gafgyt | 927f671d4d3015a3483506301ae84de6d9d612c2a814ca3bcf25ad08faaa7d58 | Triage

Sharing

General

Target

927f671d4d3015a3483506301ae84de6d9d612c2a814ca3bcf25ad08faaa7d58.elf
Size

155KB
Sample

241018-cnccxa1bkc
MD5

a737079d1105de76ba6d3fa7bfd52d0d
SHA1

c2b496031a229044b0492b01425208e35f4d9156
SHA256

927f671d4d3015a3483506301ae84de6d9d612c2a814ca3bcf25ad08faaa7d58
SHA512

7a44ed95b7409c7c93e04da213da6655d546ea763a477dec1e4e3a1bb4de4bfba832ec440bc477ee71fa20278b16133ea211ea0528319156da6f87c793c715f2
SSDEEP

3072:a8L2FlZkCzC2TCX5hGhfFphahpCn38n9VAlZn31mBT38dAY4:Mr1Fphabkm6lmBT38dAY4

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

87.120.112.102:876

Targets

- Target
  
  927f671d4d3015a3483506301ae84de6d9d612c2a814ca3bcf25ad08faaa7d58.elf
- Size
  
  155KB
- MD5
  
  a737079d1105de76ba6d3fa7bfd52d0d
- SHA1
  
  c2b496031a229044b0492b01425208e35f4d9156
- SHA256
  
  927f671d4d3015a3483506301ae84de6d9d612c2a814ca3bcf25ad08faaa7d58
- SHA512
  
  7a44ed95b7409c7c93e04da213da6655d546ea763a477dec1e4e3a1bb4de4bfba832ec440bc477ee71fa20278b16133ea211ea0528319156da6f87c793c715f2
- SSDEEP
  
  3072:a8L2FlZkCzC2TCX5hGhfFphahpCn38n9VAlZn31mBT38dAY4:Mr1Fphabkm6lmBT38dAY4
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1