gafgyt | 327baca96bc6775c0a757af2e175554a7edb2162d451a020df5bcb60ae8e350e | Triage

Sharing

Copy URL Twitter E-mail

General

Target

81d6b2fa373ce55146a6e51ca0b9c8fc.elf
Size

85KB
Sample

230521-s37eladg2z
MD5

81d6b2fa373ce55146a6e51ca0b9c8fc
SHA1

084989e27829a6e81b55c1bacd0a5cc8c9ae478f
SHA256

327baca96bc6775c0a757af2e175554a7edb2162d451a020df5bcb60ae8e350e
SHA512

5efa9a4ea9e582ee3ba1365cf0cd25edd09c64b1eb818d6026710b20bd68e293e418287db3b58c915be483deb7161460002191b72be4c29a20cc9095b12a32c3
SSDEEP

1536:L3oLQ5TCzSVYERb1aGy8gwi5veMbBZzp6+m5CsNFPVYLf0:D8Q5Tv+U5aH8VkWMfp7mwsN1VYLf0

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

194.180.48.30:666

Targets

- Target
  
  81d6b2fa373ce55146a6e51ca0b9c8fc.elf
- Size
  
  85KB
- MD5
  
  81d6b2fa373ce55146a6e51ca0b9c8fc
- SHA1
  
  084989e27829a6e81b55c1bacd0a5cc8c9ae478f
- SHA256
  
  327baca96bc6775c0a757af2e175554a7edb2162d451a020df5bcb60ae8e350e
- SHA512
  
  5efa9a4ea9e582ee3ba1365cf0cd25edd09c64b1eb818d6026710b20bd68e293e418287db3b58c915be483deb7161460002191b72be4c29a20cc9095b12a32c3
- SSDEEP
  
  1536:L3oLQ5TCzSVYERb1aGy8gwi5veMbBZzp6+m5CsNFPVYLf0:D8Q5Tv+U5aH8VkWMfp7mwsN1VYLf0
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1