gafgyt | f7c645540b7919ca9d3c869085d0a1abaa002341619bc1b8003c657e88b96bb4 | Triage

Sharing

General

Target

d37377ac1765ee15a893b12a136cc4a8.bin
Size

38KB
Sample

241124-b62vvaxpdw
MD5

455812f23fab2806a0b8d25fbda51f8d
SHA1

fc2c44fb59e1509155320f0d955ff765b72923fd
SHA256

f7c645540b7919ca9d3c869085d0a1abaa002341619bc1b8003c657e88b96bb4
SHA512

f1cb1f358e2214d985cff089ba7597664b18b946aa62b639482165c1d247e59234669472bc12725eec267573bdc25ac4ddbe9eadbd1ca534dd99dfc4f806f178
SSDEEP

768:8IJYuBAfu1MdE7tqSOTlsAPsHzXWFjo2jUpt1ZFGLD0:8sYuBAf27tjOhs1Gho26tTFGLI

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

188.245.84.178:1865

Targets

- Target
  
  950aa8ade3e30e743acf4bca984b407359ae5bd46b192ea1d9cec5ff3eecde1b.elf
- Size
  
  83KB
- MD5
  
  d37377ac1765ee15a893b12a136cc4a8
- SHA1
  
  16a3ac56825540e4a39277911a71d8ce1117faca
- SHA256
  
  950aa8ade3e30e743acf4bca984b407359ae5bd46b192ea1d9cec5ff3eecde1b
- SHA512
  
  4da4d7a378ef7f9d4dea6faf4bd0a1e780a348fab149c260852db71501e898540afdcbecf558b611358260b9871d6192b7699c06ab33d170c5ca1c97d0d8db27
- SSDEEP
  
  1536:W35b9Vc4N3J6lreu5r4hWj8LnwcEvDmF+wVOz+sXcfW7k:Ab9Vc4JJ6liuq0YLwvDmEwVOz+ucfW7k
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1