gafgyt | 6b8e01dc64319cd3d85ce5e3fad5cdd962ca7bb8e13821de8ccec5b0eeab0c97 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

945127ccf7dfd6d7b3a9be065a60a398.elf
Size

106KB
Sample

240505-scqddsgd75
MD5

945127ccf7dfd6d7b3a9be065a60a398
SHA1

4e9b8d6672b5b678eb90c2488b361a26a3e4cdc7
SHA256

6b8e01dc64319cd3d85ce5e3fad5cdd962ca7bb8e13821de8ccec5b0eeab0c97
SHA512

d3d23dddf38fe2f5890ff7c66db4e962c9264bcc07a927b68fae8e2557d3b31143559471b0f5b5e985d321b8b4400f733907e6049e4b366bceb9ebcbd70cc1f2
SSDEEP

3072:j6dye4BmJQophaZw/1vc4+AzkSXmdRWaLHgb4:dophaZchrmdRWaDgb4

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

158.160.8.110:4258

Targets

- Target
  
  945127ccf7dfd6d7b3a9be065a60a398.elf
- Size
  
  106KB
- MD5
  
  945127ccf7dfd6d7b3a9be065a60a398
- SHA1
  
  4e9b8d6672b5b678eb90c2488b361a26a3e4cdc7
- SHA256
  
  6b8e01dc64319cd3d85ce5e3fad5cdd962ca7bb8e13821de8ccec5b0eeab0c97
- SHA512
  
  d3d23dddf38fe2f5890ff7c66db4e962c9264bcc07a927b68fae8e2557d3b31143559471b0f5b5e985d321b8b4400f733907e6049e4b366bceb9ebcbd70cc1f2
- SSDEEP
  
  3072:j6dye4BmJQophaZw/1vc4+AzkSXmdRWaLHgb4:dophaZchrmdRWaDgb4
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1