gafgyt | 4f914244b232460148b3196746b5c63af334b3b1aee01cecffcbc8ebc38b0616 | Triage

Sharing

General

Target

4f914244b232460148b3196746b5c63af334b3b1aee01cecffcbc8ebc38b0616.elf
Size

120KB
Sample

240213-c8jmqade55
MD5

6eebf1b6202d10d9ed0719557cea3879
SHA1

b0ca0e00383df6a2ee065ce28394a349b8127d83
SHA256

4f914244b232460148b3196746b5c63af334b3b1aee01cecffcbc8ebc38b0616
SHA512

ded5f9fe249b652d96b5eac41f0280ae53564fcccbddb33f81d07c7f5237178d2a800b5207e4afdad526933d61b074bdad78f7b66a8244fc0a06e85b64ae5219
SSDEEP

3072:SNhAfn3U8UXULUwUbUJ1hYlHRRDsBOnRg5hgkEemJC0OzQaGyPZk:SMf3ts05gehYlxO4Rg5hgEmJC0OzQaGN

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

45.95.169.103:2545

Targets

- Target
  
  4f914244b232460148b3196746b5c63af334b3b1aee01cecffcbc8ebc38b0616.elf
- Size
  
  120KB
- MD5
  
  6eebf1b6202d10d9ed0719557cea3879
- SHA1
  
  b0ca0e00383df6a2ee065ce28394a349b8127d83
- SHA256
  
  4f914244b232460148b3196746b5c63af334b3b1aee01cecffcbc8ebc38b0616
- SHA512
  
  ded5f9fe249b652d96b5eac41f0280ae53564fcccbddb33f81d07c7f5237178d2a800b5207e4afdad526933d61b074bdad78f7b66a8244fc0a06e85b64ae5219
- SSDEEP
  
  3072:SNhAfn3U8UXULUwUbUJ1hYlHRRDsBOnRg5hgkEemJC0OzQaGyPZk:SMf3ts05gehYlxO4Rg5hgEmJC0OzQaGN
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1