gafgyt | 70ebf8847588cf944f163659b46420d2d6f21bc32dfe4c801217f1a4898bf49d | Triage

Sharing

Copy URL Twitter E-mail

General

Target

70ebf8847588cf944f163659b46420d2d6f21bc32dfe4c801217f1a4898bf49d.elf
Size

183KB
Sample

240406-bps7dagh57
MD5

be1b7b6d1dbf03f8df62763bd94c16af
SHA1

b67b2b496456a81b4f9755333e7e312eb41986a6
SHA256

70ebf8847588cf944f163659b46420d2d6f21bc32dfe4c801217f1a4898bf49d
SHA512

42767e5a9a0b2ae7de18719568fadfc45ca885ef0c0cb7a53b3db92fc905b6c9ecd3a20720a21d370f6843a297c49d261a42917d7f1f46f10497a7371c534263
SSDEEP

3072:aaF7XSy6Cv9RDT5hCs1ZQhmv8uqx1BVnKoe:aICGVFT5hCZhmv8uqx1BVnKoe

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

93.123.39.121:671

Targets

- Target
  
  70ebf8847588cf944f163659b46420d2d6f21bc32dfe4c801217f1a4898bf49d.elf
- Size
  
  183KB
- MD5
  
  be1b7b6d1dbf03f8df62763bd94c16af
- SHA1
  
  b67b2b496456a81b4f9755333e7e312eb41986a6
- SHA256
  
  70ebf8847588cf944f163659b46420d2d6f21bc32dfe4c801217f1a4898bf49d
- SHA512
  
  42767e5a9a0b2ae7de18719568fadfc45ca885ef0c0cb7a53b3db92fc905b6c9ecd3a20720a21d370f6843a297c49d261a42917d7f1f46f10497a7371c534263
- SSDEEP
  
  3072:aaF7XSy6Cv9RDT5hCs1ZQhmv8uqx1BVnKoe:aICGVFT5hCZhmv8uqx1BVnKoe
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1