gafgyt | 165059466add39037ed7af5682f7f9a8492e8da0174a8003281c171a8ba9b529 | Triage

Submit
Reports

Overview

overview

Static

static

hidakibest.mips.elf

debian-9-mips

6

Sharing

General

Target

hidakibest.mips.elf
Size

141KB
Sample

250220-wnqebatlz3
MD5

24fd1bd291809e50e03dff752d3112d9
SHA1

a8bd45f666ce4c8d55375754553df0fd1ec6a08a
SHA256

165059466add39037ed7af5682f7f9a8492e8da0174a8003281c171a8ba9b529
SHA512

7bbd19622ea13fcc2d3201915ae430dc5b2d6ebdfd340dd71230b2ff69d4b8f0130cb8e9b8708c485b60181336b58ebcb743b7f40492a9e55dafa121e5ae2dc4
SSDEEP

3072:sGGNZfCos2pA4FCa5hvikTam0/5ApYADn:hACyK40a5hvi9m0/5ASADn

Score

10^/10

gafgyt discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

hidakibest.mips.elf

Resource

debian9-mipsbe-20240611-en

debian-9-mips

3 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

64.188.99.14:4258

Targets

- Target
  
  hidakibest.mips.elf
- Size
  
  141KB
- MD5
  
  24fd1bd291809e50e03dff752d3112d9
- SHA1
  
  a8bd45f666ce4c8d55375754553df0fd1ec6a08a
- SHA256
  
  165059466add39037ed7af5682f7f9a8492e8da0174a8003281c171a8ba9b529
- SHA512
  
  7bbd19622ea13fcc2d3201915ae430dc5b2d6ebdfd340dd71230b2ff69d4b8f0130cb8e9b8708c485b60181336b58ebcb743b7f40492a9e55dafa121e5ae2dc4
- SSDEEP
  
  3072:sGGNZfCos2pA4FCa5hvikTam0/5ApYADn:hACyK40a5hvi9m0/5ASADn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy