gafgyt | 4fe06ec5d2238d57ddb7d7f55e33b2f81105d0c799e2f997a68db35db6e85b02 | Triage

Sharing

General

Target

4fe06ec5d2238d57ddb7d7f55e33b2f81105d0c799e2f997a68db35db6e85b02.elf
Size

75KB
Sample

240229-f4melafc74
MD5

9a9459432edfadd123ae1eafd2642bbf
SHA1

30df9a0b1d6dd6afdfc291f60652a0d5f6d7cad1
SHA256

4fe06ec5d2238d57ddb7d7f55e33b2f81105d0c799e2f997a68db35db6e85b02
SHA512

57fd070af7143f6bab1918a28f47870f05efb204d7d7a1bbc4c9972f3efd078678c980b4303dc4071197293e00fba1f4be2a4f5ae4c08d0b36bfd5ce1781c08d
SSDEEP

1536:9JMgD+pOW+6miDIrUnf1gTqjx6dWk6J8jmLI6VOz+jXUfWQS:AgD+hb/IrUnNg29pYjmU6VOz+bUfWQS

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

143.198.50.169:999

Targets

- Target
  
  4fe06ec5d2238d57ddb7d7f55e33b2f81105d0c799e2f997a68db35db6e85b02.elf
- Size
  
  75KB
- MD5
  
  9a9459432edfadd123ae1eafd2642bbf
- SHA1
  
  30df9a0b1d6dd6afdfc291f60652a0d5f6d7cad1
- SHA256
  
  4fe06ec5d2238d57ddb7d7f55e33b2f81105d0c799e2f997a68db35db6e85b02
- SHA512
  
  57fd070af7143f6bab1918a28f47870f05efb204d7d7a1bbc4c9972f3efd078678c980b4303dc4071197293e00fba1f4be2a4f5ae4c08d0b36bfd5ce1781c08d
- SSDEEP
  
  1536:9JMgD+pOW+6miDIrUnf1gTqjx6dWk6J8jmLI6VOz+jXUfWQS:AgD+hb/IrUnNg29pYjmU6VOz+bUfWQS
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1