gafgyt | 3f14521d684af668666b225673239d601952f0458046a8bacebdc34f71367c94 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0ea4d6fd7a3f190ca6c62926259af346.elf
Size

112KB
Sample

240719-l7c8zsvhqk
MD5

0ea4d6fd7a3f190ca6c62926259af346
SHA1

a3382e286c678ea651b42209dfce11363ff1caa0
SHA256

3f14521d684af668666b225673239d601952f0458046a8bacebdc34f71367c94
SHA512

a1f842ec43f8303388825bdd297d5d70276824621d4cf68ad05f4cc93d76fee4ae4d8527c16ea6e7e2a68b1e70873a63851809bbf838a9d799a446d5739d8036
SSDEEP

3072:7rfMt6MUEproqU5hY1zVKdwwzF9GhsRiAe:3vMzproqU5hYNVKdwwzF9GhsRiAe

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

37.156.29.141:4258

Targets

- Target
  
  0ea4d6fd7a3f190ca6c62926259af346.elf
- Size
  
  112KB
- MD5
  
  0ea4d6fd7a3f190ca6c62926259af346
- SHA1
  
  a3382e286c678ea651b42209dfce11363ff1caa0
- SHA256
  
  3f14521d684af668666b225673239d601952f0458046a8bacebdc34f71367c94
- SHA512
  
  a1f842ec43f8303388825bdd297d5d70276824621d4cf68ad05f4cc93d76fee4ae4d8527c16ea6e7e2a68b1e70873a63851809bbf838a9d799a446d5739d8036
- SSDEEP
  
  3072:7rfMt6MUEproqU5hY1zVKdwwzF9GhsRiAe:3vMzproqU5hYNVKdwwzF9GhsRiAe
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1