gafgyt | 2eec07cfa7693677249c2c2d7ff1e11659b668389379d39f3e47a71ea2470365 | Triage

Sharing

General

Target

2eec07cfa7693677249c2c2d7ff1e11659b668389379d39f3e47a71ea2470365.elf
Size

109KB
Sample

240309-chynysbe58
MD5

f1852b42216bfe122a6cbf995ec5f600
SHA1

4acad887916b48b936d4e8c8a7f95f42190f2503
SHA256

2eec07cfa7693677249c2c2d7ff1e11659b668389379d39f3e47a71ea2470365
SHA512

33b88748dc6374cb47bdb049b4db715d9c480d6be69f8076e865b85563ec216227e1963a41e72e914a79d0445d932d513b62cbfea8fd4037e97d05ee91d2859c
SSDEEP

3072:NF2ndCa9qRBFZm4z1EYfcbJuphaFsfDJv03CKPCNVOXinYuM8R:4MVm4z6Yg0phaFI9cFPCNVOXinYuM8R

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

103.153.69.114:42516

Targets

- Target
  
  2eec07cfa7693677249c2c2d7ff1e11659b668389379d39f3e47a71ea2470365.elf
- Size
  
  109KB
- MD5
  
  f1852b42216bfe122a6cbf995ec5f600
- SHA1
  
  4acad887916b48b936d4e8c8a7f95f42190f2503
- SHA256
  
  2eec07cfa7693677249c2c2d7ff1e11659b668389379d39f3e47a71ea2470365
- SHA512
  
  33b88748dc6374cb47bdb049b4db715d9c480d6be69f8076e865b85563ec216227e1963a41e72e914a79d0445d932d513b62cbfea8fd4037e97d05ee91d2859c
- SSDEEP
  
  3072:NF2ndCa9qRBFZm4z1EYfcbJuphaFsfDJv03CKPCNVOXinYuM8R:4MVm4z6Yg0phaFI9cFPCNVOXinYuM8R
Score

7^/10
- Changes its process name
- Writes DNS configuration
  Writes data to DNS resolver config file.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1