gafgyt | 6af47660f94349489e8b9617aae1f3fbf892e3683eb32b3358a3f6e49a52514e | Triage

Sharing

General

Target

6af47660f94349489e8b9617aae1f3fbf892e3683eb32b3358a3f6e49a52514e.elf
Size

100KB
Sample

240521-rd8qpage64
MD5

d0e3203775a6ab4be2ff4fdb3b077842
SHA1

b6e65e7a51949fed333840ea451271ea560fd380
SHA256

6af47660f94349489e8b9617aae1f3fbf892e3683eb32b3358a3f6e49a52514e
SHA512

37c95a29a0e884e2c18c043f5f56eec80ced3ed415e3a25214bbecccf17989fe1d888dea43f9a79f223182885102da652a059cc854d3d72004f73a44a9b6e420
SSDEEP

1536:LF9LFuEvDTKqUMJeuLGVdXJMBwHxhY3TuRvYHJmSyTahQH7S4:LpuEXZ9jY1HjY3TuRv0JmlTayH7S4

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

45.95.169.101:23

Targets

- Target
  
  6af47660f94349489e8b9617aae1f3fbf892e3683eb32b3358a3f6e49a52514e.elf
- Size
  
  100KB
- MD5
  
  d0e3203775a6ab4be2ff4fdb3b077842
- SHA1
  
  b6e65e7a51949fed333840ea451271ea560fd380
- SHA256
  
  6af47660f94349489e8b9617aae1f3fbf892e3683eb32b3358a3f6e49a52514e
- SHA512
  
  37c95a29a0e884e2c18c043f5f56eec80ced3ed415e3a25214bbecccf17989fe1d888dea43f9a79f223182885102da652a059cc854d3d72004f73a44a9b6e420
- SSDEEP
  
  1536:LF9LFuEvDTKqUMJeuLGVdXJMBwHxhY3TuRvYHJmSyTahQH7S4:LpuEXZ9jY1HjY3TuRv0JmlTayH7S4
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1