gafgyt | 1acb32668d88d8de38f984a8a1d64e61bef0b7bb8d370b50a2f135ed838e0ab6 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f1c23ce71cdebeb7c5a57f592fdb851f.elf
Size

124KB
Sample

240408-yvdp7sdg6w
MD5

f1c23ce71cdebeb7c5a57f592fdb851f
SHA1

8da1032adc407393b3b1fbc89081f7144626b737
SHA256

1acb32668d88d8de38f984a8a1d64e61bef0b7bb8d370b50a2f135ed838e0ab6
SHA512

d1e4f3c2c5250a2aac05b2b3ab868717d415c72a2ef6783a5d0bcd8a4ae7dbf24ce92d98ad8f97842b161793dd56ea8bc183db12a750127905092dfad28426ef
SSDEEP

3072:EWpbc37+Qp2nrkGJc/f5hkY7rCmJC0OzQaGyPZk:E9Lyc/f5hkXmJC0OzQaGyPZk

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.170:4444

Targets

- Target
  
  f1c23ce71cdebeb7c5a57f592fdb851f.elf
- Size
  
  124KB
- MD5
  
  f1c23ce71cdebeb7c5a57f592fdb851f
- SHA1
  
  8da1032adc407393b3b1fbc89081f7144626b737
- SHA256
  
  1acb32668d88d8de38f984a8a1d64e61bef0b7bb8d370b50a2f135ed838e0ab6
- SHA512
  
  d1e4f3c2c5250a2aac05b2b3ab868717d415c72a2ef6783a5d0bcd8a4ae7dbf24ce92d98ad8f97842b161793dd56ea8bc183db12a750127905092dfad28426ef
- SSDEEP
  
  3072:EWpbc37+Qp2nrkGJc/f5hkY7rCmJC0OzQaGyPZk:E9Lyc/f5hkXmJC0OzQaGyPZk
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1