gafgyt | bc115d1d699a603126e831813eb5204bca6749610f381f1273ad00f925f6d009 | Triage

Sharing

General

Target

f45dc498c9350e739806eb6ac395f3c7.elf
Size

108KB
Sample

230408-3nvscsfh23
MD5

f45dc498c9350e739806eb6ac395f3c7
SHA1

f5dd82204f46f2cd9e00b99f9c88031300f4be81
SHA256

bc115d1d699a603126e831813eb5204bca6749610f381f1273ad00f925f6d009
SHA512

78ae985dbde6f9360653823c8e718d2823ee5493fd2ae6e28def03f09a0eeb97510ab751bcb55a4c720903e91b4f880fc621dccc1d96b28dc5890c02c40f0d91
SSDEEP

3072:xbb5LatrDOa8YDOZ8Gvmpr5womiQ9WtX9+a:xbb5mDOauZ8GcwomiQ9Wx9+a

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

104.193.255.117:1234

Targets

- Target
  
  f45dc498c9350e739806eb6ac395f3c7.elf
- Size
  
  108KB
- MD5
  
  f45dc498c9350e739806eb6ac395f3c7
- SHA1
  
  f5dd82204f46f2cd9e00b99f9c88031300f4be81
- SHA256
  
  bc115d1d699a603126e831813eb5204bca6749610f381f1273ad00f925f6d009
- SHA512
  
  78ae985dbde6f9360653823c8e718d2823ee5493fd2ae6e28def03f09a0eeb97510ab751bcb55a4c720903e91b4f880fc621dccc1d96b28dc5890c02c40f0d91
- SSDEEP
  
  3072:xbb5LatrDOa8YDOZ8Gvmpr5womiQ9WtX9+a:xbb5mDOauZ8GcwomiQ9Wx9+a
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1