gafgyt | 1d42ab039c8b595671b28dbbc829e97f91a84cc4d1696b137b03cfa1d94f5dae | Triage

Sharing

General

Target

fuckjewishpeople.x86.elf
Size

91KB
Sample

230426-jcykbsfg95
MD5

86af292c49e48e09367306b9d749085a
SHA1

31afbd2d8c8bd1dbdc0fadfd062cf58887feb5e7
SHA256

1d42ab039c8b595671b28dbbc829e97f91a84cc4d1696b137b03cfa1d94f5dae
SHA512

643098efb87cc9c89d61929028c94a2ea8306c44649245764b4aeb790836ee04e579d0bc9360c0e095811d14ecc65316c56ce1270959685d0bdbd3d47df127ff
SSDEEP

1536:p7rHXokXsWFVSzkfLEkZAT5ipG5v3PphauH/jPNlDDUg6I9um2Xj5YZb0e:pcCPOkfQfNipGdPphaE/JVog99um2XFY

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

157.245.158.246:4258

Targets

- Target
  
  fuckjewishpeople.x86.elf
- Size
  
  91KB
- MD5
  
  86af292c49e48e09367306b9d749085a
- SHA1
  
  31afbd2d8c8bd1dbdc0fadfd062cf58887feb5e7
- SHA256
  
  1d42ab039c8b595671b28dbbc829e97f91a84cc4d1696b137b03cfa1d94f5dae
- SHA512
  
  643098efb87cc9c89d61929028c94a2ea8306c44649245764b4aeb790836ee04e579d0bc9360c0e095811d14ecc65316c56ce1270959685d0bdbd3d47df127ff
- SSDEEP
  
  1536:p7rHXokXsWFVSzkfLEkZAT5ipG5v3PphauH/jPNlDDUg6I9um2Xj5YZb0e:pcCPOkfQfNipGdPphaE/JVog99um2XFY
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1