gafgyt | cc7a891469a6fb66efdd23e8ae8cbb951792903c7c3b4532064ba14679c67733 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

cc7a891469a6fb66efdd23e8ae8cbb951792903c7c3b4532064ba14679c67733.elf
Size

85KB
Sample

240526-j1rrpach54
MD5

286c39a84fa1ac70d60eea4483d24ea5
SHA1

418669bb0c04642cd8b0b59d4f344d132ef78384
SHA256

cc7a891469a6fb66efdd23e8ae8cbb951792903c7c3b4532064ba14679c67733
SHA512

77e5bfcffc1b2bc911f0bebea2c59a2ed9cd3a2d5c1c056d52e8c889b642e4c72cf936a48c5152abdd8c1049ac4dbdfbb0448a068f7719fefbaf836bd0f70287
SSDEEP

1536:GqjrbfTIKriFDa4gZQP8vkZFHyY+cHyHPr+WOeed8n0xxMmiCsNFPVYLf0:GorbfT+dgXcfHBHyHPCeN0xxMm1sN1Vd

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

93.123.39.12:666

Targets

- Target
  
  cc7a891469a6fb66efdd23e8ae8cbb951792903c7c3b4532064ba14679c67733.elf
- Size
  
  85KB
- MD5
  
  286c39a84fa1ac70d60eea4483d24ea5
- SHA1
  
  418669bb0c04642cd8b0b59d4f344d132ef78384
- SHA256
  
  cc7a891469a6fb66efdd23e8ae8cbb951792903c7c3b4532064ba14679c67733
- SHA512
  
  77e5bfcffc1b2bc911f0bebea2c59a2ed9cd3a2d5c1c056d52e8c889b642e4c72cf936a48c5152abdd8c1049ac4dbdfbb0448a068f7719fefbaf836bd0f70287
- SSDEEP
  
  1536:GqjrbfTIKriFDa4gZQP8vkZFHyY+cHyHPr+WOeed8n0xxMmiCsNFPVYLf0:GorbfT+dgXcfHBHyHPCeN0xxMm1sN1Vd
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1