gafgyt | 33acc467ac6dc3146a1b8e701fa3d4d295da9d3f567392374b19bb2ced41fe32 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

22b74c27cb634187320f4ffb5eeaa5ae.elf
Size

123KB
Sample

230418-lbxbzsaf26
MD5

22b74c27cb634187320f4ffb5eeaa5ae
SHA1

9c41d3d09dc5a3426775e95b62243fe81d209686
SHA256

33acc467ac6dc3146a1b8e701fa3d4d295da9d3f567392374b19bb2ced41fe32
SHA512

5b76c9b23936a175df93bb644f79f00562aca7d2bcfd2bedaa133972e50408ad966214c4c865024e5e41bd01fdcbf55e5d27a913fbdd1347211e4145e1cc9d7e
SSDEEP

1536:/UHeTxCAms/Y8Zm3lKYA43gMJwSkJ8Eps+DzUh8rmW+IFB1Df11hR/:/UyLqAmgMJM8EO+Dw8rmW+IFB1Dt1hR/

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

185.236.228.145:23

Targets

- Target
  
  22b74c27cb634187320f4ffb5eeaa5ae.elf
- Size
  
  123KB
- MD5
  
  22b74c27cb634187320f4ffb5eeaa5ae
- SHA1
  
  9c41d3d09dc5a3426775e95b62243fe81d209686
- SHA256
  
  33acc467ac6dc3146a1b8e701fa3d4d295da9d3f567392374b19bb2ced41fe32
- SHA512
  
  5b76c9b23936a175df93bb644f79f00562aca7d2bcfd2bedaa133972e50408ad966214c4c865024e5e41bd01fdcbf55e5d27a913fbdd1347211e4145e1cc9d7e
- SSDEEP
  
  1536:/UHeTxCAms/Y8Zm3lKYA43gMJwSkJ8Eps+DzUh8rmW+IFB1Df11hR/:/UyLqAmgMJM8EO+Dw8rmW+IFB1Dt1hR/
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1