gafgyt | ff768446fd68db341c6ab4f5d834aa25736cd3030310814edabcdd0ffed0e02b | Triage

Sharing

General

Target

b657ddda6458d27a450a6b590094196b.bin
Size

60KB
Sample

240428-b71n6sdh3y
MD5

1bbcc270f2fbbb3d759da7115d8b704b
SHA1

90758f23fa47fe8eb0dd6270db391d6d9f694d23
SHA256

ff768446fd68db341c6ab4f5d834aa25736cd3030310814edabcdd0ffed0e02b
SHA512

d73a023bda23439492b4258ed25f5585b69610dcae276739ebb1d52a19cf4353f03fd063953f25c9bb8cbf17210f45215d42d8d61a20beaf4f757ede74482033
SSDEEP

1536:8UQNhZNXEVaxCMznf6Mi8e4NQlJ84LFlAuspFzhlZ71:8JZNX/IMrYGmvAFpFdZ

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

45.88.90.17:4444

Targets

- Target
  
  5e8977af888cdef7036f928e02cc54c89c6cea94cac11d420f543087e4938545.elf
- Size
  
  155KB
- MD5
  
  b657ddda6458d27a450a6b590094196b
- SHA1
  
  ea12afa6feca36e62b088acd668b17eb903619bc
- SHA256
  
  5e8977af888cdef7036f928e02cc54c89c6cea94cac11d420f543087e4938545
- SHA512
  
  f12db33b958b90b7011ac85528de9627f68d6291f066c31d96977aef0dd4958706d09126a3798ac3f9075a4f7f44f5c4bab8257898ec197242e67a8a4f33382c
- SSDEEP
  
  3072:xUL2FlZkJoC2gQXalWvRbfdphahpCn38nuVAlZl3nmBT38dAY4:xDvhdphabkBwXmBT38dAY4
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1