gafgyt | f25934b9116049231880489714b6e607ad10cf80ec89185be9e05576653cd1b1 | Triage

Sharing

General

Target

f25934b9116049231880489714b6e607ad10cf80ec89185be9e05576653cd1b1.elf
Size

106KB
Sample

240823-mjjars1err
MD5

b41aa43a1f8d562b85891ff07e1f754a
SHA1

38e238fc28799ed173b337ba6369e4789df0d6d9
SHA256

f25934b9116049231880489714b6e607ad10cf80ec89185be9e05576653cd1b1
SHA512

fd7b2c8d32e86f369c78e98ff48e32ddde0d4d60815c819079a4027522d9890b1dd744774f030a285564063c1c3350f6deb0f23eb8b04e18cbc32600d7e08ecc
SSDEEP

3072:j6dye4BmJQlphaZw/1vc45AzkSXmdRWaLHgb4:dlphaZcErmdRWaDgb4

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

78.153.149.103:4258

Targets

- Target
  
  f25934b9116049231880489714b6e607ad10cf80ec89185be9e05576653cd1b1.elf
- Size
  
  106KB
- MD5
  
  b41aa43a1f8d562b85891ff07e1f754a
- SHA1
  
  38e238fc28799ed173b337ba6369e4789df0d6d9
- SHA256
  
  f25934b9116049231880489714b6e607ad10cf80ec89185be9e05576653cd1b1
- SHA512
  
  fd7b2c8d32e86f369c78e98ff48e32ddde0d4d60815c819079a4027522d9890b1dd744774f030a285564063c1c3350f6deb0f23eb8b04e18cbc32600d7e08ecc
- SSDEEP
  
  3072:j6dye4BmJQlphaZw/1vc45AzkSXmdRWaLHgb4:dlphaZcErmdRWaDgb4
Score

6^/10
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1