gafgyt | 4e63f30267c05f659b9f1bf4ce62b4fff371af1a57e8b7154fbd8340d37cb420 | Triage

Sharing

General

Target

4e63f30267c05f659b9f1bf4ce62b4fff371af1a57e8b7154fbd8340d37cb420.elf
Size

194KB
Sample

241118-yc91patlc1
MD5

631c3af95160cc7e976e07da141d24c8
SHA1

95bfa1ffbee97b72d9fe0bb587b9c0efa30c3b71
SHA256

4e63f30267c05f659b9f1bf4ce62b4fff371af1a57e8b7154fbd8340d37cb420
SHA512

b8697c81f49979418fd7c5939028c28167b7697f3cc72766184feacad02dc46ce3a7b988944aabb12e48a4397293265b928531c86fa04a82a7f6b28e5a22c4e8
SSDEEP

6144:aor4gNe4uaLC3deLSAzN5hQb7yzM/9N03gmCwMvfVT4n:aor7ZuaLC3de1x5hQCQ/tmC5vfVT4n

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

176.123.1.32:4444

Targets

- Target
  
  4e63f30267c05f659b9f1bf4ce62b4fff371af1a57e8b7154fbd8340d37cb420.elf
- Size
  
  194KB
- MD5
  
  631c3af95160cc7e976e07da141d24c8
- SHA1
  
  95bfa1ffbee97b72d9fe0bb587b9c0efa30c3b71
- SHA256
  
  4e63f30267c05f659b9f1bf4ce62b4fff371af1a57e8b7154fbd8340d37cb420
- SHA512
  
  b8697c81f49979418fd7c5939028c28167b7697f3cc72766184feacad02dc46ce3a7b988944aabb12e48a4397293265b928531c86fa04a82a7f6b28e5a22c4e8
- SSDEEP
  
  6144:aor4gNe4uaLC3deLSAzN5hQb7yzM/9N03gmCwMvfVT4n:aor7ZuaLC3de1x5hQCQ/tmC5vfVT4n
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1