gafgyt | bb1abbcffdc127a609fbf46fbe495e518af1f4f5aca337968d994e93056ffb4a | Triage

Sharing

General

Target

pXdN91.x68.elf
Size

118KB
Sample

241125-h13zaavnez
MD5

cf6e8607ca66041c6503b7808a5ff1ac
SHA1

1ada8f7adf146b1a9b1f5b9165a407d97e61c9ba
SHA256

bb1abbcffdc127a609fbf46fbe495e518af1f4f5aca337968d994e93056ffb4a
SHA512

3f0871142542fafce22c0125da837dc275493a893908aed2ca12c274d1590b26fd7be6ea6d8eebd09935dadad2f9846373b3de23999f9d333841ec787c98c6e7
SSDEEP

3072:xMxB5Tc9xfHxFScXc2i+TMoc6bgmom0ea7HWvP:Cxs9x/g2jL5om0eaTWvP

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

154.213.187.14:6149

Targets

- Target
  
  pXdN91.x68.elf
- Size
  
  118KB
- MD5
  
  cf6e8607ca66041c6503b7808a5ff1ac
- SHA1
  
  1ada8f7adf146b1a9b1f5b9165a407d97e61c9ba
- SHA256
  
  bb1abbcffdc127a609fbf46fbe495e518af1f4f5aca337968d994e93056ffb4a
- SHA512
  
  3f0871142542fafce22c0125da837dc275493a893908aed2ca12c274d1590b26fd7be6ea6d8eebd09935dadad2f9846373b3de23999f9d333841ec787c98c6e7
- SSDEEP
  
  3072:xMxB5Tc9xfHxFScXc2i+TMoc6bgmom0ea7HWvP:Cxs9x/g2jL5om0eaTWvP
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1