gafgyt | e553f5333b2fb4bf0ae45f4f2cbc23d0be9b3d054852ace3bd5869d4ef812e1e | Triage

Sharing

General

Target

e553f5333b2fb4bf0ae45f4f2cbc23d0be9b3d054852ace3bd5869d4ef812e1e.elf
Size

148KB
Sample

241126-d3t2yaslbs
MD5

46bc16a930c4ab1eea60a9fd7e049726
SHA1

5ba886e16b333dfd1ca106685d7c848efaf47f6e
SHA256

e553f5333b2fb4bf0ae45f4f2cbc23d0be9b3d054852ace3bd5869d4ef812e1e
SHA512

9f3585f31ceb0de7a0553db607560da4b3c5589d1cb8acb946e6bdb5f31439fd095dae2c1202ef9f19125840621219c1be13998ee49fc69f400f2712a6a2c36c
SSDEEP

1536:fy1aejr49iGX7UuzeTyfZxOGW2VLvRcG7oNN7S6edzr+1jCY+S1N/mS5SB/5HX48:q17mY52VGS1m+Y9N/mYSBBHX48

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

154.213.187.14:6149

Targets

- Target
  
  e553f5333b2fb4bf0ae45f4f2cbc23d0be9b3d054852ace3bd5869d4ef812e1e.elf
- Size
  
  148KB
- MD5
  
  46bc16a930c4ab1eea60a9fd7e049726
- SHA1
  
  5ba886e16b333dfd1ca106685d7c848efaf47f6e
- SHA256
  
  e553f5333b2fb4bf0ae45f4f2cbc23d0be9b3d054852ace3bd5869d4ef812e1e
- SHA512
  
  9f3585f31ceb0de7a0553db607560da4b3c5589d1cb8acb946e6bdb5f31439fd095dae2c1202ef9f19125840621219c1be13998ee49fc69f400f2712a6a2c36c
- SSDEEP
  
  1536:fy1aejr49iGX7UuzeTyfZxOGW2VLvRcG7oNN7S6edzr+1jCY+S1N/mS5SB/5HX48:q17mY52VGS1m+Y9N/mYSBBHX48
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1