gafgyt | fb7fd2ad629ade161315ea04be9d47e94876316d6d1cdb430f40ef5da2683aea | Triage

Sharing

General

Target

fb7fd2ad629ade161315ea04be9d47e94876316d6d1cdb430f40ef5da2683aea.elf
Size

205KB
Sample

241019-c9pkcsvdpk
MD5

f59dfdc07c6118a80bc17a5ee22f73e9
SHA1

3cc0ba4ec22ec9bad32a17f3ebc2256c23a7439c
SHA256

fb7fd2ad629ade161315ea04be9d47e94876316d6d1cdb430f40ef5da2683aea
SHA512

ad151777e7a50e48b60f18adfe46c187af55e83e9fe15deb115d76175e14fd7281f3715f8ca7d651e6ebe7af4c182147ecc1208794fb0057724071177f6f467c
SSDEEP

6144:Fyoka9SMmxwi3IYvn5hPsu6PW4V7C6qm0wfB5RyAn:Fyoka9SMmxwzI5hPl63qm0mB5RyAn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

31.172.80.237:777

Targets

- Target
  
  fb7fd2ad629ade161315ea04be9d47e94876316d6d1cdb430f40ef5da2683aea.elf
- Size
  
  205KB
- MD5
  
  f59dfdc07c6118a80bc17a5ee22f73e9
- SHA1
  
  3cc0ba4ec22ec9bad32a17f3ebc2256c23a7439c
- SHA256
  
  fb7fd2ad629ade161315ea04be9d47e94876316d6d1cdb430f40ef5da2683aea
- SHA512
  
  ad151777e7a50e48b60f18adfe46c187af55e83e9fe15deb115d76175e14fd7281f3715f8ca7d651e6ebe7af4c182147ecc1208794fb0057724071177f6f467c
- SSDEEP
  
  6144:Fyoka9SMmxwi3IYvn5hPsu6PW4V7C6qm0wfB5RyAn:Fyoka9SMmxwzI5hPl63qm0mB5RyAn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1