gafgyt | ade59a49f2512e8acb3bc21e00ae64f98fb335ae74f1cbe6a4e25fb84dc9cac4 | Triage

Sharing

General

Target

ade59a49f2512e8acb3bc21e00ae64f98fb335ae74f1cbe6a4e25fb84dc9cac4.elf
Size

124KB
Sample

241114-dfjmpasqct
MD5

977b6bed4d30d21b9e9e9dc193fc782f
SHA1

596394c83e2c73db41351cccdc856b3eeb173456
SHA256

ade59a49f2512e8acb3bc21e00ae64f98fb335ae74f1cbe6a4e25fb84dc9cac4
SHA512

07e5f8dde2f22c298bd9cc038094e39c343204ae0ec2751b0f4a6078f5bcf92af32ebd014833718cf72a862701a4f119ae839880397e96202a555cad691b3b7e
SSDEEP

3072:KdB2qwap6KVXPi4jv8x+xMDkmDhZmTQOIsXAqE:aRwap6Kt6+xMDHZmTQOICAqE

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.78.76.132:839

Targets

- Target
  
  ade59a49f2512e8acb3bc21e00ae64f98fb335ae74f1cbe6a4e25fb84dc9cac4.elf
- Size
  
  124KB
- MD5
  
  977b6bed4d30d21b9e9e9dc193fc782f
- SHA1
  
  596394c83e2c73db41351cccdc856b3eeb173456
- SHA256
  
  ade59a49f2512e8acb3bc21e00ae64f98fb335ae74f1cbe6a4e25fb84dc9cac4
- SHA512
  
  07e5f8dde2f22c298bd9cc038094e39c343204ae0ec2751b0f4a6078f5bcf92af32ebd014833718cf72a862701a4f119ae839880397e96202a555cad691b3b7e
- SSDEEP
  
  3072:KdB2qwap6KVXPi4jv8x+xMDkmDhZmTQOIsXAqE:aRwap6Kt6+xMDHZmTQOICAqE
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1