gafgyt | baf321c3e5f72913f7e877b092e1ce56d26a00f610fab4ca5690ee1f30017420 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

na.elf
Size

167KB
Sample

241013-w4bwvs1dld
MD5

dac3eb579ee4dca5d51f0bb74d4a519c
SHA1

1c63b87e63f63edd047944349f71a1aa938043be
SHA256

baf321c3e5f72913f7e877b092e1ce56d26a00f610fab4ca5690ee1f30017420
SHA512

722ff540436c2afdc1c774e982c418daa7dfa2d72afec6e193e060f64fc845cc57e4c6069be1a451c7b5b30bcbc100f6eb2a4bee12d158b23107360c1b9a83b9
SSDEEP

3072:Bdy8WoZkeDGOvvlIAFZ3U5c0xkuQn3s5h1X7cKUmSQnNbGUBn:bZv9KBxkuQ3s5h1X7xUmSQnNbGUBn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.167:77

Targets

- Target
  
  na.elf
- Size
  
  167KB
- MD5
  
  dac3eb579ee4dca5d51f0bb74d4a519c
- SHA1
  
  1c63b87e63f63edd047944349f71a1aa938043be
- SHA256
  
  baf321c3e5f72913f7e877b092e1ce56d26a00f610fab4ca5690ee1f30017420
- SHA512
  
  722ff540436c2afdc1c774e982c418daa7dfa2d72afec6e193e060f64fc845cc57e4c6069be1a451c7b5b30bcbc100f6eb2a4bee12d158b23107360c1b9a83b9
- SSDEEP
  
  3072:Bdy8WoZkeDGOvvlIAFZ3U5c0xkuQn3s5h1X7cKUmSQnNbGUBn:bZv9KBxkuQ3s5h1X7xUmSQnNbGUBn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1