gafgyt | 02c4ac3e15e6e9e6f6da669654fb169e93b752af36d96fc582993700487d5c84 | Triage

Sharing

General

Target

02c4ac3e15e6e9e6f6da669654fb169e93b752af36d96fc582993700487d5c84.elf
Size

83KB
Sample

241204-cf3vwswkdy
MD5

a0e5a422d98545cdfe83529a1115e36f
SHA1

66c9aa8632ea92dca436f39baafa1d2f37606a56
SHA256

02c4ac3e15e6e9e6f6da669654fb169e93b752af36d96fc582993700487d5c84
SHA512

093bb87da90b03aecc5b56bf73f62c46edcf0b9a2bd47233070013e74b8a9115970a1fe8db46de5fb4643f14cef5cfd93e05554c1bcc1db4bc1fe57230632362
SSDEEP

1536:W35b9Vc4N3J6lreu5r4hWj8LJwcEvDmF+wVOz+sXcfW7k:Ab9Vc4JJ6liuq0YdwvDmEwVOz+ucfW7k

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

195.201.59.165:1865

Targets

- Target
  
  02c4ac3e15e6e9e6f6da669654fb169e93b752af36d96fc582993700487d5c84.elf
- Size
  
  83KB
- MD5
  
  a0e5a422d98545cdfe83529a1115e36f
- SHA1
  
  66c9aa8632ea92dca436f39baafa1d2f37606a56
- SHA256
  
  02c4ac3e15e6e9e6f6da669654fb169e93b752af36d96fc582993700487d5c84
- SHA512
  
  093bb87da90b03aecc5b56bf73f62c46edcf0b9a2bd47233070013e74b8a9115970a1fe8db46de5fb4643f14cef5cfd93e05554c1bcc1db4bc1fe57230632362
- SSDEEP
  
  1536:W35b9Vc4N3J6lreu5r4hWj8LJwcEvDmF+wVOz+sXcfW7k:Ab9Vc4JJ6liuq0YdwvDmEwVOz+ucfW7k
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1