gafgyt | 2c3455514637842ad6ed1ef0f8cd53283d26c23d65a4cb9814ad079eae877f40 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

81c83f27b6e88c217d634431ab7ca78c.elf
Size

146KB
Sample

240418-ys84bseg4z
MD5

81c83f27b6e88c217d634431ab7ca78c
SHA1

8c0f11fe5c2b95cb48b0869dda299dab6352123a
SHA256

2c3455514637842ad6ed1ef0f8cd53283d26c23d65a4cb9814ad079eae877f40
SHA512

3697dde92c140c8087103f9c00ce4a575865018fbd7560326eb564c6ea6496aa784661eb9f05c2c0f2d66691b218aff4102007d0836e9df74902a0a96e0792a2
SSDEEP

3072:ut8iFDKEfFN+Fa+1sWCh7a8oXV7pUMbmQwfCMQiGW:s8iFDLf/+FaNrh7a8oXV7p5mQwfCDiGW

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.170:666

Targets

- Target
  
  81c83f27b6e88c217d634431ab7ca78c.elf
- Size
  
  146KB
- MD5
  
  81c83f27b6e88c217d634431ab7ca78c
- SHA1
  
  8c0f11fe5c2b95cb48b0869dda299dab6352123a
- SHA256
  
  2c3455514637842ad6ed1ef0f8cd53283d26c23d65a4cb9814ad079eae877f40
- SHA512
  
  3697dde92c140c8087103f9c00ce4a575865018fbd7560326eb564c6ea6496aa784661eb9f05c2c0f2d66691b218aff4102007d0836e9df74902a0a96e0792a2
- SSDEEP
  
  3072:ut8iFDKEfFN+Fa+1sWCh7a8oXV7pUMbmQwfCMQiGW:s8iFDLf/+FaNrh7a8oXV7p5mQwfCDiGW
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1