gafgyt | 8e4b3d0b1a87e6d495a4005f59a11f9dc709fbb66b0ee71c6bf5bfaeeb2d54e8 | Triage

Sharing

General

Target

8e4b3d0b1a87e6d495a4005f59a11f9dc709fbb66b0ee71c6bf5bfaeeb2d54e8.elf
Size

183KB
Sample

241022-b21f8a1epp
MD5

b0b96fa28f077b78955b133f3fd34098
SHA1

258334880651e341eef0157d285741fe71d9becc
SHA256

8e4b3d0b1a87e6d495a4005f59a11f9dc709fbb66b0ee71c6bf5bfaeeb2d54e8
SHA512

b6e9b46a50618808cb860fb2b72c2b2893827b890afdbc72377b28ccc508f1c68d058909ee0bb87646a87f9cd6656ee8831a58ad773d0203a17da8a4a98a118f
SSDEEP

3072:aaF7XSy6Cv9RDo5hCs1ZQhmv8uqx1BVnKoe:aICGVFo5hCZhmv8uqx1BVnKoe

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

159.100.14.37:6060

Targets

- Target
  
  8e4b3d0b1a87e6d495a4005f59a11f9dc709fbb66b0ee71c6bf5bfaeeb2d54e8.elf
- Size
  
  183KB
- MD5
  
  b0b96fa28f077b78955b133f3fd34098
- SHA1
  
  258334880651e341eef0157d285741fe71d9becc
- SHA256
  
  8e4b3d0b1a87e6d495a4005f59a11f9dc709fbb66b0ee71c6bf5bfaeeb2d54e8
- SHA512
  
  b6e9b46a50618808cb860fb2b72c2b2893827b890afdbc72377b28ccc508f1c68d058909ee0bb87646a87f9cd6656ee8831a58ad773d0203a17da8a4a98a118f
- SSDEEP
  
  3072:aaF7XSy6Cv9RDo5hCs1ZQhmv8uqx1BVnKoe:aICGVFo5hCZhmv8uqx1BVnKoe
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1