gafgyt | 39c6bbe7ca9f6929af5e412df29e6e0067d2ba2bfe4651cade1fc2bc471c01df | Triage

Resubmissions

25-04-2024 14:14

240425-rkdh5abe72 10

25-04-2024 14:07

240425-rey8msbd6t 10

Sharing

General

Target

39c6bbe7ca9f6929af5e412df29e6e0067d2ba2bfe4651cade1fc2bc471c01df.elf
Size

102KB
Sample

240425-rkdh5abe72
MD5

76da29e196d3f0969377a38ccaf7b6e1
SHA1

046c63eab78322f08f5115ac6041f4b7c345b0bf
SHA256

39c6bbe7ca9f6929af5e412df29e6e0067d2ba2bfe4651cade1fc2bc471c01df
SHA512

31a289fe576a1322b57ddc6b77656bc315b1f3e9bd5780a363fa2fa0fc3f24914d14f568c3b9841aefcc4e6b1003433bd40bfd56d90716e6c55aff59dc2eefdd
SSDEEP

3072:3t/vIWFucnn1L9jrNm20pA8Py6WaUPmH23ZHaDn:dlN1mDpz3UPmH235aDn

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

2.58.95.131:65480

Targets

- Target
  
  39c6bbe7ca9f6929af5e412df29e6e0067d2ba2bfe4651cade1fc2bc471c01df.elf
- Size
  
  102KB
- MD5
  
  76da29e196d3f0969377a38ccaf7b6e1
- SHA1
  
  046c63eab78322f08f5115ac6041f4b7c345b0bf
- SHA256
  
  39c6bbe7ca9f6929af5e412df29e6e0067d2ba2bfe4651cade1fc2bc471c01df
- SHA512
  
  31a289fe576a1322b57ddc6b77656bc315b1f3e9bd5780a363fa2fa0fc3f24914d14f568c3b9841aefcc4e6b1003433bd40bfd56d90716e6c55aff59dc2eefdd
- SSDEEP
  
  3072:3t/vIWFucnn1L9jrNm20pA8Py6WaUPmH23ZHaDn:dlN1mDpz3UPmH235aDn
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1