gafgyt | 02fd3bd36fdab2445b8b8f37f47892b7f0600141fdf4a769f57d79a1bb700100 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

x-8.6-.Shenron.elf
Size

92KB
Sample

231003-m5nsdaaa8w
MD5

4cbc8acfdcddf7ca309e1399cb8497c5
SHA1

b7ee49f2778b8fa8f27e3b98d2e58b9b06c9df1e
SHA256

02fd3bd36fdab2445b8b8f37f47892b7f0600141fdf4a769f57d79a1bb700100
SHA512

100acf1277ca2a243c7149a797cd153c13152925b4f3696a714ca49919844ea70c9210de860a9ff6e956b28c9e3695a6a9cec446f629a4c55c935a6fe92a1542
SSDEEP

1536:W7uJtxMVEOVbazlvhE1hmkJ0S36W6bWjK33EtukmA+KWOXFseaZYxe:4SMVEOVMlpmXJ0O6WpjKHEvm/KWOXF7Y

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

5.181.80.86:666

Targets

- Target
  
  x-8.6-.Shenron.elf
- Size
  
  92KB
- MD5
  
  4cbc8acfdcddf7ca309e1399cb8497c5
- SHA1
  
  b7ee49f2778b8fa8f27e3b98d2e58b9b06c9df1e
- SHA256
  
  02fd3bd36fdab2445b8b8f37f47892b7f0600141fdf4a769f57d79a1bb700100
- SHA512
  
  100acf1277ca2a243c7149a797cd153c13152925b4f3696a714ca49919844ea70c9210de860a9ff6e956b28c9e3695a6a9cec446f629a4c55c935a6fe92a1542
- SSDEEP
  
  1536:W7uJtxMVEOVbazlvhE1hmkJ0S36W6bWjK33EtukmA+KWOXFseaZYxe:4SMVEOVMlpmXJ0O6WpjKHEvm/KWOXF7Y
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1