gafgyt | 558adcf2b57529ac63439fde2377fd209556ede0eb9cdddb437d61423849f368 | Triage

Sharing

General

Target

98319997382c2cf32a958009a43a18a0.elf
Size

146KB
Sample

230416-qg9aysbh6w
MD5

98319997382c2cf32a958009a43a18a0
SHA1

d7aad38ea45a5e1cfa34837a1e33e076f5cab812
SHA256

558adcf2b57529ac63439fde2377fd209556ede0eb9cdddb437d61423849f368
SHA512

515e0aa236540fc3f984a771c5ed515d52f87885d0cefe8f0d1dc9beb81281c93345cc2dddced2b6bb93ec5e5b4bea482509c4aa3a62b08726ada4dcc3e0862f
SSDEEP

3072:ut8iFDKEfFN+Fa+1sWmh7a8oXV7pUMbmQwfCMQiGW:s8iFDLf/+FaNDh7a8oXV7p5mQwfCDiGW

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

45.137.206.188:666

Targets

- Target
  
  98319997382c2cf32a958009a43a18a0.elf
- Size
  
  146KB
- MD5
  
  98319997382c2cf32a958009a43a18a0
- SHA1
  
  d7aad38ea45a5e1cfa34837a1e33e076f5cab812
- SHA256
  
  558adcf2b57529ac63439fde2377fd209556ede0eb9cdddb437d61423849f368
- SHA512
  
  515e0aa236540fc3f984a771c5ed515d52f87885d0cefe8f0d1dc9beb81281c93345cc2dddced2b6bb93ec5e5b4bea482509c4aa3a62b08726ada4dcc3e0862f
- SSDEEP
  
  3072:ut8iFDKEfFN+Fa+1sWmh7a8oXV7pUMbmQwfCMQiGW:s8iFDLf/+FaNDh7a8oXV7p5mQwfCDiGW
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1