gafgyt | 7e2c13a81a1dd08b19118e6cce6539a1515ee4343814ec1a222b9052141ae645 | Triage

Sharing

General

Target

7e2c13a81a1dd08b19118e6cce6539a1515ee4343814ec1a222b9052141ae645.elf
Size

135KB
Sample

241110-c4sd3axfmq
MD5

7dc50ff36916e43f873eecfd45f21d21
SHA1

9b73974ecab4aedb14084512232f065195f6e606
SHA256

7e2c13a81a1dd08b19118e6cce6539a1515ee4343814ec1a222b9052141ae645
SHA512

c76983132989fc55e4d6cb8272a93a55537c7a99d54028836894e6384550597806fe954036818a909313209a4e237e5fc438437e801888b95e2ea44a6fad51ed
SSDEEP

3072:rVMhE/UUDUiUTUWUDUdc3PMwfhqc+TWxE4XPA5hbkdmJswdytNr9:rV/UQrWJ6Kc/Mwf2T4E4Xo5hbkdmJswE

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

31.172.80.237:706

Targets

- Target
  
  7e2c13a81a1dd08b19118e6cce6539a1515ee4343814ec1a222b9052141ae645.elf
- Size
  
  135KB
- MD5
  
  7dc50ff36916e43f873eecfd45f21d21
- SHA1
  
  9b73974ecab4aedb14084512232f065195f6e606
- SHA256
  
  7e2c13a81a1dd08b19118e6cce6539a1515ee4343814ec1a222b9052141ae645
- SHA512
  
  c76983132989fc55e4d6cb8272a93a55537c7a99d54028836894e6384550597806fe954036818a909313209a4e237e5fc438437e801888b95e2ea44a6fad51ed
- SSDEEP
  
  3072:rVMhE/UUDUiUTUWUDUdc3PMwfhqc+TWxE4XPA5hbkdmJswdytNr9:rV/UQrWJ6Kc/Mwf2T4E4Xo5hbkdmJswE
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1