gafgyt | 75d86660e39f375c9c35106f06b3e7fe66f72077998af574815ade55ce1877f4 | Triage

Sharing

General

Target

75d86660e39f375c9c35106f06b3e7fe66f72077998af574815ade55ce1877f4.elf
Size

105KB
Sample

240411-bt8smabf6y
MD5

a96c404435b48a58d0febd40ed25df3d
SHA1

ea3b689e74500057671206a9f17f306b059928b7
SHA256

75d86660e39f375c9c35106f06b3e7fe66f72077998af574815ade55ce1877f4
SHA512

eb41c55742f66c79de6b2c4a781ea882531a19a237192fc58d049ed82bb5683edb1e8b640baab6b34517910d378d66fd47483f553b7b1a8fbdfa3fbc725d4224
SSDEEP

3072:MSY+46m1qOzssBFPPKNy+AmkZrQAhPDCXFke:06mgOzJBFPzmkZrQAhPDCXFke

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

166.88.61.185:606

Targets

- Target
  
  75d86660e39f375c9c35106f06b3e7fe66f72077998af574815ade55ce1877f4.elf
- Size
  
  105KB
- MD5
  
  a96c404435b48a58d0febd40ed25df3d
- SHA1
  
  ea3b689e74500057671206a9f17f306b059928b7
- SHA256
  
  75d86660e39f375c9c35106f06b3e7fe66f72077998af574815ade55ce1877f4
- SHA512
  
  eb41c55742f66c79de6b2c4a781ea882531a19a237192fc58d049ed82bb5683edb1e8b640baab6b34517910d378d66fd47483f553b7b1a8fbdfa3fbc725d4224
- SSDEEP
  
  3072:MSY+46m1qOzssBFPPKNy+AmkZrQAhPDCXFke:06mgOzJBFPzmkZrQAhPDCXFke
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1