gafgyt | aa0394340331b8f37a2f31e55358a96c2c658c145fcd0fa85ec47b37297ed6b8 | Triage

Sharing

General

Target

rebirth.i686
Size

85KB
Sample

241018-zmj3pazbmj
MD5

2407ffaf452e8919a7a4a7ac4255e5bf
SHA1

19c0af29cadd170ec4bd252e6fd25bcdab93cd88
SHA256

aa0394340331b8f37a2f31e55358a96c2c658c145fcd0fa85ec47b37297ed6b8
SHA512

674bc026c16e0fe84f3fa7ce1591ff5374535e2b9108f31a7f25885da7018a1ecc6a9ed0b8b3b826dc327b68461414c1b7453ebe81d8f94d3175d121ac8b295e
SSDEEP

1536:13ovA5aSOzS5EERf1SmycEwf5v4MLpi3F6+m5CsNFPVYLf0:JwA5aS7mU9SncxxgMUF7mwsN1VYLf0

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

23.160.193.184:666

Targets

- Target
  
  rebirth.i686
- Size
  
  85KB
- MD5
  
  2407ffaf452e8919a7a4a7ac4255e5bf
- SHA1
  
  19c0af29cadd170ec4bd252e6fd25bcdab93cd88
- SHA256
  
  aa0394340331b8f37a2f31e55358a96c2c658c145fcd0fa85ec47b37297ed6b8
- SHA512
  
  674bc026c16e0fe84f3fa7ce1591ff5374535e2b9108f31a7f25885da7018a1ecc6a9ed0b8b3b826dc327b68461414c1b7453ebe81d8f94d3175d121ac8b295e
- SSDEEP
  
  1536:13ovA5aSOzS5EERf1SmycEwf5v4MLpi3F6+m5CsNFPVYLf0:JwA5aS7mU9SncxxgMUF7mwsN1VYLf0
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1