gafgyt | 3134106bced699e7076711c0b5e7860de3375c3cc8a5a2d7d2aea17377083093 | Triage

Sharing

General

Target

3134106bced699e7076711c0b5e7860de3375c3cc8a5a2d7d2aea17377083093.elf
Size

76KB
Sample

240521-rqkvdsha91
MD5

f2fccc4a074b58a3dd709b5e902ec6b6
SHA1

a550c4a15e39a9d646212faaf067c9eb193801f6
SHA256

3134106bced699e7076711c0b5e7860de3375c3cc8a5a2d7d2aea17377083093
SHA512

df385ee1da641dca9bb6826394250f050539d7bfac964fed251d7bf9a90c90af6029fc9f17f3e613603c1f821b12431a3152e4406ee86ffefb801beb44af3c9d
SSDEEP

1536:7MPLUjU4ccmDv8xYLQ3IUfxUd4KHKjk6skqmQg26hy9H0Ep:7MPLUjUlcmaYLQ3IUJUfKjdqmt26M9HN

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

45.95.169.101:23

Targets

- Target
  
  3134106bced699e7076711c0b5e7860de3375c3cc8a5a2d7d2aea17377083093.elf
- Size
  
  76KB
- MD5
  
  f2fccc4a074b58a3dd709b5e902ec6b6
- SHA1
  
  a550c4a15e39a9d646212faaf067c9eb193801f6
- SHA256
  
  3134106bced699e7076711c0b5e7860de3375c3cc8a5a2d7d2aea17377083093
- SHA512
  
  df385ee1da641dca9bb6826394250f050539d7bfac964fed251d7bf9a90c90af6029fc9f17f3e613603c1f821b12431a3152e4406ee86ffefb801beb44af3c9d
- SSDEEP
  
  1536:7MPLUjU4ccmDv8xYLQ3IUfxUd4KHKjk6skqmQg26hy9H0Ep:7MPLUjUlcmaYLQ3IUJUfKjdqmt26M9HN
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1