gafgyt | 9b2cce51922c3a2eb076034f5e4d94e0977a7228da4fa903fccfe759a00e6536 | Triage

Sharing

General

Target

9b2cce51922c3a2eb076034f5e4d94e0977a7228da4fa903fccfe759a00e6536.elf
Size

204KB
Sample

240213-dz6xbsgb5x
MD5

1dc8a9a7d6f79644c4a3d5446c266f36
SHA1

d2d86f0acd1e10dffc2466abff65d7c0683178b4
SHA256

9b2cce51922c3a2eb076034f5e4d94e0977a7228da4fa903fccfe759a00e6536
SHA512

c12f0cfa9ceac4dc8457a341577511a3450a504274d01778845088b25c291596aad937bfd862c0b624a156edb38422fa6da54b57cb12b2fa12140ac8fd0322da
SSDEEP

6144:FZzyacCwXJ4DbpW0vl5hbL6+uM/9Ocgym0wfB5RyAn:FZzyacCwXJ4gq5hbvf/dgym0mB5RyAn

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

45.95.169.103:2545

Targets

- Target
  
  9b2cce51922c3a2eb076034f5e4d94e0977a7228da4fa903fccfe759a00e6536.elf
- Size
  
  204KB
- MD5
  
  1dc8a9a7d6f79644c4a3d5446c266f36
- SHA1
  
  d2d86f0acd1e10dffc2466abff65d7c0683178b4
- SHA256
  
  9b2cce51922c3a2eb076034f5e4d94e0977a7228da4fa903fccfe759a00e6536
- SHA512
  
  c12f0cfa9ceac4dc8457a341577511a3450a504274d01778845088b25c291596aad937bfd862c0b624a156edb38422fa6da54b57cb12b2fa12140ac8fd0322da
- SSDEEP
  
  6144:FZzyacCwXJ4DbpW0vl5hbL6+uM/9Ocgym0wfB5RyAn:FZzyacCwXJ4gq5hbvf/dgym0mB5RyAn
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1