gafgyt | 8ad36b0ae69809e85c601b061ca76abd8150bf8806e6e6d91c50ea63a1bd280a | Triage

Sharing

General

Target

8ad36b0ae69809e85c601b061ca76abd8150bf8806e6e6d91c50ea63a1bd280a.elf
Size

97KB
Sample

240309-daa4csbh69
MD5

fd60041890d5960749df426cf6874aaa
SHA1

52fdbb154b2feb20c93e044cf6af0bb9e386be2c
SHA256

8ad36b0ae69809e85c601b061ca76abd8150bf8806e6e6d91c50ea63a1bd280a
SHA512

d69c32b0fcd8e3b019002b2394ceae2a1b3b894b36b27428501adcb05295a07a510b69b532fba03954d2e0c21ea80fbb1a62dfdea5bc190634ea07ea3cef364d
SSDEEP

3072:1MoaodUWUh917j8mc2deiPUDAZURyPfD5hFTOvxinf0OzTyoQQub:1dRu917j8mc2H5Z5Pr5hFQxinf0OzTyv

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

103.153.69.114:42516

Targets

- Target
  
  8ad36b0ae69809e85c601b061ca76abd8150bf8806e6e6d91c50ea63a1bd280a.elf
- Size
  
  97KB
- MD5
  
  fd60041890d5960749df426cf6874aaa
- SHA1
  
  52fdbb154b2feb20c93e044cf6af0bb9e386be2c
- SHA256
  
  8ad36b0ae69809e85c601b061ca76abd8150bf8806e6e6d91c50ea63a1bd280a
- SHA512
  
  d69c32b0fcd8e3b019002b2394ceae2a1b3b894b36b27428501adcb05295a07a510b69b532fba03954d2e0c21ea80fbb1a62dfdea5bc190634ea07ea3cef364d
- SSDEEP
  
  3072:1MoaodUWUh917j8mc2deiPUDAZURyPfD5hFTOvxinf0OzTyoQQub:1dRu917j8mc2H5Z5Pr5hFQxinf0OzTyv
Score

7^/10
- Changes its process name
- Writes DNS configuration
  Writes data to DNS resolver config file.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1