gafgyt | 99e7cbe8c667889ef78c2ab6cfff9439c57b80d6bff902f2ddf7ea41f95c99ab | Triage

Submit
Reports

Overview

overview

Static

static

strix.mips.elf

debian-9-mips

6

Sharing

General

Target

strix.mips.elf
Size

209KB
Sample

250223-wdf3wsvkaj
MD5

e69673e1ed464af63a72ca3a33f58381
SHA1

30f2bffc4c9c06adce490c08030cad75840f0c19
SHA256

99e7cbe8c667889ef78c2ab6cfff9439c57b80d6bff902f2ddf7ea41f95c99ab
SHA512

1dbdc7ad0dd0db4b5990be3f0a1675a96a72f4140561ce9b52bff41d058c1e90ca159a22cd6f4581e55f89c222749647ee59becee5b6aa4fe23c1588eed7d94a
SSDEEP

3072:3XC9j6w2ZQgoYJR4GZOhL3qu2a1zleu+WRd9soUQcI7T5hEBk1cmrpy6n9Nn:3SPfTcI7T5hE1mrpy6n9Nn

Score

10^/10

gafgyt discovery

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

strix.mips.elf

Resource

debian9-mipsbe-20240611-en

debian-9-mips

3 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

37.44.238.66:5334

Targets

- Target
  
  strix.mips.elf
- Size
  
  209KB
- MD5
  
  e69673e1ed464af63a72ca3a33f58381
- SHA1
  
  30f2bffc4c9c06adce490c08030cad75840f0c19
- SHA256
  
  99e7cbe8c667889ef78c2ab6cfff9439c57b80d6bff902f2ddf7ea41f95c99ab
- SHA512
  
  1dbdc7ad0dd0db4b5990be3f0a1675a96a72f4140561ce9b52bff41d058c1e90ca159a22cd6f4581e55f89c222749647ee59becee5b6aa4fe23c1588eed7d94a
- SSDEEP
  
  3072:3XC9j6w2ZQgoYJR4GZOhL3qu2a1zleu+WRd9soUQcI7T5hEBk1cmrpy6n9Nn:3SPfTcI7T5hE1mrpy6n9Nn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy