gafgyt | 9c2fafe1f2492d9cb0fe82381ea29fe9d90f8930910e08f4284c4fe52f0a89e2 | Triage

Sharing

General

Target

9c2fafe1f2492d9cb0fe82381ea29fe9d90f8930910e08f4284c4fe52f0a89e2.elf
Size

155KB
Sample

240425-b75m5adc7v
MD5

2ecf7ad89964786b052215d73a13c27d
SHA1

c73fdfef7321675016142093e2c7e213e0449238
SHA256

9c2fafe1f2492d9cb0fe82381ea29fe9d90f8930910e08f4284c4fe52f0a89e2
SHA512

10c45a973ebd63b2901d7dc6eea14d0dc8d71c47ad5892ea82c3abb4616b693d0a25ad36c01e9bb652186176e3527ed71cc14a9c255572e7a738a6d2db286954
SSDEEP

3072:xUL21lpkpIC2gQXalWvRbfbphahpinHEn2VAlZ83nmBT38dAY4:xzvhbphabkBpXmBT38dAY4

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.78:55

Targets

- Target
  
  9c2fafe1f2492d9cb0fe82381ea29fe9d90f8930910e08f4284c4fe52f0a89e2.elf
- Size
  
  155KB
- MD5
  
  2ecf7ad89964786b052215d73a13c27d
- SHA1
  
  c73fdfef7321675016142093e2c7e213e0449238
- SHA256
  
  9c2fafe1f2492d9cb0fe82381ea29fe9d90f8930910e08f4284c4fe52f0a89e2
- SHA512
  
  10c45a973ebd63b2901d7dc6eea14d0dc8d71c47ad5892ea82c3abb4616b693d0a25ad36c01e9bb652186176e3527ed71cc14a9c255572e7a738a6d2db286954
- SSDEEP
  
  3072:xUL21lpkpIC2gQXalWvRbfbphahpinHEn2VAlZ83nmBT38dAY4:xzvhbphabkBpXmBT38dAY4
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1