gafgyt | 3ca85dbd700f6baff30c97731fd6dad981ba5c220923b8a8c00f777eced1f970 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3ca85dbd700f6baff30c97731fd6dad981ba5c220923b8a8c00f777eced1f970.elf
Size

156KB
Sample

240411-bkehesbc61
MD5

c7c0cf467186f7fb5a9ed7a11152bb07
SHA1

a1764b9eb6edeb709343a5e76953741747a2d415
SHA256

3ca85dbd700f6baff30c97731fd6dad981ba5c220923b8a8c00f777eced1f970
SHA512

e27760e39cbdcd68a0a0f3357b10f2306de795b264ac7a0da5181aad3eebf459c0accc3de18a9907c8304ad1f824f2fd748205e33d7d5423895281376b1f33e9
SSDEEP

3072:+e2fWaHTQlKNBHFiW2h5hgoeqOgmzZQQAhzRq6AAe:oBHb2h5hgoemmzZQQAhzRq6AAe

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

45.148.244.74:839

Targets

- Target
  
  3ca85dbd700f6baff30c97731fd6dad981ba5c220923b8a8c00f777eced1f970.elf
- Size
  
  156KB
- MD5
  
  c7c0cf467186f7fb5a9ed7a11152bb07
- SHA1
  
  a1764b9eb6edeb709343a5e76953741747a2d415
- SHA256
  
  3ca85dbd700f6baff30c97731fd6dad981ba5c220923b8a8c00f777eced1f970
- SHA512
  
  e27760e39cbdcd68a0a0f3357b10f2306de795b264ac7a0da5181aad3eebf459c0accc3de18a9907c8304ad1f824f2fd748205e33d7d5423895281376b1f33e9
- SSDEEP
  
  3072:+e2fWaHTQlKNBHFiW2h5hgoeqOgmzZQQAhzRq6AAe:oBHb2h5hgoemmzZQQAhzRq6AAe
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1