gafgyt | 950aa8ade3e30e743acf4bca984b407359ae5bd46b192ea1d9cec5ff3eecde1b | Triage

Sharing

General

Target

x-3.2-.Logicnet.elf
Size

83KB
Sample

241122-wzweps1phk
MD5

d37377ac1765ee15a893b12a136cc4a8
SHA1

16a3ac56825540e4a39277911a71d8ce1117faca
SHA256

950aa8ade3e30e743acf4bca984b407359ae5bd46b192ea1d9cec5ff3eecde1b
SHA512

4da4d7a378ef7f9d4dea6faf4bd0a1e780a348fab149c260852db71501e898540afdcbecf558b611358260b9871d6192b7699c06ab33d170c5ca1c97d0d8db27
SSDEEP

1536:W35b9Vc4N3J6lreu5r4hWj8LnwcEvDmF+wVOz+sXcfW7k:Ab9Vc4JJ6liuq0YLwvDmEwVOz+ucfW7k

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

188.245.84.178:1865

Targets

- Target
  
  x-3.2-.Logicnet.elf
- Size
  
  83KB
- MD5
  
  d37377ac1765ee15a893b12a136cc4a8
- SHA1
  
  16a3ac56825540e4a39277911a71d8ce1117faca
- SHA256
  
  950aa8ade3e30e743acf4bca984b407359ae5bd46b192ea1d9cec5ff3eecde1b
- SHA512
  
  4da4d7a378ef7f9d4dea6faf4bd0a1e780a348fab149c260852db71501e898540afdcbecf558b611358260b9871d6192b7699c06ab33d170c5ca1c97d0d8db27
- SSDEEP
  
  1536:W35b9Vc4N3J6lreu5r4hWj8LnwcEvDmF+wVOz+sXcfW7k:Ab9Vc4JJ6liuq0YLwvDmEwVOz+ucfW7k
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1