gafgyt | 70ca6723c9c4839a64a8335eb282ea84ea044ea25ac4ca2aaedd97b749d96ec6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70ca6723c9c4839a64a8335eb282ea84ea044ea25ac4ca2aaedd97b749d96ec6.elf
Size

152KB
Sample

240213-dgn9kadd2y
MD5

66bff2cd6277fd8ecba5ddc2d0e13b36
SHA1

ab4eca7ec206deb2e006c1861c1df25fb5678074
SHA256

70ca6723c9c4839a64a8335eb282ea84ea044ea25ac4ca2aaedd97b749d96ec6
SHA512

58517239e5fdb2ead38b3b4e5c32d0de8e31c05c258c5b993418ce423f2a89385d8a39bb22d9fc70a315316a640a9757122ee2883f8e72b711045a52fda41efd
SSDEEP

3072:Oh8pDxLxO0PXW8/2lMq9+5hBke+84FmzZQQAhtRq6AAe:lm8/2l9+5hBkeWFmzZQQAhtRq6AAe

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

45.95.169.103:2545

Targets

- Target
  
  70ca6723c9c4839a64a8335eb282ea84ea044ea25ac4ca2aaedd97b749d96ec6.elf
- Size
  
  152KB
- MD5
  
  66bff2cd6277fd8ecba5ddc2d0e13b36
- SHA1
  
  ab4eca7ec206deb2e006c1861c1df25fb5678074
- SHA256
  
  70ca6723c9c4839a64a8335eb282ea84ea044ea25ac4ca2aaedd97b749d96ec6
- SHA512
  
  58517239e5fdb2ead38b3b4e5c32d0de8e31c05c258c5b993418ce423f2a89385d8a39bb22d9fc70a315316a640a9757122ee2883f8e72b711045a52fda41efd
- SSDEEP
  
  3072:Oh8pDxLxO0PXW8/2lMq9+5hBke+84FmzZQQAhtRq6AAe:lm8/2l9+5hBkeWFmzZQQAhtRq6AAe
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1