gafgyt | 45b18df80235f8ea55ec98b9b4bdd90cffaa1100b0edce53fc5d459503c84103 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

45b18df80235f8ea55ec98b9b4bdd90cffaa1100b0edce53fc5d459503c84103.elf
Size

97KB
Sample

240222-gh87xadd22
MD5

2611fbe30031ce4c73422e2368f01c04
SHA1

3ebb439ab39adbe70182be55e18cf4389205801b
SHA256

45b18df80235f8ea55ec98b9b4bdd90cffaa1100b0edce53fc5d459503c84103
SHA512

3789a3034da6315ddd05a54a40b286a1838a2ebc8fcfb9c389095ecbc108f14df360e32bffa49c76cbee13c8fb5fb7117db2211e4b8e44f7e9236b0854414caa
SSDEEP

3072:WzmqjPQP39VjGWX98732V7kGyNV95hDTE7FXnf0OzTyoQQub:WpQP39VjGWXW9NV95h/mFXnf0OzTyoQ7

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

103.82.20.7:42516

Targets

- Target
  
  45b18df80235f8ea55ec98b9b4bdd90cffaa1100b0edce53fc5d459503c84103.elf
- Size
  
  97KB
- MD5
  
  2611fbe30031ce4c73422e2368f01c04
- SHA1
  
  3ebb439ab39adbe70182be55e18cf4389205801b
- SHA256
  
  45b18df80235f8ea55ec98b9b4bdd90cffaa1100b0edce53fc5d459503c84103
- SHA512
  
  3789a3034da6315ddd05a54a40b286a1838a2ebc8fcfb9c389095ecbc108f14df360e32bffa49c76cbee13c8fb5fb7117db2211e4b8e44f7e9236b0854414caa
- SSDEEP
  
  3072:WzmqjPQP39VjGWX98732V7kGyNV95hDTE7FXnf0OzTyoQQub:WpQP39VjGWXW9NV95h/mFXnf0OzTyoQ7
Score

7^/10
- Changes its process name
- Writes DNS configuration
  Writes data to DNS resolver config file.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1