gafgyt | 99f45aacb1c30c3fd25def50fdf2de24060dbf26f1f1b327bc5072d3ce25204b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

99f45aacb1c30c3fd25def50fdf2de24060dbf26f1f1b327bc5072d3ce25204b.elf
Size

209KB
Sample

240417-cdbcvsca8y
MD5

6acfe12bf9b9c516e05de139211e5afa
SHA1

9ab5802cc344c271adfdc1ac13602f8dc41dc38d
SHA256

99f45aacb1c30c3fd25def50fdf2de24060dbf26f1f1b327bc5072d3ce25204b
SHA512

fd5ef295f6186c9c663aacc1684d87ac090c5e879bd55e32b94e2cdb3e56a26064475f16c0b4b4e548c08b0632612b7f82e8e8d57a64d78829639786c38bd11e
SSDEEP

3072:3XC9j6w2ZQgoYJlQeRmhDvy2uSNbtmWu+R9ask0QcYbh5hRBg1cmrpy6n9Nn:3SDCzcYbh5hR5mrpy6n9Nn

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.170:26586

Targets

- Target
  
  99f45aacb1c30c3fd25def50fdf2de24060dbf26f1f1b327bc5072d3ce25204b.elf
- Size
  
  209KB
- MD5
  
  6acfe12bf9b9c516e05de139211e5afa
- SHA1
  
  9ab5802cc344c271adfdc1ac13602f8dc41dc38d
- SHA256
  
  99f45aacb1c30c3fd25def50fdf2de24060dbf26f1f1b327bc5072d3ce25204b
- SHA512
  
  fd5ef295f6186c9c663aacc1684d87ac090c5e879bd55e32b94e2cdb3e56a26064475f16c0b4b4e548c08b0632612b7f82e8e8d57a64d78829639786c38bd11e
- SSDEEP
  
  3072:3XC9j6w2ZQgoYJlQeRmhDvy2uSNbtmWu+R9ask0QcYbh5hRBg1cmrpy6n9Nn:3SDCzcYbh5hR5mrpy6n9Nn
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1