gafgyt | 72e65be7c5cb868539686caa8562986be5a40ef5d46c47d663186c206574daf6 | Triage

Sharing

General

Target

34f99dcc347a47ae205e18a34241b0fc.bin
Size

41KB
Sample

241130-bg5kfavpay
MD5

d59dc3df31b3436de24b6d5a50a570c9
SHA1

6b1e25e3608bc6fcc037334e3a9cd16766f12f9a
SHA256

72e65be7c5cb868539686caa8562986be5a40ef5d46c47d663186c206574daf6
SHA512

b10be760dc2eec2e595724e1d29376048531ef4d4000c5fa902d306a522bc92d9dd7f517d1c07971c541a10f48c23b4171e4717184ae974700bdc576554cffc3
SSDEEP

768:7u//oPQOscmxDQRboUdFO/Wct+K0XsnKkzuppx:IaQJs9oUd4+6upx

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

178.215.238.4:606

Targets

- Target
  
  f0a318ebc1caaf080d899d5d12bce05ce7200f334c1d7cca6443328f70e98579.elf
- Size
  
  98KB
- MD5
  
  34f99dcc347a47ae205e18a34241b0fc
- SHA1
  
  319bf4121ec3a2daf536eebd6d78b2beb4c58e0f
- SHA256
  
  f0a318ebc1caaf080d899d5d12bce05ce7200f334c1d7cca6443328f70e98579
- SHA512
  
  e0bf14d4c6f9bc948d96c26ab7aa7e1d7ca306f2e346b098c953ad2f9fc21917b83023a18361d558ee407c077dd024d03a9b4dff2bca66e403bc1df461a2b7ba
- SSDEEP
  
  3072:VSx+i6mqaObhNlnPTO/X6HmZuqQ4DPwXXtse:y6mRObnlnPm6HmZuqQ4DPwXXtse
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1