gafgyt | c6dd4c295dd00256b4c00135b9a5f2f7cb8bb01040862bfc7e5afa8a1beaf77f | Triage

Sharing

General

Target

9a65548460238d043597ad6f1070e5b2.elf
Size

118KB
Sample

230426-p3gmdshd42
MD5

9a65548460238d043597ad6f1070e5b2
SHA1

07bd6a6db10e039c6b30c7c8958fdf763991cdc9
SHA256

c6dd4c295dd00256b4c00135b9a5f2f7cb8bb01040862bfc7e5afa8a1beaf77f
SHA512

6d58b349711f9db43c668b1872c332ef711c4163ca1866b1bd8e121075a19d050534be696a0d26758643dd6c2bb5aa5e6fa96beafe70764bf0d0f2ff10f90f9d
SSDEEP

3072:WkYP4WY4noL8xOa4/F3BfDIMF8+mTQOY5NX3cn:lYP4WY4gIOakBfDe+mTQOY5R3cn

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

77.91.122.37:23

Targets

- Target
  
  9a65548460238d043597ad6f1070e5b2.elf
- Size
  
  118KB
- MD5
  
  9a65548460238d043597ad6f1070e5b2
- SHA1
  
  07bd6a6db10e039c6b30c7c8958fdf763991cdc9
- SHA256
  
  c6dd4c295dd00256b4c00135b9a5f2f7cb8bb01040862bfc7e5afa8a1beaf77f
- SHA512
  
  6d58b349711f9db43c668b1872c332ef711c4163ca1866b1bd8e121075a19d050534be696a0d26758643dd6c2bb5aa5e6fa96beafe70764bf0d0f2ff10f90f9d
- SSDEEP
  
  3072:WkYP4WY4noL8xOa4/F3BfDIMF8+mTQOY5NX3cn:lYP4WY4gIOakBfDe+mTQOY5R3cn
Score

7^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1