gafgyt | 4aa707dd0c34e4cc45f1d9b3ae8e65cf79a75afdd2ad187530c57718521e4d48 | Triage

Sharing

General

Target

4aa707dd0c34e4cc45f1d9b3ae8e65cf79a75afdd2ad187530c57718521e4d48.elf
Size

141KB
Sample

241123-cvg7qs1rap
MD5

82312e0fd76477eedf7712408aac2d5c
SHA1

42170c28b4468340e77fa1cd50db2827fce379a7
SHA256

4aa707dd0c34e4cc45f1d9b3ae8e65cf79a75afdd2ad187530c57718521e4d48
SHA512

940664cdecad94e8085a5e48ae89441067e586b53403a56e451105644e251d2a44ec1f051ae03a7e9202ebd27a677a8489052a722b54a23d53ede860f2ded0cb
SSDEEP

3072:lBDH4L9VHGn7vs95h9DLHpVFm0/5ApYADn:lhHaWvs95h9Hp7m0/5ASADn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.212.148.212:4258

Targets

- Target
  
  4aa707dd0c34e4cc45f1d9b3ae8e65cf79a75afdd2ad187530c57718521e4d48.elf
- Size
  
  141KB
- MD5
  
  82312e0fd76477eedf7712408aac2d5c
- SHA1
  
  42170c28b4468340e77fa1cd50db2827fce379a7
- SHA256
  
  4aa707dd0c34e4cc45f1d9b3ae8e65cf79a75afdd2ad187530c57718521e4d48
- SHA512
  
  940664cdecad94e8085a5e48ae89441067e586b53403a56e451105644e251d2a44ec1f051ae03a7e9202ebd27a677a8489052a722b54a23d53ede860f2ded0cb
- SSDEEP
  
  3072:lBDH4L9VHGn7vs95h9DLHpVFm0/5ApYADn:lhHaWvs95h9Hp7m0/5ASADn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1