gafgyt | 7cf19e34eb148e9948c1ff732724e844ef06fa7e94b6b6f53356da0911f40a37 | Triage

Sharing

General

Target

7cf19e34eb148e9948c1ff732724e844ef06fa7e94b6b6f53356da0911f40a37.elf
Size

102KB
Sample

241114-c7b69axjcp
MD5

20e994693975f946d730733026aa9433
SHA1

0c0dc52db40a66a50dec9c94e3abb30cd3ed312c
SHA256

7cf19e34eb148e9948c1ff732724e844ef06fa7e94b6b6f53356da0911f40a37
SHA512

5cbd596ff002a1cbfbbfccb98df8f4834075fa4570cac56cf637a2774ce5189983c7cd187a9e22a7e396fc9a0d201c8cb0c311856f9420b17a60400d292a9847
SSDEEP

3072:pCi6VirwbYRTLL87rutAmpEqQ45vVXY0X:InbcPL87JmpEqQ45vVXY0X

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.78.76.132:839

Targets

- Target
  
  7cf19e34eb148e9948c1ff732724e844ef06fa7e94b6b6f53356da0911f40a37.elf
- Size
  
  102KB
- MD5
  
  20e994693975f946d730733026aa9433
- SHA1
  
  0c0dc52db40a66a50dec9c94e3abb30cd3ed312c
- SHA256
  
  7cf19e34eb148e9948c1ff732724e844ef06fa7e94b6b6f53356da0911f40a37
- SHA512
  
  5cbd596ff002a1cbfbbfccb98df8f4834075fa4570cac56cf637a2774ce5189983c7cd187a9e22a7e396fc9a0d201c8cb0c311856f9420b17a60400d292a9847
- SSDEEP
  
  3072:pCi6VirwbYRTLL87rutAmpEqQ45vVXY0X:InbcPL87JmpEqQ45vVXY0X
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1