gafgyt | 228656f2137b314bba6e8dc4b0ed34790022b4c4470a3be2b0bd4fe9a3ec7b56 | Triage

Sharing

General

Target

228656f2137b314bba6e8dc4b0ed34790022b4c4470a3be2b0bd4fe9a3ec7b56.elf
Size

161KB
Sample

241114-cmxmfstamf
MD5

a3f23ff0b67c0cb7962b77070cf30dfd
SHA1

ba2d8bbfc08f4b618f488be440e173ea7119a84b
SHA256

228656f2137b314bba6e8dc4b0ed34790022b4c4470a3be2b0bd4fe9a3ec7b56
SHA512

f745db5bb2501462b8788a2000215f76460a4e3cc7fc144398eaaa64b37629a5fe0fb86aab6f7a3003c2d7849bb6165acf298593bb3a587c37f386c402ee0052
SSDEEP

3072:AdkbJBagqhj7yLWcugMcrSlLnpQEM/9q4MCmpwfFRQfVE:MkNBagqhjWLycrQLnpzM/95MCmpwfFau

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.78.76.132:839

Targets

- Target
  
  228656f2137b314bba6e8dc4b0ed34790022b4c4470a3be2b0bd4fe9a3ec7b56.elf
- Size
  
  161KB
- MD5
  
  a3f23ff0b67c0cb7962b77070cf30dfd
- SHA1
  
  ba2d8bbfc08f4b618f488be440e173ea7119a84b
- SHA256
  
  228656f2137b314bba6e8dc4b0ed34790022b4c4470a3be2b0bd4fe9a3ec7b56
- SHA512
  
  f745db5bb2501462b8788a2000215f76460a4e3cc7fc144398eaaa64b37629a5fe0fb86aab6f7a3003c2d7849bb6165acf298593bb3a587c37f386c402ee0052
- SSDEEP
  
  3072:AdkbJBagqhj7yLWcugMcrSlLnpQEM/9q4MCmpwfFRQfVE:MkNBagqhjWLycrQLnpzM/95MCmpwfFau
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1