gafgyt | f38f46f448b43194170326bfbcc21ea13ec468a09c078c03e82a584143b0092a | Triage

Submit
Reports

Overview

overview

Static

static

f38f46f448...2a.elf

ubuntu-18.04-amd64

7

Sharing

General

Target

f38f46f448b43194170326bfbcc21ea13ec468a09c078c03e82a584143b0092a.elf
Size

102KB
Sample

240330-cwkn9afg99
MD5

d578fbefb02164f9d58690a223423917
SHA1

dc59a411105419c42162f815e3e2ad3cf056a40e
SHA256

f38f46f448b43194170326bfbcc21ea13ec468a09c078c03e82a584143b0092a
SHA512

4e9049fd6a109ed7568532f2a7e0659f43e4c682c2c27d114be92bd22c043fdde9ef498a6180db9929e5ba4f41533a83351966dd337e0bb66542f39838318d40
SSDEEP

3072:H15SohIECvPJqiIMbXR8ePLicWmPezXdKCYdoq:VxUUPMbXR8aLicWmPezXdKRdoq

Score

10^/10

gafgyt linux upx

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

f38f46f448b43194170326bfbcc21ea13ec468a09c078c03e82a584143b0092a.elf

Resource

ubuntu1804-amd64-20240226-en

ubuntu-18.04-amd64

3 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

193.35.18.56:65490

Targets

- Target
  
  f38f46f448b43194170326bfbcc21ea13ec468a09c078c03e82a584143b0092a.elf
- Size
  
  102KB
- MD5
  
  d578fbefb02164f9d58690a223423917
- SHA1
  
  dc59a411105419c42162f815e3e2ad3cf056a40e
- SHA256
  
  f38f46f448b43194170326bfbcc21ea13ec468a09c078c03e82a584143b0092a
- SHA512
  
  4e9049fd6a109ed7568532f2a7e0659f43e4c682c2c27d114be92bd22c043fdde9ef498a6180db9929e5ba4f41533a83351966dd337e0bb66542f39838318d40
- SSDEEP
  
  3072:H15SohIECvPJqiIMbXR8ePLicWmPezXdKCYdoq:VxUUPMbXR8aLicWmPezXdKRdoq
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy