gafgyt | a05f4d4987199b0208f6ed8f67ce464a362570f7d765bfc072b6f61ff8722b1d | Triage

Sharing

General

Target

a05f4d4987199b0208f6ed8f67ce464a362570f7d765bfc072b6f61ff8722b1d.elf
Size

204KB
Sample

241022-b6dg9azbqe
MD5

6bc84ddf319d3c9b97222b3a347b07cc
SHA1

f2b219a8282db397b26015429719c2aaa9a52a21
SHA256

a05f4d4987199b0208f6ed8f67ce464a362570f7d765bfc072b6f61ff8722b1d
SHA512

ebdd1de6e7144cfb39acf9fbddfbe14e5b1b12396cfdf69e7bf9e1a0ba69b5c9b7b59c2afe7abab499cb4632adbb1f9fe89be716d30aa70f200783e8b6f0dbc9
SSDEEP

6144:FZzyacCwXJ4DbpW0vv5hbL6+uM/9Ocgym0wfB5RyAn:FZzyacCwXJ4gE5hbvf/dgym0mB5RyAn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

159.100.14.37:6060

Targets

- Target
  
  a05f4d4987199b0208f6ed8f67ce464a362570f7d765bfc072b6f61ff8722b1d.elf
- Size
  
  204KB
- MD5
  
  6bc84ddf319d3c9b97222b3a347b07cc
- SHA1
  
  f2b219a8282db397b26015429719c2aaa9a52a21
- SHA256
  
  a05f4d4987199b0208f6ed8f67ce464a362570f7d765bfc072b6f61ff8722b1d
- SHA512
  
  ebdd1de6e7144cfb39acf9fbddfbe14e5b1b12396cfdf69e7bf9e1a0ba69b5c9b7b59c2afe7abab499cb4632adbb1f9fe89be716d30aa70f200783e8b6f0dbc9
- SSDEEP
  
  6144:FZzyacCwXJ4DbpW0vv5hbL6+uM/9Ocgym0wfB5RyAn:FZzyacCwXJ4gE5hbvf/dgym0mB5RyAn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1