gafgyt | fffb3e8ed151fcb149a90df25a9f5634845eb8faaa18ea214a47b5092eb2ea40 | Triage

Sharing

General

Target

fffb3e8ed151fcb149a90df25a9f5634845eb8faaa18ea214a47b5092eb2ea40.elf
Size

110KB
Sample

241114-dzhvhatgpq
MD5

90bdadbbd4ded70fff1855cacf413008
SHA1

2500c0d969f39385cb617fe8f5b1e36895556b54
SHA256

fffb3e8ed151fcb149a90df25a9f5634845eb8faaa18ea214a47b5092eb2ea40
SHA512

71cc303f927033eefed9de7365c6eb7f58246dc0cfbb526ff5e63114d42e0d037b7e9b42097cece54bf07aff80bd490fdd0df0ed873ad155dc04711afc1c6cd4
SSDEEP

3072:9lX2jKRi0ZDvCTpTv7DSubUmGVrQAXiUXouX:6j6ZUpTv7DImGVrQAXiUXouX

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.78.76.132:839

Targets

- Target
  
  fffb3e8ed151fcb149a90df25a9f5634845eb8faaa18ea214a47b5092eb2ea40.elf
- Size
  
  110KB
- MD5
  
  90bdadbbd4ded70fff1855cacf413008
- SHA1
  
  2500c0d969f39385cb617fe8f5b1e36895556b54
- SHA256
  
  fffb3e8ed151fcb149a90df25a9f5634845eb8faaa18ea214a47b5092eb2ea40
- SHA512
  
  71cc303f927033eefed9de7365c6eb7f58246dc0cfbb526ff5e63114d42e0d037b7e9b42097cece54bf07aff80bd490fdd0df0ed873ad155dc04711afc1c6cd4
- SSDEEP
  
  3072:9lX2jKRi0ZDvCTpTv7DSubUmGVrQAXiUXouX:6j6ZUpTv7DImGVrQAXiUXouX
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1