gafgyt | bec34728dcd0fdbee8fb36650712c03e3eceb85d1e2f29f6327106aef783f08c | Triage

Sharing

General

Target

bec34728dcd0fdbee8fb36650712c03e3eceb85d1e2f29f6327106aef783f08c.elf
Size

86KB
Sample

240425-cc1aladd7z
MD5

650dbb829d84cd8761a12bf1ed1afe1e
SHA1

92a7f914346ceedb4e0a1f5cc77ae9701c10505d
SHA256

bec34728dcd0fdbee8fb36650712c03e3eceb85d1e2f29f6327106aef783f08c
SHA512

2a0ca57d3c599fd37305ef84ed225cf5a8ef3f2c5af922e399b2d820624e66a74872248c2c00a3dbd7ba8d2c1fb6837bb3d948c7a5e7f105c7e9973db1de9e68
SSDEEP

1536:Jt2KVBUpUNGbO7wpRN5jqZ2fEaae/T2k7lNilCseYFF5m6rjd6VCYjpA:Jt2KjUpUNGbOKjqSaeh7lNiBhmEjdeCh

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

2.58.95.131:65480

Targets

- Target
  
  bec34728dcd0fdbee8fb36650712c03e3eceb85d1e2f29f6327106aef783f08c.elf
- Size
  
  86KB
- MD5
  
  650dbb829d84cd8761a12bf1ed1afe1e
- SHA1
  
  92a7f914346ceedb4e0a1f5cc77ae9701c10505d
- SHA256
  
  bec34728dcd0fdbee8fb36650712c03e3eceb85d1e2f29f6327106aef783f08c
- SHA512
  
  2a0ca57d3c599fd37305ef84ed225cf5a8ef3f2c5af922e399b2d820624e66a74872248c2c00a3dbd7ba8d2c1fb6837bb3d948c7a5e7f105c7e9973db1de9e68
- SSDEEP
  
  1536:Jt2KVBUpUNGbO7wpRN5jqZ2fEaae/T2k7lNilCseYFF5m6rjd6VCYjpA:Jt2KjUpUNGbOKjqSaeh7lNiBhmEjdeCh
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1