gafgyt | a242dab3e97fa7627bde39cce544522778209abe031bb5423ca7f63ac8ffbb16 | Triage

Sharing

General

Target

a242dab3e97fa7627bde39cce544522778209abe031bb5423ca7f63ac8ffbb16.elf
Size

150KB
Sample

241128-dq66qsypgm
MD5

b894fa8fbbe1beeb8367091aaa2e9245
SHA1

ee5bbdb7b7305063bcf7b702606a990dd023ca86
SHA256

a242dab3e97fa7627bde39cce544522778209abe031bb5423ca7f63ac8ffbb16
SHA512

3a13891d03015cb8860a1686dbbd3f25e5aea9f2336b9d4b793d8512902d514e7dc9328db607dc3326920405073d333cfe5ce23c1daa95adb51cac58e70eb910
SSDEEP

3072:Tdbmn8aAEHqgSkano1DTAt5hWTGZWYxVlxXmpwTsL/QMyn:he8aAEHKkdDT45hWTGZWYxVldmpwTsLS

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

166.88.225.38:4258

Targets

- Target
  
  a242dab3e97fa7627bde39cce544522778209abe031bb5423ca7f63ac8ffbb16.elf
- Size
  
  150KB
- MD5
  
  b894fa8fbbe1beeb8367091aaa2e9245
- SHA1
  
  ee5bbdb7b7305063bcf7b702606a990dd023ca86
- SHA256
  
  a242dab3e97fa7627bde39cce544522778209abe031bb5423ca7f63ac8ffbb16
- SHA512
  
  3a13891d03015cb8860a1686dbbd3f25e5aea9f2336b9d4b793d8512902d514e7dc9328db607dc3326920405073d333cfe5ce23c1daa95adb51cac58e70eb910
- SSDEEP
  
  3072:Tdbmn8aAEHqgSkano1DTAt5hWTGZWYxVlxXmpwTsL/QMyn:he8aAEHKkdDT45hWTGZWYxVldmpwTsLS
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1