gafgyt | c4b34853546c73acd1553d66a1f56d882f0c1b882aa00cd28f842cca5ac20d48 | Triage

Sharing

General

Target

hidakibest.x86.elf
Size

106KB
Sample

241204-3h9z4awrgv
MD5

6940ec3a0fb39c5d58578fd8550b2793
SHA1

35b9df5bc88bc61564055cf24bfd9401497972ee
SHA256

c4b34853546c73acd1553d66a1f56d882f0c1b882aa00cd28f842cca5ac20d48
SHA512

89257949203be289d8b14d337f930e63abb3c5f02f32e0744bb766334926947e872d75679d85c809a99948193344f9be71074924241003c705dc17a887252955
SSDEEP

3072:j6dye4BmJQmphaZw/1vc4+AzkSXmdRWaLHgb4:dmphaZchrmdRWaDgb4

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

172.234.21.34:4258

Targets

- Target
  
  hidakibest.x86.elf
- Size
  
  106KB
- MD5
  
  6940ec3a0fb39c5d58578fd8550b2793
- SHA1
  
  35b9df5bc88bc61564055cf24bfd9401497972ee
- SHA256
  
  c4b34853546c73acd1553d66a1f56d882f0c1b882aa00cd28f842cca5ac20d48
- SHA512
  
  89257949203be289d8b14d337f930e63abb3c5f02f32e0744bb766334926947e872d75679d85c809a99948193344f9be71074924241003c705dc17a887252955
- SSDEEP
  
  3072:j6dye4BmJQmphaZw/1vc4+AzkSXmdRWaLHgb4:dmphaZchrmdRWaDgb4
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1