gafgyt | 47bee2e3d9bc2c9e8e7b162e20896d15f295d095438dd4bae89efbd9fabef977 | Triage

Sharing

General

Target

x-8.6-.Hellfire.elf
Size

102KB
Sample

230403-xkrzeaac9z
MD5

c2bd76e251e8bb0c23aeaddc29cc9009
SHA1

ae90fc5754e5c2913bbab2e57948fb91163de6ae
SHA256

47bee2e3d9bc2c9e8e7b162e20896d15f295d095438dd4bae89efbd9fabef977
SHA512

5ecb7864ea4b7d24fc624a0f8d11f41600358489f830c384f0e0bce095eb12da6f1bca74a53aec82f1e2fbe72cca2ecab8783dfca44b03cf47e2858fcd61714f
SSDEEP

3072:Nkzqmj28SfJ4NLLBDtCJSgDoGum/KWOXA7aZYpe:18SfJ4VxADoGum/KWOXA7aZYpe

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

185.225.73.130:667

Targets

- Target
  
  x-8.6-.Hellfire.elf
- Size
  
  102KB
- MD5
  
  c2bd76e251e8bb0c23aeaddc29cc9009
- SHA1
  
  ae90fc5754e5c2913bbab2e57948fb91163de6ae
- SHA256
  
  47bee2e3d9bc2c9e8e7b162e20896d15f295d095438dd4bae89efbd9fabef977
- SHA512
  
  5ecb7864ea4b7d24fc624a0f8d11f41600358489f830c384f0e0bce095eb12da6f1bca74a53aec82f1e2fbe72cca2ecab8783dfca44b03cf47e2858fcd61714f
- SSDEEP
  
  3072:Nkzqmj28SfJ4NLLBDtCJSgDoGum/KWOXA7aZYpe:18SfJ4VxADoGum/KWOXA7aZYpe
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1