gafgyt | 0a205475e2efa1e6d604350a0ea7730bd044c97e9d802cf3a27211d7732f1df3 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0a205475e2efa1e6d604350a0ea7730bd044c97e9d802cf3a27211d7732f1df3.elf
Size

183KB
Sample

240409-bdp1kscg5z
MD5

3e2e16988d79834d454ebe3e518ff4b5
SHA1

e3d19edb47dfbe6472b4e92ae00fe97f7724ae22
SHA256

0a205475e2efa1e6d604350a0ea7730bd044c97e9d802cf3a27211d7732f1df3
SHA512

aa9d011c15c1ababe05361877f7753b8370fea71ad716f955af9e8689edbdae834fab1bab41b013055cf5b6e37761702d3214fc5736637b161d4b35859c37ba2
SSDEEP

3072:Yh15rOnAmzUyMhj5hmW5s1qAuhmv8uqx1BVnKoe:OsFYZj5hmW5Lhmv8uqx1BVnKoe

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

45.178.6.2:4444

Targets

- Target
  
  0a205475e2efa1e6d604350a0ea7730bd044c97e9d802cf3a27211d7732f1df3.elf
- Size
  
  183KB
- MD5
  
  3e2e16988d79834d454ebe3e518ff4b5
- SHA1
  
  e3d19edb47dfbe6472b4e92ae00fe97f7724ae22
- SHA256
  
  0a205475e2efa1e6d604350a0ea7730bd044c97e9d802cf3a27211d7732f1df3
- SHA512
  
  aa9d011c15c1ababe05361877f7753b8370fea71ad716f955af9e8689edbdae834fab1bab41b013055cf5b6e37761702d3214fc5736637b161d4b35859c37ba2
- SSDEEP
  
  3072:Yh15rOnAmzUyMhj5hmW5s1qAuhmv8uqx1BVnKoe:OsFYZj5hmW5Lhmv8uqx1BVnKoe
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1