gafgyt | a4bd519fe1220ed758336a19e1a1ff922d727d3db3eea8c66ab412cf259d5cd5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4bd519fe1220ed758336a19e1a1ff922d727d3db3eea8c66ab412cf259d5cd5.elf
Size

150KB
Sample

240708-t2hkhsxgrp
MD5

1f929431fbac001c8df984490aaf2e55
SHA1

44f9b13e68c1d9c574eb9ec0c7edac25f0b7ea1a
SHA256

a4bd519fe1220ed758336a19e1a1ff922d727d3db3eea8c66ab412cf259d5cd5
SHA512

4972f737388f463338a9470bb320b29fd580f0b24902081f7e9e09d7810ecfe39e90b002b56a7d83f57a8031da030a84fd42a1615df482868d5ed2ee01d1dd30
SSDEEP

3072:Tdbmn8aAEHqgSkano1DTAe5hWTGZWYxVlxXmpwTsL/QMyn:he8aAEHKkdDTv5hWTGZWYxVldmpwTsLS

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

38.58.177.229:4258

Targets

- Target
  
  a4bd519fe1220ed758336a19e1a1ff922d727d3db3eea8c66ab412cf259d5cd5.elf
- Size
  
  150KB
- MD5
  
  1f929431fbac001c8df984490aaf2e55
- SHA1
  
  44f9b13e68c1d9c574eb9ec0c7edac25f0b7ea1a
- SHA256
  
  a4bd519fe1220ed758336a19e1a1ff922d727d3db3eea8c66ab412cf259d5cd5
- SHA512
  
  4972f737388f463338a9470bb320b29fd580f0b24902081f7e9e09d7810ecfe39e90b002b56a7d83f57a8031da030a84fd42a1615df482868d5ed2ee01d1dd30
- SSDEEP
  
  3072:Tdbmn8aAEHqgSkano1DTAe5hWTGZWYxVlxXmpwTsL/QMyn:he8aAEHKkdDTv5hWTGZWYxVldmpwTsLS
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1