gafgyt | 70f9c0545732465026eac84e18d3e903682430ea39b2edcc58085e9293a50621 | Triage

Sharing

General

Target

dbfe4b7526377f71e0901b31420bbe70.elf
Size

110KB
Sample

230404-f1ewcaeh31
MD5

dbfe4b7526377f71e0901b31420bbe70
SHA1

c0ec87cc13bb043cacb62bda6ab293560bded2f5
SHA256

70f9c0545732465026eac84e18d3e903682430ea39b2edcc58085e9293a50621
SHA512

f8e9cf80b927c7f0e69bfc2353886be6d712e5ff375f9e1f81441a86c3b27ae2c3a0cc50bb799e354f6da2f71dc2b99acc41b36f92f3f2dbc08f84a5582c7557
SSDEEP

3072:R/4tNF9U4vvKKw6J73x8UmkiSFxfKxbXe:BUNFK+K8T8UmkiSFxfKxbXe

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

185.225.74.67:839

Targets

- Target
  
  dbfe4b7526377f71e0901b31420bbe70.elf
- Size
  
  110KB
- MD5
  
  dbfe4b7526377f71e0901b31420bbe70
- SHA1
  
  c0ec87cc13bb043cacb62bda6ab293560bded2f5
- SHA256
  
  70f9c0545732465026eac84e18d3e903682430ea39b2edcc58085e9293a50621
- SHA512
  
  f8e9cf80b927c7f0e69bfc2353886be6d712e5ff375f9e1f81441a86c3b27ae2c3a0cc50bb799e354f6da2f71dc2b99acc41b36f92f3f2dbc08f84a5582c7557
- SSDEEP
  
  3072:R/4tNF9U4vvKKw6J73x8UmkiSFxfKxbXe:BUNFK+K8T8UmkiSFxfKxbXe
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1