gafgyt | 315d24584e74088b5d651e260d75e871d99c5507ff693ab3a22fb99fd0d3e50e | Triage

Sharing

General

Target

315d24584e74088b5d651e260d75e871d99c5507ff693ab3a22fb99fd0d3e50e.elf
Size

124KB
Sample

241114-cq3ymssmcx
MD5

5e47686bec1c0c11ff3352d66552edf1
SHA1

ef7c26f1a0562f915fed9d5a15bf0c0093039402
SHA256

315d24584e74088b5d651e260d75e871d99c5507ff693ab3a22fb99fd0d3e50e
SHA512

bf0de9c121793b4c9267b8cb7ea7fddfa9568e78f247146eac868b22f1e0371728536905a883d00d5e84f890207a9e7cdecdd500f6b3537fd662d1f46cf8fc16
SSDEEP

3072:odiqauNU2VS2BZQdpApDdy/wG6kiA5+ZmTQOIsXAqE:0iqauNU2EpApDsZ+ZmTQOICAqE

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.78.76.132:839

Targets

- Target
  
  315d24584e74088b5d651e260d75e871d99c5507ff693ab3a22fb99fd0d3e50e.elf
- Size
  
  124KB
- MD5
  
  5e47686bec1c0c11ff3352d66552edf1
- SHA1
  
  ef7c26f1a0562f915fed9d5a15bf0c0093039402
- SHA256
  
  315d24584e74088b5d651e260d75e871d99c5507ff693ab3a22fb99fd0d3e50e
- SHA512
  
  bf0de9c121793b4c9267b8cb7ea7fddfa9568e78f247146eac868b22f1e0371728536905a883d00d5e84f890207a9e7cdecdd500f6b3537fd662d1f46cf8fc16
- SSDEEP
  
  3072:odiqauNU2VS2BZQdpApDdy/wG6kiA5+ZmTQOIsXAqE:0iqauNU2EpApDsZ+ZmTQOICAqE
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1