gafgyt | 0ed7c92c832c1a9ac93891b4199a6dd8dc8f73edb60c75759349ff1d362e02b6 | Triage

Sharing

General

Target

0ed7c92c832c1a9ac93891b4199a6dd8dc8f73edb60c75759349ff1d362e02b6.elf
Size

143KB
Sample

241112-cg9d3avpbl
MD5

3d5b895c49817db7dfad1574226dcc31
SHA1

a86f02c6ffd51a5ec540a80d51358012ce0d1fde
SHA256

0ed7c92c832c1a9ac93891b4199a6dd8dc8f73edb60c75759349ff1d362e02b6
SHA512

c1ceffda5d67393f31ebe9d330b2fd6811b20a36b1c8d7bac6a9bb4e338ccd8e3b10a122c08226ef1e6318e899bb1f402f8aad63d9b2bad28672c044b67d4c24
SSDEEP

3072:OhRHih54YD1pMwNvaRt4JoI8B4wetJ8add9QzhsaG6xVDxagZ+TtX4TtQ6W8GoQq:QBt4JJ04wetJ8addQvG6VctX4TtQ6Wvq

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.201:23

Targets

- Target
  
  0ed7c92c832c1a9ac93891b4199a6dd8dc8f73edb60c75759349ff1d362e02b6.elf
- Size
  
  143KB
- MD5
  
  3d5b895c49817db7dfad1574226dcc31
- SHA1
  
  a86f02c6ffd51a5ec540a80d51358012ce0d1fde
- SHA256
  
  0ed7c92c832c1a9ac93891b4199a6dd8dc8f73edb60c75759349ff1d362e02b6
- SHA512
  
  c1ceffda5d67393f31ebe9d330b2fd6811b20a36b1c8d7bac6a9bb4e338ccd8e3b10a122c08226ef1e6318e899bb1f402f8aad63d9b2bad28672c044b67d4c24
- SSDEEP
  
  3072:OhRHih54YD1pMwNvaRt4JoI8B4wetJ8add9QzhsaG6xVDxagZ+TtX4TtQ6W8GoQq:QBt4JJ04wetJ8addQvG6VctX4TtQ6Wvq
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1