gafgyt | 9845e7bab18fae82c30a25524e8ce3ce4c19d88bc178d4fbfac2c8b71253a46f | Triage

Submit
Reports

Overview

overview

Static

static

ae55f012ca...d0.elf

ubuntu-18.04-amd64

6

Sharing

Copy URL Twitter E-mail

General

Target

e39fad9840817ecdc8c06cc4cc5a4f8d.bin
Size

62KB
Sample

240429-cbvcysfc7s
MD5

91bca9ef4362fe4f8eac2ec03d28ce95
SHA1

eefc81a1082409309926b280ea28c1ac0c0fda5a
SHA256

9845e7bab18fae82c30a25524e8ce3ce4c19d88bc178d4fbfac2c8b71253a46f
SHA512

76f5c34207067c8d66a0b9810a83af8df2fbb6600d2b204c8cf77dcfacc1f9ce3c8c278372e3351aa1e497c74a39654339288d945795efd0f8845521be598b07
SSDEEP

1536:JDATj7orUcnL5z/I70FIPJjS4l+acCo/pEhXU1:Jcj/e5zg7cSR7lwCo8XU1

Score

10^/10

gafgyt linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ae55f012ca1bb6cf455a450f6071e657fb767aea36a0e4d9e508df81d09325d0.elf

Resource

ubuntu1804-amd64-20240226-en

ubuntu-18.04-amd64

4 signatures

150 seconds

Malware Config

Extracted

Family

gafgyt

C2

2.58.95.131:65481

Targets

- Target
  
  ae55f012ca1bb6cf455a450f6071e657fb767aea36a0e4d9e508df81d09325d0.elf
- Size
  
  171KB
- MD5
  
  e39fad9840817ecdc8c06cc4cc5a4f8d
- SHA1
  
  c977c5ed95856573d64391bf5bbf29398dde96e5
- SHA256
  
  ae55f012ca1bb6cf455a450f6071e657fb767aea36a0e4d9e508df81d09325d0
- SHA512
  
  13c1b92cfce30e38b73c01d3693011a33c1139038bee930ffe5c88f43e2a28aa92db27738c3d58ce6fbde752ec7ef6ac154b088378c825a9259e8f4689401498
- SSDEEP
  
  3072:SKh76tmKT5Zf2ZODKT7cCyP+muZVkfP5Al:Srl5CPTiWmuZVkn5Al
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2025

Terms | Privacy