gafgyt | 3085861c639af595be1b5f77e69805c60319e89bcc4f5ee65fd951da02b80b4d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

402e5057fa2d13e79e8e62eb7dd72282.elf
Size

168KB
Sample

230526-g5224seg2x
MD5

402e5057fa2d13e79e8e62eb7dd72282
SHA1

e17bfd407732a711ffdd23ad1aa2893fa3c68249
SHA256

3085861c639af595be1b5f77e69805c60319e89bcc4f5ee65fd951da02b80b4d
SHA512

d756da88356357713bd260f9f4d0db28ad06ea171e211ebdce8e47b94613c992a9067dc96c3098deda9f53456cfd63b868549595fbb585fc64f204804378117d
SSDEEP

3072:6zS45xoVVqweigXiMagGSEfGprYkNelletJ8add9QzhsOXmmqqqBmyUQ0LKXDmZ:uX7ahS3GkNqetJ8addQjXmhBmyUQ0L8m

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

193.200.16.112:415

Targets

- Target
  
  402e5057fa2d13e79e8e62eb7dd72282.elf
- Size
  
  168KB
- MD5
  
  402e5057fa2d13e79e8e62eb7dd72282
- SHA1
  
  e17bfd407732a711ffdd23ad1aa2893fa3c68249
- SHA256
  
  3085861c639af595be1b5f77e69805c60319e89bcc4f5ee65fd951da02b80b4d
- SHA512
  
  d756da88356357713bd260f9f4d0db28ad06ea171e211ebdce8e47b94613c992a9067dc96c3098deda9f53456cfd63b868549595fbb585fc64f204804378117d
- SSDEEP
  
  3072:6zS45xoVVqweigXiMagGSEfGprYkNelletJ8add9QzhsOXmmqqqBmyUQ0LKXDmZ:uX7ahS3GkNqetJ8addQjXmhBmyUQ0L8m
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1