gafgyt | a18f2512a9fc3e7be428fe1b98c61d3c3b5f84914192dcfa134dc52c369234ee | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dd684a97f43412babe45578e68f8d789.bin
Size

50KB
Sample

240630-epynmstelg
MD5

dfaa0088da88cb6fa288f4742cfa8b99
SHA1

e687d2013ed2172819a0fe549649244618ba29a7
SHA256

a18f2512a9fc3e7be428fe1b98c61d3c3b5f84914192dcfa134dc52c369234ee
SHA512

0f75cd92d3d0f9583f6b0dbd607ce21734f26859b7ed510b599e331c179377f6aab2a1cff94025f6d644e4561e6b1cf5f81004e8d737b8511706b184e7f35d87
SSDEEP

1536:T7poO8Ri10sRPdBSZpQCfgdJwYFnsOqms:z8Ri15dcbufFnsOq7

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

176.97.114.45:666

Targets

- Target
  
  03be42f6edfd27ccd5797ed071819b066c0e49743bce1c1170191de3de6b9dde.elf
- Size
  
  136KB
- MD5
  
  dd684a97f43412babe45578e68f8d789
- SHA1
  
  f3d3dda6d7d3b2a482510e0e1f244a240767e1a2
- SHA256
  
  03be42f6edfd27ccd5797ed071819b066c0e49743bce1c1170191de3de6b9dde
- SHA512
  
  f338c1f0606401193194f37dfde0415f7699ce0b3346e226a8a1df51af1260aa2428846e58fd907bc7381d6984f0226f1dfaf090fc9cd9df587d5008aa2010db
- SSDEEP
  
  1536:wHf2lkeVau3uaiIF2rK3V64Fi8HpoZceeQnudfQzgpMx725QlfDsXbmnLakm/KBm:3hb6ZceeQud9pMFrsXEnmCBgAYiCh
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1