gafgyt | fe8679de1a9bf0be2631834bbc5451e97fe7085257854116c435dfb1ecb3a9c3 | Triage

Sharing

General

Target

6a5a05345751df0f4751aeca714835af.elf
Size

83KB
Sample

240425-sk6eksbg9s
MD5

6a5a05345751df0f4751aeca714835af
SHA1

c620a9faf265981167a23a0471234b3c2014b9a6
SHA256

fe8679de1a9bf0be2631834bbc5451e97fe7085257854116c435dfb1ecb3a9c3
SHA512

41d65129bb84f2edfa81d119371740a54e64b08d1755d557965bbd87f0fad5e40bfeea7ad6a37943c81c12ff258c0a7f7c2ec3792b77cff13e90f45297e94c7b
SSDEEP

1536:yD5b1hE4t3J6lreu5r4hWj8L6GDloRmF+wVOz+sXcfW7k:wb1hE4pJ6liuq0YGGoRmEwVOz+ucfW7k

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

94.156.8.9:23

Targets

- Target
  
  6a5a05345751df0f4751aeca714835af.elf
- Size
  
  83KB
- MD5
  
  6a5a05345751df0f4751aeca714835af
- SHA1
  
  c620a9faf265981167a23a0471234b3c2014b9a6
- SHA256
  
  fe8679de1a9bf0be2631834bbc5451e97fe7085257854116c435dfb1ecb3a9c3
- SHA512
  
  41d65129bb84f2edfa81d119371740a54e64b08d1755d557965bbd87f0fad5e40bfeea7ad6a37943c81c12ff258c0a7f7c2ec3792b77cff13e90f45297e94c7b
- SSDEEP
  
  1536:yD5b1hE4t3J6lreu5r4hWj8L6GDloRmF+wVOz+sXcfW7k:wb1hE4pJ6liuq0YGGoRmEwVOz+ucfW7k
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1