gafgyt | 9d974044555dfac9cafdba49fcf1874c0cd81811599e57b8380bfaf4ed8c7c79 | Triage

Sharing

General

Target

66ef8fb870b2301fed23ae5729368075.elf
Size

92KB
Sample

240425-slqqhsbh85
MD5

66ef8fb870b2301fed23ae5729368075
SHA1

2b0f4efac0ec70aa9ce44fd0c82b4641434ac6c0
SHA256

9d974044555dfac9cafdba49fcf1874c0cd81811599e57b8380bfaf4ed8c7c79
SHA512

514de691a7c4dad5c5d01cfdd30dab66dc8b9072a2db89e9ceea952d78b29f957068f2648cf67b778b8464a86cf62762161b1f79588c3016b22efbe8e865e90b
SSDEEP

1536:W7uJtxMVEOVbazlvhE1hmkJ0S36W6bWjK3NaPXfH0mA+KWOXFseaZYxe:4SMVEOVMlpmXJ0O6WpjKdafUm/KWOXFE

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

94.156.8.9:23

Targets

- Target
  
  66ef8fb870b2301fed23ae5729368075.elf
- Size
  
  92KB
- MD5
  
  66ef8fb870b2301fed23ae5729368075
- SHA1
  
  2b0f4efac0ec70aa9ce44fd0c82b4641434ac6c0
- SHA256
  
  9d974044555dfac9cafdba49fcf1874c0cd81811599e57b8380bfaf4ed8c7c79
- SHA512
  
  514de691a7c4dad5c5d01cfdd30dab66dc8b9072a2db89e9ceea952d78b29f957068f2648cf67b778b8464a86cf62762161b1f79588c3016b22efbe8e865e90b
- SSDEEP
  
  1536:W7uJtxMVEOVbazlvhE1hmkJ0S36W6bWjK3NaPXfH0mA+KWOXFseaZYxe:4SMVEOVMlpmXJ0O6WpjKdafUm/KWOXFE
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1