gafgyt | 372488b8cecb45ce03923f19df5d904980761cd8a7f2ca87ce6c5b7fcff0e20a | Triage

Submit
Reports

Overview

overview

Static

static

372488b8ce...0a.elf

debian-9-mips

7

Sharing

General

Target

372488b8cecb45ce03923f19df5d904980761cd8a7f2ca87ce6c5b7fcff0e20a.elf
Size

175KB
Sample

250223-cpzvlavnfn
MD5

4e71504e4a8a3d4d5c7f60701c4cd36c
SHA1

39f8b713d31c70b4d887ef95d347b48c8f68c98e
SHA256

372488b8cecb45ce03923f19df5d904980761cd8a7f2ca87ce6c5b7fcff0e20a
SHA512

70e59bf2b7c8e0a4919686265002f4c65e7817a08f17759d148e5c1ffa90c38651593f06b61c52eece6d0655a4586abca34ccf76ae2626463d2b0968b68adb59
SSDEEP

3072:XDmNX+56DbtVO4x90ssgy4R695h3W+BTmsj3tKIWe:qZ+56TT0gxR695h3W+BTmsj3oIWe

Score

10^/10

gafgyt defense_evasion discovery execution

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

372488b8cecb45ce03923f19df5d904980761cd8a7f2ca87ce6c5b7fcff0e20a.elf

Resource

debian9-mipsbe-20240611-en

defense_evasion discovery execution

debian-9-mips

12 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

37.44.238.66:23

Targets

- Target
  
  372488b8cecb45ce03923f19df5d904980761cd8a7f2ca87ce6c5b7fcff0e20a.elf
- Size
  
  175KB
- MD5
  
  4e71504e4a8a3d4d5c7f60701c4cd36c
- SHA1
  
  39f8b713d31c70b4d887ef95d347b48c8f68c98e
- SHA256
  
  372488b8cecb45ce03923f19df5d904980761cd8a7f2ca87ce6c5b7fcff0e20a
- SHA512
  
  70e59bf2b7c8e0a4919686265002f4c65e7817a08f17759d148e5c1ffa90c38651593f06b61c52eece6d0655a4586abca34ccf76ae2626463d2b0968b68adb59
- SSDEEP
  
  3072:XDmNX+56DbtVO4x90ssgy4R695h3W+BTmsj3tKIWe:qZ+56TT0gxR695h3W+BTmsj3oIWe
Score

7^/10

defense_evasion discovery execution
- Deletes itself
- Flushes firewall rules
  Flushes/ disables firewall rules inside the Linux kernel.
  defense_evasion
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Unix Shell

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Disable or Modify System Firewall

Credential Access

Adversary-in-the-Middle

Discovery

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Adversary-in-the-Middle

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoveryexecution

© 2018-2025

Terms | Privacy