gafgyt | a18ad447236c0345bbaae2ff79e736af5de72ed5eae0d7389690e74b0cd79246 | Triage

Submit
Reports

Overview

overview

Static

static

a18ad44723...46.elf

debian-9-mipsel

7

Sharing

General

Target

a18ad447236c0345bbaae2ff79e736af5de72ed5eae0d7389690e74b0cd79246.elf
Size

175KB
Sample

250223-c8f7laxjz3
MD5

53eeaa32c2da81e31c8e98445a210369
SHA1

b5a9d9041b91d115be38eea10a30e49f50489178
SHA256

a18ad447236c0345bbaae2ff79e736af5de72ed5eae0d7389690e74b0cd79246
SHA512

c328257a071900adba1d6cdca70c2fe4eb085209800bd6f8d12bf37d1bb841e8d1a429532c19f9b72996afbd6f8c84972448c8d63ac1357a9c106ac1cb85d21b
SSDEEP

1536:CY0XpUX0eej8bxwSOrgflgiLhoykWN1d2RNzSB5hhWQivYtrvxGfosmaVj3OOKIf:p/5nYXiSyR7sM5hhW7vgrfsmsj3tKIWe

Score

10^/10

gafgyt defense_evasion discovery execution

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a18ad447236c0345bbaae2ff79e736af5de72ed5eae0d7389690e74b0cd79246.elf

Resource

debian9-mipsel-20240611-en

defense_evasion discovery execution

debian-9-mipsel

12 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

37.44.238.66:23

Targets

- Target
  
  a18ad447236c0345bbaae2ff79e736af5de72ed5eae0d7389690e74b0cd79246.elf
- Size
  
  175KB
- MD5
  
  53eeaa32c2da81e31c8e98445a210369
- SHA1
  
  b5a9d9041b91d115be38eea10a30e49f50489178
- SHA256
  
  a18ad447236c0345bbaae2ff79e736af5de72ed5eae0d7389690e74b0cd79246
- SHA512
  
  c328257a071900adba1d6cdca70c2fe4eb085209800bd6f8d12bf37d1bb841e8d1a429532c19f9b72996afbd6f8c84972448c8d63ac1357a9c106ac1cb85d21b
- SSDEEP
  
  1536:CY0XpUX0eej8bxwSOrgflgiLhoykWN1d2RNzSB5hhWQivYtrvxGfosmaVj3OOKIf:p/5nYXiSyR7sM5hhW7vgrfsmsj3tKIWe
Score

7^/10

defense_evasion discovery execution
- Deletes itself
- Flushes firewall rules
  Flushes/ disables firewall rules inside the Linux kernel.
  defense_evasion
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Unix Shell

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Adversary-in-the-Middle

Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Adversary-in-the-Middle

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecution

© 2018-2025

Terms | Privacy