gafgyt | efd0db7a43e94ad1039b077610e5a59c[.]bin | Triage

Sharing

Copy URL Twitter E-mail

General

Target

efd0db7a43e94ad1039b077610e5a59c.bin
Size

50KB
MD5

5e683cd2138211f81a775d3002443aef
SHA1

bc4d84af9c36b7f3b15acd0a4597ac4a4a127ec9
SHA256

fd3561647f153d2845e8a6e48b84a7e32b9fd94fd84ae097361d124d604e1dba
SHA512

3033f61851a255e275df6be0c17512ec4bf2e31e1c46e9f25b67adede105a64a38c598c0a532938f6a1266a7b97428f3e3da34dfe586120fa3910397bb4f8ee4
SSDEEP

1536:RIlOjGGQV52maxKx88vzolSZj8egkhfpXnO6:RIlOjrZxKx88SSZj8eVhfpXnz

Score

10^/10

upx gafgyt

Malware Config

Extracted

Family

gafgyt

C2

193.35.18.187:64599

Signatures

Detected Gafgyt variant 1 IoCs

resource	yara_rule
static1/unpack001/2e544bb0d0ec35280b25df0cc144c8642cfa81e26c9b5f2a95593b9e7509651f.elf	family_gafgyt

Gafgyt family
gafgyt

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
static1/unpack001/2e544bb0d0ec35280b25df0cc144c8642cfa81e26c9b5f2a95593b9e7509651f.elf	upx

Files

efd0db7a43e94ad1039b077610e5a59c.bin
.zip

Password: infected
2e544bb0d0ec35280b25df0cc144c8642cfa81e26c9b5f2a95593b9e7509651f.elf
.elf linux x64