gafgyt | dca18f9838c8d5ba9f3ca29d0405c47a90a91850449d331f2c36ea322a2712f6 | Triage

Sharing

General

Target

45c91aff6a07ab7a90666be54a0e719a.elf
Size

89KB
Sample

230402-sj2p1agh88
MD5

45c91aff6a07ab7a90666be54a0e719a
SHA1

989850e72d3771a38a4270b0354e5c794465971c
SHA256

dca18f9838c8d5ba9f3ca29d0405c47a90a91850449d331f2c36ea322a2712f6
SHA512

ff3ba45d369e0d375c38d61500f70cc249bdada634faf51ef40f8edeb38c7cbeda6d5ba50d0835d679fdddced233604de7126899dde84689502d7525362e1455
SSDEEP

1536:s7WRz6TH6/8dvRuTQ/cPTiFnKS31phaBvn007emoI5um2Xj5YZA0e:iRHpdv4TJrinKO1phaBvn00ymr5um2Xx

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

43.153.37.45:707

Targets

- Target
  
  45c91aff6a07ab7a90666be54a0e719a.elf
- Size
  
  89KB
- MD5
  
  45c91aff6a07ab7a90666be54a0e719a
- SHA1
  
  989850e72d3771a38a4270b0354e5c794465971c
- SHA256
  
  dca18f9838c8d5ba9f3ca29d0405c47a90a91850449d331f2c36ea322a2712f6
- SHA512
  
  ff3ba45d369e0d375c38d61500f70cc249bdada634faf51ef40f8edeb38c7cbeda6d5ba50d0835d679fdddced233604de7126899dde84689502d7525362e1455
- SSDEEP
  
  1536:s7WRz6TH6/8dvRuTQ/cPTiFnKS31phaBvn007emoI5um2Xj5YZA0e:iRHpdv4TJrinKO1phaBvn00ymr5um2Xx
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1