gafgyt | 1fcc576fe855dcab37699cc0fbd041648d3bb073a66495eceb078f1786146839 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b1119af9ab767942c6e84abd51030f16.elf
Size

112KB
Sample

240228-qcmldscc68
MD5

b1119af9ab767942c6e84abd51030f16
SHA1

cbf5a688bc409cf8b50c3308b94ed15478ccb1bd
SHA256

1fcc576fe855dcab37699cc0fbd041648d3bb073a66495eceb078f1786146839
SHA512

0b02342f853e66c9f7c4800966b54f1e792060c235feba2c9529fae64572c535a432693f7c67c7af2387836443c6c39dc3e4f4bce1dff7f8b9016273a1581adf
SSDEEP

3072:45aHleVtrWxIgIZY6DFl6534bmXQOY5sXvxN:45aHleVhZY6DFY5IbmXQOY5CvxN

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

143.198.50.169:999

Targets

- Target
  
  b1119af9ab767942c6e84abd51030f16.elf
- Size
  
  112KB
- MD5
  
  b1119af9ab767942c6e84abd51030f16
- SHA1
  
  cbf5a688bc409cf8b50c3308b94ed15478ccb1bd
- SHA256
  
  1fcc576fe855dcab37699cc0fbd041648d3bb073a66495eceb078f1786146839
- SHA512
  
  0b02342f853e66c9f7c4800966b54f1e792060c235feba2c9529fae64572c535a432693f7c67c7af2387836443c6c39dc3e4f4bce1dff7f8b9016273a1581adf
- SSDEEP
  
  3072:45aHleVtrWxIgIZY6DFl6534bmXQOY5sXvxN:45aHleVhZY6DFY5IbmXQOY5CvxN
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1