gafgyt | 800b22620e82d05fb5cf4594dcdb5d1fd70a14abf20d9c552b43648e895ce745 | Triage

Submit
Reports

Overview

overview

Static

static

800b22620e...45.elf

debian-9-mips

6

Sharing

General

Target

800b22620e82d05fb5cf4594dcdb5d1fd70a14abf20d9c552b43648e895ce745.elf
Size

209KB
Sample

240703-bwanlszgna
MD5

a6a351954b27fda91d811cdc782bc881
SHA1

d6f69796445dd774444ff90a36353406c4c50dfe
SHA256

800b22620e82d05fb5cf4594dcdb5d1fd70a14abf20d9c552b43648e895ce745
SHA512

e43107504bc3afc9f963052908571fce8f08dfbccb57b04ea200e212cfaccd5d696908be02eeb6433599a630ce306506b871492a202ce5ec9b36425da7739022
SSDEEP

3072:3XC9j6w2ZQgoYJlQeRmhDvy2uSNbtmWu+R9ask0QcYb25hRBg1cmrpy6n9Nn:3SDCzcYb25hR5mrpy6n9Nn

Score

10^/10

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

800b22620e82d05fb5cf4594dcdb5d1fd70a14abf20d9c552b43648e895ce745.elf

Resource

debian9-mipsbe-20240611-en

debian-9-mips

2 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

195.85.205.47:777

Targets

- Target
  
  800b22620e82d05fb5cf4594dcdb5d1fd70a14abf20d9c552b43648e895ce745.elf
- Size
  
  209KB
- MD5
  
  a6a351954b27fda91d811cdc782bc881
- SHA1
  
  d6f69796445dd774444ff90a36353406c4c50dfe
- SHA256
  
  800b22620e82d05fb5cf4594dcdb5d1fd70a14abf20d9c552b43648e895ce745
- SHA512
  
  e43107504bc3afc9f963052908571fce8f08dfbccb57b04ea200e212cfaccd5d696908be02eeb6433599a630ce306506b871492a202ce5ec9b36425da7739022
- SSDEEP
  
  3072:3XC9j6w2ZQgoYJlQeRmhDvy2uSNbtmWu+R9ask0QcYb25hRBg1cmrpy6n9Nn:3SDCzcYb25hR5mrpy6n9Nn
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy