gafgyt | 3514e47e046d48eba71c6a68a4cb1bfa6f5ec124bb690be70112025187633d23 | Triage

Sharing

General

Target

41750ceb89c64ba3075826712cda4297.bin
Size

34KB
Sample

240409-bly88adb71
MD5

6ac4f689228e1dbe65cd74715d60c360
SHA1

a554b13a09c3d4d92226071ad58fdad4408cac7a
SHA256

3514e47e046d48eba71c6a68a4cb1bfa6f5ec124bb690be70112025187633d23
SHA512

43e134a46d2ee885857a687df5585d739eac2592e184197d9f0b4bdf207a922472bb321d5ef09a15ccb6408b594b2379c9d0a2d9ee623004a87c4cd8897dc42c
SSDEEP

768:EjptpZvtdzGm/tv+OYi5i7By2UiyHEteYroMwj7hwv+SJFie9Fa:ejpQ1Pi2y2+QsjVS+9e9Fa

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

5.253.246.12:23

Targets

- Target
  
  6824cc9368dd365bd9b055b93e87f0b94de2708ab74035bc7a5f040846269881.elf
- Size
  
  71KB
- MD5
  
  41750ceb89c64ba3075826712cda4297
- SHA1
  
  49a977df5acbe1c4f251c089c7961d5fa04dd08f
- SHA256
  
  6824cc9368dd365bd9b055b93e87f0b94de2708ab74035bc7a5f040846269881
- SHA512
  
  6af14433ac10a8ce29fe57faba8136b53a1bc433e79918da4a5a72f0cade99bd8f702b9b167b9c21ddd6ebc775c3046ba3093d8294686a4c079be8fc80e234d6
- SSDEEP
  
  1536:qGkvRT+UuUcSq0dbvFRexxA6Cxu0MgmSSfmBRGmLI2VOCjXUfJRk:bkYUuUcv0db9ReXnC0cSfmBRGmU2VOCF
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1