gafgyt | 252ce98f6a78beff46f1b7326b7a48328e082347b0806a8de3e159e741d0ec9f | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3df0019a19de826cb82dbe55c5564c81.bin
Size

38KB
Sample

231116-bxlr9sgb5y
MD5

913cad22b0ca5bae7fa961c776fa3e97
SHA1

c388b53cc6e0a662c31e2910caf7892134035a40
SHA256

252ce98f6a78beff46f1b7326b7a48328e082347b0806a8de3e159e741d0ec9f
SHA512

d209a1254a1bdbe9e7a60930226c132ba5acb8f4ac0257bdae7d5bef22986909a22bb236dea8a705545af4b78bd1bd668e4242cf7803d88cfc2282afc9978a9d
SSDEEP

768:tBGAQndNptCKB78M8ztNzjfcdJv0Z4gc2u77pwojcPKq+TRXrqS:tBqdNptCc7QtNPfcdJvm7u77prYSqiXh

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

103.29.2.134:12345

Targets

- Target
  
  eac009df353d224b3a564310e10e1aea77e0cb8806e56ec0c8dbe84a3af4747e.elf
- Size
  
  83KB
- MD5
  
  3df0019a19de826cb82dbe55c5564c81
- SHA1
  
  2fd974c5d0124ab973f1e88972813cf74ee911b3
- SHA256
  
  eac009df353d224b3a564310e10e1aea77e0cb8806e56ec0c8dbe84a3af4747e
- SHA512
  
  3dc9106704d2a2797d23cfe67e46a6ba6aaa7da680d689463bdd6ff181f4b18f5b55f37b257c56ebb77fd0d71d3429aa480cc4de6229a81d4305b374caa4bda2
- SSDEEP
  
  1536:W35b9Vc4N3J6lreu5r4hWj8LnWDloRmF+wVOz+sXcfW7k:Ab9Vc4JJ6liuq0Yz2oRmEwVOz+ucfW7k
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1