gafgyt | 0791970ed5e80bcc8867a82336c6e8b85c8c4031c63162245118ff8d0b6d451c | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0791970ed5e80bcc8867a82336c6e8b85c8c4031c63162245118ff8d0b6d451c.elf
Size

103KB
Sample

240319-cgj46sed28
MD5

05819b6fb40955d8228c949eaed1e4cb
SHA1

e73883c20d0d46778ef23f6dd06c6a6884fc15f2
SHA256

0791970ed5e80bcc8867a82336c6e8b85c8c4031c63162245118ff8d0b6d451c
SHA512

9c9f95099d7d518941f95438239d6a773f4c320d096be05092c957a7f1806206c00230d4aa701438c512e2093a44d016dce8abe23f32281e5e5149c02d9a6c53
SSDEEP

3072:Ds2prtXl7gECRpVB1xWRfmRfmCayQzW0Mygxe:BprtXlc5VPxWUfmCayQzW0Mygxe

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

217.18.63.132:707

Targets

- Target
  
  0791970ed5e80bcc8867a82336c6e8b85c8c4031c63162245118ff8d0b6d451c.elf
- Size
  
  103KB
- MD5
  
  05819b6fb40955d8228c949eaed1e4cb
- SHA1
  
  e73883c20d0d46778ef23f6dd06c6a6884fc15f2
- SHA256
  
  0791970ed5e80bcc8867a82336c6e8b85c8c4031c63162245118ff8d0b6d451c
- SHA512
  
  9c9f95099d7d518941f95438239d6a773f4c320d096be05092c957a7f1806206c00230d4aa701438c512e2093a44d016dce8abe23f32281e5e5149c02d9a6c53
- SSDEEP
  
  3072:Ds2prtXl7gECRpVB1xWRfmRfmCayQzW0Mygxe:BprtXlc5VPxWUfmCayQzW0Mygxe
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1