gafgyt | 9702dc811c05ceb5a80b465c966ab392dde2bf6442f59b8dddf1b5106577b1c7 | Triage

Sharing

General

Target

cf068be65e5cde6c25feb311671b0f30.elf
Size

112KB
Sample

230402-sjfsjaac7s
MD5

cf068be65e5cde6c25feb311671b0f30
SHA1

2cd3dbfd02f0964e589050c8ce5df06c2eb5dbf3
SHA256

9702dc811c05ceb5a80b465c966ab392dde2bf6442f59b8dddf1b5106577b1c7
SHA512

f7bac552eb96984669ee1e82bc8a978e6ca3ac7366c4664ae36c0a71eed03e72b427b19197cad635104e4fec6c27a29611380ee0a4d1fce77c028cc3f89b1dc3
SSDEEP

3072:Ld5aPO2ONvarAJy9n5h/8KkGdAQvkbmOQUJ1UXpTn:Z5aPO7s9n5h/8KL2QcbmOQUJ1apTn

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

43.153.37.45:707

Targets

- Target
  
  cf068be65e5cde6c25feb311671b0f30.elf
- Size
  
  112KB
- MD5
  
  cf068be65e5cde6c25feb311671b0f30
- SHA1
  
  2cd3dbfd02f0964e589050c8ce5df06c2eb5dbf3
- SHA256
  
  9702dc811c05ceb5a80b465c966ab392dde2bf6442f59b8dddf1b5106577b1c7
- SHA512
  
  f7bac552eb96984669ee1e82bc8a978e6ca3ac7366c4664ae36c0a71eed03e72b427b19197cad635104e4fec6c27a29611380ee0a4d1fce77c028cc3f89b1dc3
- SSDEEP
  
  3072:Ld5aPO2ONvarAJy9n5h/8KkGdAQvkbmOQUJ1UXpTn:Z5aPO7s9n5h/8KL2QcbmOQUJ1apTn
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1