gafgyt | 6d2d66c3c94a3df3e1ef741e8a42ef5373fe1f8eb44377d53d7fff5b00025081 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

acd17c51017f4fb70fb2350a785d82e3.elf
Size

146KB
Sample

240422-djgmhafa2t
MD5

acd17c51017f4fb70fb2350a785d82e3
SHA1

56b1449a40cd8b57d5eee5441ee312c13970981f
SHA256

6d2d66c3c94a3df3e1ef741e8a42ef5373fe1f8eb44377d53d7fff5b00025081
SHA512

58d906956f303c7999cc8c50c7d1ee8a301836a1112e866590e0da869a2f9cd04f01fbd6e1c2b1663c75f85070abef664f5a5392c100773d758c4013ac6426cf
SSDEEP

3072:3uCaFJl4vw1WG17GKhZqn2YYV7vfr72YnHmpwfvRQfZn:eCaFJl4I1FGKHqn2YYV7LmpwfvafZn

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

91.92.245.31:67

Targets

- Target
  
  acd17c51017f4fb70fb2350a785d82e3.elf
- Size
  
  146KB
- MD5
  
  acd17c51017f4fb70fb2350a785d82e3
- SHA1
  
  56b1449a40cd8b57d5eee5441ee312c13970981f
- SHA256
  
  6d2d66c3c94a3df3e1ef741e8a42ef5373fe1f8eb44377d53d7fff5b00025081
- SHA512
  
  58d906956f303c7999cc8c50c7d1ee8a301836a1112e866590e0da869a2f9cd04f01fbd6e1c2b1663c75f85070abef664f5a5392c100773d758c4013ac6426cf
- SSDEEP
  
  3072:3uCaFJl4vw1WG17GKhZqn2YYV7vfr72YnHmpwfvRQfZn:eCaFJl4I1FGKHqn2YYV7LmpwfvafZn
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1