gafgyt | 71903d73a0c4916feb60ac9006f77dde6001a950f7516ac51ba5f0c9eedf7a12 | Triage

Sharing

General

Target

d6617f2014f5a3ff30bc172ee06421ad.bin
Size

40KB
Sample

231101-cs17tshb5s
MD5

013e216401390f6c7de34452904fda4b
SHA1

c5c1e06df6941703d45a03e46e826be578fc3773
SHA256

71903d73a0c4916feb60ac9006f77dde6001a950f7516ac51ba5f0c9eedf7a12
SHA512

ce57a2275e5938cd6a23f6428a06a02e7d87b49792125c55312eb74d724e4c2c78bfe9736df97fd15266bd19547d4361749617c94fe62f3c2edde5c95c7bf8a6
SSDEEP

768:p8kJ3oI5ZKsCwTxm53Am3/x9tVNeIcyFTKLsHmBYOs4nG7++s5WGdxkss5bxTzj:p86D5Jk53F5XV4I/FTNmlFnG7++ASBbt

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

178.218.146.89:839

Targets

- Target
  
  9f4f50fe4255223d4549ed03b747711103330295d2888e2ed6e7e19d0d68ea02.elf
- Size
  
  84KB
- MD5
  
  d6617f2014f5a3ff30bc172ee06421ad
- SHA1
  
  7e226765517cedbca56729353ec1de293a859be0
- SHA256
  
  9f4f50fe4255223d4549ed03b747711103330295d2888e2ed6e7e19d0d68ea02
- SHA512
  
  22561c17039093d56864dac91343138b7bdefd8654747951057452913c7dd508b205ee19266aeb3c2895958b15ab6edca2ab2a80df7691bf9d604d34274e402a
- SSDEEP
  
  1536:sQmab6bXPm8VjWWHT0im5t3ItTShKW6GLdUF5MI5Atpgw9UOGHfV+mLI2VOYjXUd:Oab6bXPm8VjWWHT0B5t4tcnBUF5MI5dW
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1