gafgyt | 8853cc3d234d66c660896c583bfc67d40441600bef3f9fe9c49f022806b78dba | Triage

Sharing

General

Target

b60ef1054b76ff23b1509e302980146c.elf
Size

204KB
Sample

240403-hn8zrsah35
MD5

b60ef1054b76ff23b1509e302980146c
SHA1

6abd29531a91594e6d39248057aef828fbbc8b4f
SHA256

8853cc3d234d66c660896c583bfc67d40441600bef3f9fe9c49f022806b78dba
SHA512

dd5b251217080350440b3cf4f77295a0a2293eec9bd7bc13144dcc377354a27b128b8e0fe308f9bcc6e063cbb2c8b2c0f8e6bc0d5f627594087193d989770c32
SSDEEP

6144:FZzyacCwXJ4DbpW0vr5hbL6+uM/9Ocgym0wfB5RyAn:FZzyacCwXJ4gM5hbvf/dgym0mB5RyAn

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.140:777

Targets

- Target
  
  b60ef1054b76ff23b1509e302980146c.elf
- Size
  
  204KB
- MD5
  
  b60ef1054b76ff23b1509e302980146c
- SHA1
  
  6abd29531a91594e6d39248057aef828fbbc8b4f
- SHA256
  
  8853cc3d234d66c660896c583bfc67d40441600bef3f9fe9c49f022806b78dba
- SHA512
  
  dd5b251217080350440b3cf4f77295a0a2293eec9bd7bc13144dcc377354a27b128b8e0fe308f9bcc6e063cbb2c8b2c0f8e6bc0d5f627594087193d989770c32
- SSDEEP
  
  6144:FZzyacCwXJ4DbpW0vr5hbL6+uM/9Ocgym0wfB5RyAn:FZzyacCwXJ4gM5hbvf/dgym0mB5RyAn
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1