gafgyt | bfeb5a2b1f4fa27d6a6b39ff7ec95c7a43776c7375d4eb841451def07da3a69c | Triage

Sharing

General

Target

bfeb5a2b1f4fa27d6a6b39ff7ec95c7a43776c7375d4eb841451def07da3a69c.elf
Size

120KB
Sample

241022-b984bszemh
MD5

e759a024f5d50aa9e85b99655738a9f3
SHA1

a9580f0f57422e0e213300d04d9054b2765729ae
SHA256

bfeb5a2b1f4fa27d6a6b39ff7ec95c7a43776c7375d4eb841451def07da3a69c
SHA512

5b020179c877a33b9e4dc422d9920558299674429a36edf19e533b01730f2a707bf0457d08fb3147a2f03403aaa69dfbb26cd307d7f64843115ab275c75f136c
SSDEEP

3072:SNhAfn3U8UXULUwUbUJ1hYlHRRDsBOnRG5hgkEemJC0OzQaGyPZk:SMf3ts05gehYlxO4RG5hgEmJC0OzQaGN

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

159.100.14.37:6060

Targets

- Target
  
  bfeb5a2b1f4fa27d6a6b39ff7ec95c7a43776c7375d4eb841451def07da3a69c.elf
- Size
  
  120KB
- MD5
  
  e759a024f5d50aa9e85b99655738a9f3
- SHA1
  
  a9580f0f57422e0e213300d04d9054b2765729ae
- SHA256
  
  bfeb5a2b1f4fa27d6a6b39ff7ec95c7a43776c7375d4eb841451def07da3a69c
- SHA512
  
  5b020179c877a33b9e4dc422d9920558299674429a36edf19e533b01730f2a707bf0457d08fb3147a2f03403aaa69dfbb26cd307d7f64843115ab275c75f136c
- SSDEEP
  
  3072:SNhAfn3U8UXULUwUbUJ1hYlHRRDsBOnRG5hgkEemJC0OzQaGyPZk:SMf3ts05gehYlxO4RG5hgEmJC0OzQaGN
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1