gafgyt | 3ded16aac8577802f58a1e7caeaaac08de86b990e91257c6c6b3b3078a8b46a8 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

342019476b19c25923cb5da31f04f868.bin
Size

57KB
Sample

241015-bhck2szdkj
MD5

c784827d8f2ab2d65b62937420fbf85a
SHA1

76424b1ac369183823bae417df220316d14632a5
SHA256

3ded16aac8577802f58a1e7caeaaac08de86b990e91257c6c6b3b3078a8b46a8
SHA512

3badd166822df146d49bd24903cf3963c9e2938c4048f21ef16376695a4af57735ba6f1c19fa3f4d0245d47a21a5c580834a221cf7e2e85d7cde1c873d87db5f
SSDEEP

768:Crz/7EIV12gDZLZa4qQVbeBigq9i80sJOeleyCVW7WnImbBsuM0lt6HGTrdQCRJC:Kz/xGgFAaZeIBBYele5pYawGXdQjv

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.167:77

Targets

- Target
  
  280f5b74312b44b8c49f000ff3f8f5eecefa9d4ee52640e40294f3535773a6f5.elf
- Size
  
  139KB
- MD5
  
  342019476b19c25923cb5da31f04f868
- SHA1
  
  7913e068e853e07947e33ae963d2b102f5b3a07f
- SHA256
  
  280f5b74312b44b8c49f000ff3f8f5eecefa9d4ee52640e40294f3535773a6f5
- SHA512
  
  6969a2c7412c3370e9c0160e1c5f6fae3ab0ca81665c2c054fdbd5a3ca0e7d50f9ee88760684a92ef14ddfe2c69d7f05314e91ecc12052394a699990297d2c50
- SSDEEP
  
  3072:yclx0/BSAMipV3SwwaY5zjv5h6Naqb0mJswdytNr9:y3tD3wjv5hv7mJswdytNr9
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1