gafgyt | e0bbb8042837290b5933d9d054ed9dc3302d6f2e715e43d438c6bea99a5df4be | Triage

Sharing

General

Target

ef079df1438c23cc0c4dc049b17c41e4.elf
Size

183KB
Sample

240403-hn7rpsah25
MD5

ef079df1438c23cc0c4dc049b17c41e4
SHA1

8ea5965ef99de3251179e822b982e5c0ca2b9f9a
SHA256

e0bbb8042837290b5933d9d054ed9dc3302d6f2e715e43d438c6bea99a5df4be
SHA512

d9fc7c3917220b18cf997386e00d62a41a35424842ff0e26399860f4399195a312c93c26acc2e184f0dba6531edeca5da9b6da409b0a66050a30ba74fd39364e
SSDEEP

3072:UhZRj5n9EmzUyMhN5hWTt5s1qAuhmv8uqx1BVnKoe:mjrYZN5hWJ5Lhmv8uqx1BVnKoe

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.140:777

Targets

- Target
  
  ef079df1438c23cc0c4dc049b17c41e4.elf
- Size
  
  183KB
- MD5
  
  ef079df1438c23cc0c4dc049b17c41e4
- SHA1
  
  8ea5965ef99de3251179e822b982e5c0ca2b9f9a
- SHA256
  
  e0bbb8042837290b5933d9d054ed9dc3302d6f2e715e43d438c6bea99a5df4be
- SHA512
  
  d9fc7c3917220b18cf997386e00d62a41a35424842ff0e26399860f4399195a312c93c26acc2e184f0dba6531edeca5da9b6da409b0a66050a30ba74fd39364e
- SSDEEP
  
  3072:UhZRj5n9EmzUyMhN5hWTt5s1qAuhmv8uqx1BVnKoe:mjrYZN5hWJ5Lhmv8uqx1BVnKoe
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1