gafgyt | d36c8eea9b2a586facdddb8799d5893f27a418513290d325eba4c33c0a48e42b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d36c8eea9b2a586facdddb8799d5893f27a418513290d325eba4c33c0a48e42b.elf
Size

113KB
Sample

240409-cpmv2abe29
MD5

75825b9ccb6123ba8e7b48ef6186eb14
SHA1

fba321550abbfec06e0f37a99344093964bb7056
SHA256

d36c8eea9b2a586facdddb8799d5893f27a418513290d325eba4c33c0a48e42b
SHA512

d20bec2127a899b7a394ff57d055e4cd3e0e52ac7287be161d8c57d8d14a45bbdd1acb38de65682bfeaf9ff85742da0062326621b4d7c54048c0134ca04f3488
SSDEEP

3072:C/4g3Kd1rg5hZmxgA9OKdwwjF9GhsR1Ae:O9ang5hZLHKdwwjF9GhsR1Ae

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

141.98.7.56:4258

Targets

- Target
  
  d36c8eea9b2a586facdddb8799d5893f27a418513290d325eba4c33c0a48e42b.elf
- Size
  
  113KB
- MD5
  
  75825b9ccb6123ba8e7b48ef6186eb14
- SHA1
  
  fba321550abbfec06e0f37a99344093964bb7056
- SHA256
  
  d36c8eea9b2a586facdddb8799d5893f27a418513290d325eba4c33c0a48e42b
- SHA512
  
  d20bec2127a899b7a394ff57d055e4cd3e0e52ac7287be161d8c57d8d14a45bbdd1acb38de65682bfeaf9ff85742da0062326621b4d7c54048c0134ca04f3488
- SSDEEP
  
  3072:C/4g3Kd1rg5hZmxgA9OKdwwjF9GhsR1Ae:O9ang5hZLHKdwwjF9GhsR1Ae
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1