gafgyt | 19d01e944b91478df283f68b18f87c0a2366db50a60c861083ea24e05db698df | Triage

Sharing

General

Target

wget.elf
Size

122KB
Sample

241111-r73frszhlq
MD5

2929269020e09c372861ea718c97781e
SHA1

9850ee12342a57c760957892609c6c42f3acf3ed
SHA256

19d01e944b91478df283f68b18f87c0a2366db50a60c861083ea24e05db698df
SHA512

1a667987a534ce682a80ff456ae0adf2418418eed323c974d2021dffce8df51942af1037f1780056fb6b332929934046f0b3953ae0585b914796bc611bb31bf4
SSDEEP

3072:lRjQpirsWaYsQp6+i8betJ8add9QzTsNuKZzLg4NKcXeGcgqGK:lRMQo+i8betJ8addQouKdLg4NKcXdcgi

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.201:23

Targets

- Target
  
  wget.elf
- Size
  
  122KB
- MD5
  
  2929269020e09c372861ea718c97781e
- SHA1
  
  9850ee12342a57c760957892609c6c42f3acf3ed
- SHA256
  
  19d01e944b91478df283f68b18f87c0a2366db50a60c861083ea24e05db698df
- SHA512
  
  1a667987a534ce682a80ff456ae0adf2418418eed323c974d2021dffce8df51942af1037f1780056fb6b332929934046f0b3953ae0585b914796bc611bb31bf4
- SSDEEP
  
  3072:lRjQpirsWaYsQp6+i8betJ8add9QzTsNuKZzLg4NKcXeGcgqGK:lRMQo+i8betJ8addQouKdLg4NKcXdcgi
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1