gafgyt | 4ce610b168c2a6ab098346b42b562a52914a96eedeff5374a557e2dacefbd6e5 | Triage

Sharing

General

Target

4ce610b168c2a6ab098346b42b562a52914a96eedeff5374a557e2dacefbd6e5.elf
Size

118KB
Sample

241110-cvbd7axflh
MD5

d62722670da8114c69286ab5037e7f00
SHA1

5af1b1a255b75ad4ce8c46a36082c09062c171cf
SHA256

4ce610b168c2a6ab098346b42b562a52914a96eedeff5374a557e2dacefbd6e5
SHA512

837ad93872d4a20fbc2c19a28571c8f80acf9cce5944a8c321b31c3c55299c477019c92764c64530d171b367b6d603d96382c6c13a188ab42806bacf28fa488e
SSDEEP

3072:ekYPUfsgnsb0J2ag/VfmkDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0mkDy+mTQOY5R3cn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.232:12345

Targets

- Target
  
  4ce610b168c2a6ab098346b42b562a52914a96eedeff5374a557e2dacefbd6e5.elf
- Size
  
  118KB
- MD5
  
  d62722670da8114c69286ab5037e7f00
- SHA1
  
  5af1b1a255b75ad4ce8c46a36082c09062c171cf
- SHA256
  
  4ce610b168c2a6ab098346b42b562a52914a96eedeff5374a557e2dacefbd6e5
- SHA512
  
  837ad93872d4a20fbc2c19a28571c8f80acf9cce5944a8c321b31c3c55299c477019c92764c64530d171b367b6d603d96382c6c13a188ab42806bacf28fa488e
- SSDEEP
  
  3072:ekYPUfsgnsb0J2ag/VfmkDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0mkDy+mTQOY5R3cn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1