gafgyt | e1dd59a6f7ee428ba4a8d40599ac66fd78b91e9b4317c86ac12cea203e737027 | Triage

Submit
Reports

Overview

overview

Static

static

9cd54d4678...4d.elf

debian-9-mipsel

6

Sharing

General

Target

9cd54d46782149cf01f8f5a224a3804d.elf
Size

183KB
Sample

240705-hzym6sxalf
MD5

9cd54d46782149cf01f8f5a224a3804d
SHA1

b8e5e56bbf9aac08e573e37892d166cafc4bd5ab
SHA256

e1dd59a6f7ee428ba4a8d40599ac66fd78b91e9b4317c86ac12cea203e737027
SHA512

40a57e50e993c8b18970a99129c90e4f39e643bc8e92f6526062664a614af701b8535232030fd717f7cdd0903045e1fb7072ef0c36c1e132cd6088cd0001ef16
SSDEEP

3072:COF7bGC6Cv9RDV5hq01ZQhmv8uqx1BVnKoe:CMKWVFV5hqBhmv8uqx1BVnKoe

Score

10^/10

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9cd54d46782149cf01f8f5a224a3804d.elf

Resource

debian9-mipsel-20240611-en

debian-9-mipsel

2 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.106:4444

Targets

- Target
  
  9cd54d46782149cf01f8f5a224a3804d.elf
- Size
  
  183KB
- MD5
  
  9cd54d46782149cf01f8f5a224a3804d
- SHA1
  
  b8e5e56bbf9aac08e573e37892d166cafc4bd5ab
- SHA256
  
  e1dd59a6f7ee428ba4a8d40599ac66fd78b91e9b4317c86ac12cea203e737027
- SHA512
  
  40a57e50e993c8b18970a99129c90e4f39e643bc8e92f6526062664a614af701b8535232030fd717f7cdd0903045e1fb7072ef0c36c1e132cd6088cd0001ef16
- SSDEEP
  
  3072:COF7bGC6Cv9RDV5hq01ZQhmv8uqx1BVnKoe:CMKWVFV5hqBhmv8uqx1BVnKoe
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy