gafgyt | 5ee6816259fdcee1836963c0b95d5db9b5a5d4ded0c37a8ade1a914daf8f2f23 | Triage

Sharing

General

Target

0e8ca565c519027bc7e3105338ca1a2a.bin
Size

50KB
Sample

240415-bcylbsac53
MD5

4308f82f87ee6f60767c21f9f8517899
SHA1

0b23652cda5b87ccff8fd3072288c0db67c721d1
SHA256

5ee6816259fdcee1836963c0b95d5db9b5a5d4ded0c37a8ade1a914daf8f2f23
SHA512

44860feeaa6534db913a33368c0452587dc13cfeebdb9639ec23872bc30fadd5d9557d1eacf0b6f2e40eb60768b1644f6a4192a63048115ec98ef6b3fa050536
SSDEEP

1536:p7yRMJwVMbSxnCIJzui+VWxPX3NQww7hC7GLg:p7sMJ0Mb6hui+VWlXfwjLg

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

185.196.8.31:76

Targets

- Target
  
  d4d3faa8159d7b78d029256519f96619fe2edd6062ba058d42dbe28c2d3d8c37.elf
- Size
  
  136KB
- MD5
  
  0e8ca565c519027bc7e3105338ca1a2a
- SHA1
  
  43af98af8345630552a485bad0f9d2c72ae570cc
- SHA256
  
  d4d3faa8159d7b78d029256519f96619fe2edd6062ba058d42dbe28c2d3d8c37
- SHA512
  
  f3a4d11e1cf97e3d09bc3606b28e309b50ecdd1f19861b99b31f1de8da2a2abb793d10c6c254de7167eae7e50fd874e3631fc75c4d839521d1eb9af330f5b09c
- SSDEEP
  
  1536:jHfdlk5AauP+uA2rKXyimIhnG6AC2mDs/8eQ5APs7NllVEy4jxgKAmvbpR4WYb4n:xeZ9g6aws/AAPwl9BmzpRRYb4n
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1