gafgyt | 953d0ec2cbdcab645fdf93b1f9a7173be3f84f7f0a30220fb2bae85430ca1f3c | Triage

Sharing

General

Target

3832a7cfc035c66d84614505865e6041.bin
Size

42KB
Sample

230404-blvk2acb28
MD5

c05e10fdfa23ac0fd4b908d73d0d58ff
SHA1

9189b1ecd959ea814a597d4088683ea85fbc50f2
SHA256

953d0ec2cbdcab645fdf93b1f9a7173be3f84f7f0a30220fb2bae85430ca1f3c
SHA512

0ce5c7de3bc80a247bbb7bfc8ac0034ea7484090aea69a70e1d4b2076924ceb7179c6a0d80fa0785121aa3915ed67cbd029736b3c5fb6fb381e016826040ef3d
SSDEEP

768:lTBle3uP8QuoPORblq2Oln8xOGANLc4DAa/7nXZ5d64On0X1mWF437wxWL8zhSAi:9nruUORbI2KnQQDAonJZOnw1Lfgu0l

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

43.153.37.45:707

Targets

- Target
  
  d2efc40937befc168f8d8c4c985a3375184c6c8db577cb926e51cd00243499e5.elf
- Size
  
  111KB
- MD5
  
  3832a7cfc035c66d84614505865e6041
- SHA1
  
  d2ee5ae8f9e75a83cd03f5fb4fed5cb0e3fb79c8
- SHA256
  
  d2efc40937befc168f8d8c4c985a3375184c6c8db577cb926e51cd00243499e5
- SHA512
  
  55404818af96c0fa412f532cdd498fa93e26991e173ba2531f96d5ef56d343c75346ad32e9735532e4f678fbabc7f7e301b39fe3094232dd25586ed226687c06
- SSDEEP
  
  3072:ZdfnOgVToszag5hVT+tDBxmkizF9GhsRiAe:Zd/TTXmg5hVytDBxmkizF9GhsRiAe
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1