gafgyt | f0b67349f5498e4638cba38fb3a0b2ebf3c951a6de893dd98d107e012e423f5e | Triage

Sharing

General

Target

x-8.6-.ISIS.elf
Size

97KB
Sample

241113-x28cqayanq
MD5

0c1626ed314f5a565543c4b176ba55ea
SHA1

e03ff1bd6921fd3b6785ed3635aa903a5cc60c68
SHA256

f0b67349f5498e4638cba38fb3a0b2ebf3c951a6de893dd98d107e012e423f5e
SHA512

63db2a24cf691de732a5627717927f053892f05d5b78373a8fd5e28eb6375e30b0c68743eb36f8400e68c540f5d91b3a7fa1987c4bd448ea7899ebef10077dd5
SSDEEP

3072:2K5ejA4jBzR89HOPQzM9FqVy1wi9vmrYuOHy+ZNzX:sHjB0uPQQv/9vmrYuOHy+ZNzX

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

185.78.76.132:839

Targets

- Target
  
  x-8.6-.ISIS.elf
- Size
  
  97KB
- MD5
  
  0c1626ed314f5a565543c4b176ba55ea
- SHA1
  
  e03ff1bd6921fd3b6785ed3635aa903a5cc60c68
- SHA256
  
  f0b67349f5498e4638cba38fb3a0b2ebf3c951a6de893dd98d107e012e423f5e
- SHA512
  
  63db2a24cf691de732a5627717927f053892f05d5b78373a8fd5e28eb6375e30b0c68743eb36f8400e68c540f5d91b3a7fa1987c4bd448ea7899ebef10077dd5
- SSDEEP
  
  3072:2K5ejA4jBzR89HOPQzM9FqVy1wi9vmrYuOHy+ZNzX:sHjB0uPQQv/9vmrYuOHy+ZNzX
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1