gafgyt | 258e96bd73be2ceb5d0aaf94ea1d055a64a49cd510982ec3e24639e0d4194728 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

8cc4e7f4f48f3d7281c9b85e3b251eda.elf
Size

124KB
Sample

240409-s62zaabc49
MD5

8cc4e7f4f48f3d7281c9b85e3b251eda
SHA1

5c5c2421a8e6f0084a6e6014f157002c0b399cd0
SHA256

258e96bd73be2ceb5d0aaf94ea1d055a64a49cd510982ec3e24639e0d4194728
SHA512

f2f57870b6b3bf12f0e1aa821409a128b3be81f88113b33af57ce75860b9f5525bfa94b0e1c2616a4df78367751f538881cb7d9a5eaa2e91891806189fcfc566
SSDEEP

3072:EWpbc37+Qp2nrkGJc/s5h1Y7rCmJC0OzQaGyPZk:E9Lyc/s5h1XmJC0OzQaGyPZk

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

159.100.30.207:666

Targets

- Target
  
  8cc4e7f4f48f3d7281c9b85e3b251eda.elf
- Size
  
  124KB
- MD5
  
  8cc4e7f4f48f3d7281c9b85e3b251eda
- SHA1
  
  5c5c2421a8e6f0084a6e6014f157002c0b399cd0
- SHA256
  
  258e96bd73be2ceb5d0aaf94ea1d055a64a49cd510982ec3e24639e0d4194728
- SHA512
  
  f2f57870b6b3bf12f0e1aa821409a128b3be81f88113b33af57ce75860b9f5525bfa94b0e1c2616a4df78367751f538881cb7d9a5eaa2e91891806189fcfc566
- SSDEEP
  
  3072:EWpbc37+Qp2nrkGJc/s5h1Y7rCmJC0OzQaGyPZk:E9Lyc/s5h1XmJC0OzQaGyPZk
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1