gafgyt | 3dfcc4b3300c3ff5f66e95b3df00789c8f6ca2fcc9f19539e4fe5b6f74f14922 | Triage

Sharing

General

Target

3dfcc4b3300c3ff5f66e95b3df00789c8f6ca2fcc9f19539e4fe5b6f74f14922.elf
Size

150KB
Sample

241128-c2s8ks1pez
MD5

8a2e27422c3765f27ff74e58c6a75a51
SHA1

38ccdb2c6cb7447ae7be3ba91bca53c26ea98689
SHA256

3dfcc4b3300c3ff5f66e95b3df00789c8f6ca2fcc9f19539e4fe5b6f74f14922
SHA512

dd9bf53b96459395b582f6f248bbb2161ad4a18bede4ce3cb93c071e906cb41843c761a2adca51bc82756476952a091866f188ccd54dd5bd0fbbc23548a8c1ab
SSDEEP

3072:Tdbmn8aAEHqgSkano1DTAt5hWTGU2WV7lxXmpwTsL/QMyn:he8aAEHKkdDT45hWTGU2WV7ldmpwTsLS

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

166.88.225.38:4258

Targets

- Target
  
  3dfcc4b3300c3ff5f66e95b3df00789c8f6ca2fcc9f19539e4fe5b6f74f14922.elf
- Size
  
  150KB
- MD5
  
  8a2e27422c3765f27ff74e58c6a75a51
- SHA1
  
  38ccdb2c6cb7447ae7be3ba91bca53c26ea98689
- SHA256
  
  3dfcc4b3300c3ff5f66e95b3df00789c8f6ca2fcc9f19539e4fe5b6f74f14922
- SHA512
  
  dd9bf53b96459395b582f6f248bbb2161ad4a18bede4ce3cb93c071e906cb41843c761a2adca51bc82756476952a091866f188ccd54dd5bd0fbbc23548a8c1ab
- SSDEEP
  
  3072:Tdbmn8aAEHqgSkano1DTAt5hWTGU2WV7lxXmpwTsL/QMyn:he8aAEHKkdDT45hWTGU2WV7ldmpwTsLS
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1