

Analysis

  • max time kernel
    148s
  • max time network
    364s
  • platform
    debian-12_mipsel
  • resource
    debian12-mipsel-20240221-en
  • resource tags

    arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
  • submitted
    13-02-2025 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-da93c0050adf790ae5b18989953da8bf4b33e8308e531b833200a4a039ff8c1c

  • Size

    207KB

  • MD5

    1b486a8660f9840f28b8f48661a32f78

  • SHA1

    eafd2036e60b74ada91c11919fb0c6a2e9bc8c75

  • SHA256

    da93c0050adf790ae5b18989953da8bf4b33e8308e531b833200a4a039ff8c1c

  • SHA512

    6f1bc57af7dd1acc24e00c9eb7a87dce8aad839539094b75026427ea4f4052e73dedd62e57dad4aa30ba75bc28e9ee8d75ba9ed9948a07bb4d30d4ee2ce816e0

  • SSDEEP

    3072:v4dnFE7GqykuXDjS+P475hNMD5Hmrpy6n9Nn:WC7GHnq+P475hNWdmrpy6n9Nn

Score
6/10
discovery

Malware Config

Signatures

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

    discovery
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

    discovery

Processes

  • /tmp/Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-da93c0050adf790ae5b18989953da8bf4b33e8308e531b833200a4a039ff8c1c
    /tmp/Malware.2024.10.31/HEUR.Backdoor.Linux.Gafgyt.dd-da93c0050adf790ae5b18989953da8bf4b33e8308e531b833200a4a039ff8c1c
    1⤵
    • Reads system routing table
    • Reads system network configuration
    PID:787

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads