gafgyt | c977d2cd4f7b6099d9a26b0bdc6b928bf6bb585146c47a7f75720a30f0e081e9 | Triage

Sharing

General

Target

7e6bbf7c20bbececd9411b74fcec3fbc.elf
Size

106KB
Sample

240705-jrjdysvcqq
MD5

7e6bbf7c20bbececd9411b74fcec3fbc
SHA1

f6804e818bea0cc19fe74993c2f0fb0cfd5c7f13
SHA256

c977d2cd4f7b6099d9a26b0bdc6b928bf6bb585146c47a7f75720a30f0e081e9
SHA512

28868ce06849ae878147e4510324ccca090bc97fe3f1ad0fb4a9ae380a4a3affe22a011cfd4c6cba49cd4c53c2d78e0dfdb8cdae1360d0d9b26ad1d3a95343c2
SSDEEP

3072:j6dye4BmJQCphaZw/1vc45AzkSXmdRWaLHgb4:dCphaZcErmdRWaDgb4

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

164.90.201.215:4258

Targets

- Target
  
  7e6bbf7c20bbececd9411b74fcec3fbc.elf
- Size
  
  106KB
- MD5
  
  7e6bbf7c20bbececd9411b74fcec3fbc
- SHA1
  
  f6804e818bea0cc19fe74993c2f0fb0cfd5c7f13
- SHA256
  
  c977d2cd4f7b6099d9a26b0bdc6b928bf6bb585146c47a7f75720a30f0e081e9
- SHA512
  
  28868ce06849ae878147e4510324ccca090bc97fe3f1ad0fb4a9ae380a4a3affe22a011cfd4c6cba49cd4c53c2d78e0dfdb8cdae1360d0d9b26ad1d3a95343c2
- SSDEEP
  
  3072:j6dye4BmJQCphaZw/1vc45AzkSXmdRWaLHgb4:dCphaZcErmdRWaDgb4
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1