gafgyt | 95d8595a904ad53a69d15d98c2b210051bb7d0778078049134982ea0bc8b5412 | Triage

Sharing

General

Target

95d8595a904ad53a69d15d98c2b210051bb7d0778078049134982ea0bc8b5412.elf
Size

106KB
Sample

241202-dct91swkew
MD5

ecab3847aa448642eff6447b5ff7cd57
SHA1

164813fa467633bae17c794bed4a6a0aee03b2b3
SHA256

95d8595a904ad53a69d15d98c2b210051bb7d0778078049134982ea0bc8b5412
SHA512

4283cc89c691f1d07f3c6ad197c6f9633a01e40ec450184ac29479717fe057ae534fff71e3c3f146381d4f3f71d6d3504e943cd896cf9d4deadd1879774e0c71
SSDEEP

1536:27j+1Tohq+XZ6NDmGf/Yo7exVXMeMNeUdPIUmkiIF8iCKrmne:hK4f/YrceMrPIUmkiIF8iPrmne

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

85.209.17.110:888

Targets

- Target
  
  95d8595a904ad53a69d15d98c2b210051bb7d0778078049134982ea0bc8b5412.elf
- Size
  
  106KB
- MD5
  
  ecab3847aa448642eff6447b5ff7cd57
- SHA1
  
  164813fa467633bae17c794bed4a6a0aee03b2b3
- SHA256
  
  95d8595a904ad53a69d15d98c2b210051bb7d0778078049134982ea0bc8b5412
- SHA512
  
  4283cc89c691f1d07f3c6ad197c6f9633a01e40ec450184ac29479717fe057ae534fff71e3c3f146381d4f3f71d6d3504e943cd896cf9d4deadd1879774e0c71
- SSDEEP
  
  1536:27j+1Tohq+XZ6NDmGf/Yo7exVXMeMNeUdPIUmkiIF8iCKrmne:hK4f/YrceMrPIUmkiIF8iPrmne
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1