gafgyt | b33fa8ea826ead4d17150ec493bae7f4c2f89c30fc16840addc5f225cb05a5d4 | Triage

Sharing

General

Target

b33fa8ea826ead4d17150ec493bae7f4c2f89c30fc16840addc5f225cb05a5d4.elf
Size

152KB
Sample

240713-nt39csyhnr
MD5

e444ff3dbabc6c9ada4b25ff27392831
SHA1

cd8ec0c32e45c6b7551750c6c8c026b96e0b6e5b
SHA256

b33fa8ea826ead4d17150ec493bae7f4c2f89c30fc16840addc5f225cb05a5d4
SHA512

ce2cffc06e37424b90010df012eeba1e7e7428e75d7be52ab1a2ce2e686682aae13b817cc7bcb46a6fd31607c9d715defcd1b59d6a1d46676e8351b5413c1e18
SSDEEP

3072:tdntU2haO5H1XacBoGmh9H5U5hDiGWWmV7f9T637m5wTsL/Qpyn:ntVhaO5H1qEc9Hi5hDiGWWmV7l+7m5wS

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

103.28.33.98:4258

Targets

- Target
  
  b33fa8ea826ead4d17150ec493bae7f4c2f89c30fc16840addc5f225cb05a5d4.elf
- Size
  
  152KB
- MD5
  
  e444ff3dbabc6c9ada4b25ff27392831
- SHA1
  
  cd8ec0c32e45c6b7551750c6c8c026b96e0b6e5b
- SHA256
  
  b33fa8ea826ead4d17150ec493bae7f4c2f89c30fc16840addc5f225cb05a5d4
- SHA512
  
  ce2cffc06e37424b90010df012eeba1e7e7428e75d7be52ab1a2ce2e686682aae13b817cc7bcb46a6fd31607c9d715defcd1b59d6a1d46676e8351b5413c1e18
- SSDEEP
  
  3072:tdntU2haO5H1XacBoGmh9H5U5hDiGWWmV7f9T637m5wTsL/Qpyn:ntVhaO5H1qEc9Hi5hDiGWWmV7l+7m5wS
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1