gafgyt | 6dba065ad1b95ca96e5f8be6007c9e9a903a9d5124c9de28212a3e8a5d89be27 | Triage

Sharing

General

Target

i686.elf
Size

124KB
Sample

241021-pmspqavhqm
MD5

70dbfbc061b7aff5d05edbd602cca932
SHA1

bff33a8de5269771ba0964f19af29d86c89574fb
SHA256

6dba065ad1b95ca96e5f8be6007c9e9a903a9d5124c9de28212a3e8a5d89be27
SHA512

574fb09328aa819b65f49675d4d5c90e1940d8f56d6529cd3f0b292837f466584a01c298a1f3b972f3448955374cdd5481c1009d53894cb569b17eff1a635462
SSDEEP

3072:EWpbc37+Qp2nrkGJc/D5h1Y7rCmJC0OzQaGyPZk:E9Lyc/D5h1XmJC0OzQaGyPZk

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

159.100.14.37:6060

Targets

- Target
  
  i686.elf
- Size
  
  124KB
- MD5
  
  70dbfbc061b7aff5d05edbd602cca932
- SHA1
  
  bff33a8de5269771ba0964f19af29d86c89574fb
- SHA256
  
  6dba065ad1b95ca96e5f8be6007c9e9a903a9d5124c9de28212a3e8a5d89be27
- SHA512
  
  574fb09328aa819b65f49675d4d5c90e1940d8f56d6529cd3f0b292837f466584a01c298a1f3b972f3448955374cdd5481c1009d53894cb569b17eff1a635462
- SSDEEP
  
  3072:EWpbc37+Qp2nrkGJc/D5h1Y7rCmJC0OzQaGyPZk:E9Lyc/D5h1XmJC0OzQaGyPZk
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1