gafgyt | 42237aab731e2e25005c2e491a356eaea15054064034bf80fe78578b7384e921 | Triage

Sharing

General

Target

42237aab731e2e25005c2e491a356eaea15054064034bf80fe78578b7384e921.elf
Size

183KB
Sample

240418-bnm9qsgb71
MD5

f9c1f88d41c47ce26940d62f658e5eac
SHA1

ca65bd09d3665bed981a44428f05966c2349d203
SHA256

42237aab731e2e25005c2e491a356eaea15054064034bf80fe78578b7384e921
SHA512

14afc3fab55001d4600830b04196961a977f42f6f465b82d16281f1018e6c787b48748ebcb0e47e9eb5ea3a9882c4281fbc05a5ebfc241f0c13ca61a82c7948f
SSDEEP

3072:bKmt8tLodTv3v0v5vuvTvgvdvSvDvAvpvCvzvAvJvGvHvkvKvxvovrvavhvwvfvq:bD41k9qYetJ8addQRZVdfi+8qLwa+L9k

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

85.239.55.70:515

Targets

- Target
  
  42237aab731e2e25005c2e491a356eaea15054064034bf80fe78578b7384e921.elf
- Size
  
  183KB
- MD5
  
  f9c1f88d41c47ce26940d62f658e5eac
- SHA1
  
  ca65bd09d3665bed981a44428f05966c2349d203
- SHA256
  
  42237aab731e2e25005c2e491a356eaea15054064034bf80fe78578b7384e921
- SHA512
  
  14afc3fab55001d4600830b04196961a977f42f6f465b82d16281f1018e6c787b48748ebcb0e47e9eb5ea3a9882c4281fbc05a5ebfc241f0c13ca61a82c7948f
- SSDEEP
  
  3072:bKmt8tLodTv3v0v5vuvTvgvdvSvDvAvpvCvzvAvJvGvHvkvKvxvovrvavhvwvfvq:bD41k9qYetJ8addQRZVdfi+8qLwa+L9k
Score

7^/10
- Changes its process name
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1