gafgyt | 2980b6a62ba1a8212f3130fb1f5ed865cf70d7dbb9b25b7fbf67f1657804c78c | Triage

Sharing

General

Target

2980b6a62ba1a8212f3130fb1f5ed865cf70d7dbb9b25b7fbf67f1657804c78c.elf
Size

156KB
Sample

241110-cmtkssxcml
MD5

9bbf396201ee10b5854027d89ce0c5b0
SHA1

6a091a6e7c5457adcbe94de8137b65383d664cc5
SHA256

2980b6a62ba1a8212f3130fb1f5ed865cf70d7dbb9b25b7fbf67f1657804c78c
SHA512

a0475c660ce4e4c0842199e709e3af0761d25bfe039efc3acd4aec9581156c7f41afec590d1515d8c14bb321de2b3e18e45ff33482fdebaf72c3e26a3fb68817
SSDEEP

3072:T1g2/eINNlzx2kkQCMOaQcvBBYnyLRM/9q3tmFwfBxKQodn:hg2hNNlzIkk/MOa/vYnydM/9MmFwfBxE

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.232:12345

Targets

- Target
  
  2980b6a62ba1a8212f3130fb1f5ed865cf70d7dbb9b25b7fbf67f1657804c78c.elf
- Size
  
  156KB
- MD5
  
  9bbf396201ee10b5854027d89ce0c5b0
- SHA1
  
  6a091a6e7c5457adcbe94de8137b65383d664cc5
- SHA256
  
  2980b6a62ba1a8212f3130fb1f5ed865cf70d7dbb9b25b7fbf67f1657804c78c
- SHA512
  
  a0475c660ce4e4c0842199e709e3af0761d25bfe039efc3acd4aec9581156c7f41afec590d1515d8c14bb321de2b3e18e45ff33482fdebaf72c3e26a3fb68817
- SSDEEP
  
  3072:T1g2/eINNlzx2kkQCMOaQcvBBYnyLRM/9q3tmFwfBxKQodn:hg2hNNlzIkk/MOa/vYnydM/9MmFwfBxE
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1