gafgyt | 3b67a58ea8a3823673b103dff555d0f171bb32b0856517d9513fb59c1baed969 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

f608751a7edb2285d56394b1883f09e0.elf
Size

136KB
Sample

240410-ts4rdsdg27
MD5

f608751a7edb2285d56394b1883f09e0
SHA1

3f1bdfb6b95f79ad583cd6f3f41d7450797384a0
SHA256

3b67a58ea8a3823673b103dff555d0f171bb32b0856517d9513fb59c1baed969
SHA512

4674d78b6b281b4c36afb82986f9bd39582d916126b58449ca78e6e90d5a568461b4d2bacff0929dd4b1d88c685cdbdcc58a4b4f4d0d0aeed26e183963b642c5
SSDEEP

1536:62ejQFXam9y54q2EnZTf1IbebA86lSWX3kpHk8BmpRmvbpR4WYb4n:6QXQ5R2qdOpSA3l8EpRmzpRRYb4n

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

45.13.227.109:23

Targets

- Target
  
  f608751a7edb2285d56394b1883f09e0.elf
- Size
  
  136KB
- MD5
  
  f608751a7edb2285d56394b1883f09e0
- SHA1
  
  3f1bdfb6b95f79ad583cd6f3f41d7450797384a0
- SHA256
  
  3b67a58ea8a3823673b103dff555d0f171bb32b0856517d9513fb59c1baed969
- SHA512
  
  4674d78b6b281b4c36afb82986f9bd39582d916126b58449ca78e6e90d5a568461b4d2bacff0929dd4b1d88c685cdbdcc58a4b4f4d0d0aeed26e183963b642c5
- SSDEEP
  
  1536:62ejQFXam9y54q2EnZTf1IbebA86lSWX3kpHk8BmpRmvbpR4WYb4n:6QXQ5R2qdOpSA3l8EpRmzpRRYb4n
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1