gafgyt | f5d43378d020c27bfeea69b3b163f2d341237dfe3b26f34864b0b1d54e518922 | Triage

Sharing

General

Target

436f9295d0c0b800c3024eacc373a488.elf
Size

133KB
Sample

230403-ycymnagg62
MD5

436f9295d0c0b800c3024eacc373a488
SHA1

7ed89d0b5eace657232595649118951ddd3895c2
SHA256

f5d43378d020c27bfeea69b3b163f2d341237dfe3b26f34864b0b1d54e518922
SHA512

9e95a1f82a8a4f165c85d5eee7bcb9bd4728848e290af6a469055c2cbd8bde86da8ccac9cad970fb0bc36dfcd71fa831ce0cd3ba561a9ac243f97c847e13ff87
SSDEEP

3072:/ZqFo8x61DDko8x61DDBKrQMAEsjj6zbM5vGaVCJ23K3MbHry6celYTgAfZHXPh6:QdtcI5prmW+IFB16t1hJ/

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

185.225.73.130:667

Targets

- Target
  
  436f9295d0c0b800c3024eacc373a488.elf
- Size
  
  133KB
- MD5
  
  436f9295d0c0b800c3024eacc373a488
- SHA1
  
  7ed89d0b5eace657232595649118951ddd3895c2
- SHA256
  
  f5d43378d020c27bfeea69b3b163f2d341237dfe3b26f34864b0b1d54e518922
- SHA512
  
  9e95a1f82a8a4f165c85d5eee7bcb9bd4728848e290af6a469055c2cbd8bde86da8ccac9cad970fb0bc36dfcd71fa831ce0cd3ba561a9ac243f97c847e13ff87
- SSDEEP
  
  3072:/ZqFo8x61DDko8x61DDBKrQMAEsjj6zbM5vGaVCJ23K3MbHry6celYTgAfZHXPh6:QdtcI5prmW+IFB16t1hJ/
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1