gafgyt | 5ea7c3c5d2b9ff8eac785f6aee45c4618227ef57ad05ad3326c22ed02cb8ffce | Triage

Sharing

General

Target

tyo2831qq.x32.elf
Size

139KB
Sample

241109-erecsaxdrk
MD5

fd721aaca41f4443aca82c6682ea561b
SHA1

a237acc4f36ef85e16d69182cc58cdcc9b180d8f
SHA256

5ea7c3c5d2b9ff8eac785f6aee45c4618227ef57ad05ad3326c22ed02cb8ffce
SHA512

f3b0ae31ffb9e7139aae94b2928785b9e76a7c5fc603240bc6fd1abfe8b4131c7f1f0a53c38b6f2e7fc1d12244d33e8d23ff6f86e4f9452c602c3aff7900440d
SSDEEP

3072:aJFLY5K5P9Gx4wSA8YAg7On5hTEZmJswdytNr9:aN0bbOn5hTEZmJswdytNr9

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

31.172.80.237:706

Targets

- Target
  
  tyo2831qq.x32.elf
- Size
  
  139KB
- MD5
  
  fd721aaca41f4443aca82c6682ea561b
- SHA1
  
  a237acc4f36ef85e16d69182cc58cdcc9b180d8f
- SHA256
  
  5ea7c3c5d2b9ff8eac785f6aee45c4618227ef57ad05ad3326c22ed02cb8ffce
- SHA512
  
  f3b0ae31ffb9e7139aae94b2928785b9e76a7c5fc603240bc6fd1abfe8b4131c7f1f0a53c38b6f2e7fc1d12244d33e8d23ff6f86e4f9452c602c3aff7900440d
- SSDEEP
  
  3072:aJFLY5K5P9Gx4wSA8YAg7On5hTEZmJswdytNr9:aN0bbOn5hTEZmJswdytNr9
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1