gafgyt | 98ed402f271e026ad362d4ebc30e1a5e04578c81cb7702bc60af7c263b0f46c5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

98ed402f271e026ad362d4ebc30e1a5e04578c81cb7702bc60af7c263b0f46c5.elf
Size

191KB
Sample

240313-c1vp1sae5t
MD5

0f071d9b13631c82b360d5857f6550c7
SHA1

91809625d0fa0094fb9dd7b924f0c10af2f30ad0
SHA256

98ed402f271e026ad362d4ebc30e1a5e04578c81cb7702bc60af7c263b0f46c5
SHA512

21536e2dd696a5fba641519b1d8f11ff4935b78f854aedbc829789b57ca1c9fc8703fc2bff039066c768de36bed643f7bfa2ce20d1405fcba1956c78eed261ac
SSDEEP

3072:KYq4CGXq11zXqwL5StNZf1t3aLUUGPNEibtNf8eNgJs12phvc5PsEsEUxxQLqJl2:Kl5nXrSo95pbpMoZCQ9gOS1SeX

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

91.92.251.251:812

Targets

- Target
  
  98ed402f271e026ad362d4ebc30e1a5e04578c81cb7702bc60af7c263b0f46c5.elf
- Size
  
  191KB
- MD5
  
  0f071d9b13631c82b360d5857f6550c7
- SHA1
  
  91809625d0fa0094fb9dd7b924f0c10af2f30ad0
- SHA256
  
  98ed402f271e026ad362d4ebc30e1a5e04578c81cb7702bc60af7c263b0f46c5
- SHA512
  
  21536e2dd696a5fba641519b1d8f11ff4935b78f854aedbc829789b57ca1c9fc8703fc2bff039066c768de36bed643f7bfa2ce20d1405fcba1956c78eed261ac
- SSDEEP
  
  3072:KYq4CGXq11zXqwL5StNZf1t3aLUUGPNEibtNf8eNgJs12phvc5PsEsEUxxQLqJl2:Kl5nXrSo95pbpMoZCQ9gOS1SeX
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1