gafgyt | 6c354a3a7e59feb0a3450e9f9a7816d7d4fdc2cd9ea768467c60c64e3adb0ad5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f0af1ddc7bea5763faa7a9f73e05ec98.elf
Size

113KB
Sample

230416-qgm3qabh6t
MD5

f0af1ddc7bea5763faa7a9f73e05ec98
SHA1

8e33391c07c980b441f26dc3f40aed0f6e4940cd
SHA256

6c354a3a7e59feb0a3450e9f9a7816d7d4fdc2cd9ea768467c60c64e3adb0ad5
SHA512

5fbd6de20b653c64c4c3f1c72dfdf7832935e8eef508fd856006ae661b08031327bb05dd972716284e64fde529deb332730899ed98cce7b7d185f33c2ca90082
SSDEEP

1536:Tgz/qzNLW/fMiZIX98U0I/QwErQNOR5hVwbfKdwwjF9GhCPR1Ae:Tgz/5f5g8utgl5hVwjKdwwjF9GhsR1Ae

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

41.216.182.214:4258

Targets

- Target
  
  f0af1ddc7bea5763faa7a9f73e05ec98.elf
- Size
  
  113KB
- MD5
  
  f0af1ddc7bea5763faa7a9f73e05ec98
- SHA1
  
  8e33391c07c980b441f26dc3f40aed0f6e4940cd
- SHA256
  
  6c354a3a7e59feb0a3450e9f9a7816d7d4fdc2cd9ea768467c60c64e3adb0ad5
- SHA512
  
  5fbd6de20b653c64c4c3f1c72dfdf7832935e8eef508fd856006ae661b08031327bb05dd972716284e64fde529deb332730899ed98cce7b7d185f33c2ca90082
- SSDEEP
  
  1536:Tgz/qzNLW/fMiZIX98U0I/QwErQNOR5hVwbfKdwwjF9GhCPR1Ae:Tgz/5f5g8utgl5hVwjKdwwjF9GhsR1Ae
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1