gafgyt | d6ec2fde9872ae4f4d4d6c3541a8a10a17866f803e3873de33c9ff1a288112a6 | Triage

Sharing

General

Target

d6ec2fde9872ae4f4d4d6c3541a8a10a17866f803e3873de33c9ff1a288112a6.elf
Size

209KB
Sample

241110-dkn3za1mhm
MD5

1279930d7f81b0d4e8314e471feab79e
SHA1

0c6668096fcdf644d2abd9a4e0b0cca402e822b6
SHA256

d6ec2fde9872ae4f4d4d6c3541a8a10a17866f803e3873de33c9ff1a288112a6
SHA512

12eb17072dd968689f5af608cbd0b3c0b21dd278179f18a5d966d32b1cde3218ed2147e2679dcd18605439aa8a48c9628795fa88f2153911cef123e490db4d8a
SSDEEP

3072:RyPYQNMw0dvx3KNvaqS2Xfa8fUh55gkAgrZT8rTakEzsIX3ZLe5hUkcH97UomrpD:05SVnZLe5hUHmrpy6n9Nn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

31.172.80.237:706

Targets

- Target
  
  d6ec2fde9872ae4f4d4d6c3541a8a10a17866f803e3873de33c9ff1a288112a6.elf
- Size
  
  209KB
- MD5
  
  1279930d7f81b0d4e8314e471feab79e
- SHA1
  
  0c6668096fcdf644d2abd9a4e0b0cca402e822b6
- SHA256
  
  d6ec2fde9872ae4f4d4d6c3541a8a10a17866f803e3873de33c9ff1a288112a6
- SHA512
  
  12eb17072dd968689f5af608cbd0b3c0b21dd278179f18a5d966d32b1cde3218ed2147e2679dcd18605439aa8a48c9628795fa88f2153911cef123e490db4d8a
- SSDEEP
  
  3072:RyPYQNMw0dvx3KNvaqS2Xfa8fUh55gkAgrZT8rTakEzsIX3ZLe5hUkcH97UomrpD:05SVnZLe5hUHmrpy6n9Nn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1