gafgyt | 7875940780206ab6722de7bc306a6d0087dbd30d12f539747ebbf9e93c92b482 | Triage

Sharing

General

Target

a0e5a422d98545cdfe83529a1115e36f.bin
Size

38KB
Sample

241205-b2zvpa1qgt
MD5

a5df3382bb8fc7ea5d395e579bb96576
SHA1

86f9e2f29b4632ff23624e7a88835f062a3a7429
SHA256

7875940780206ab6722de7bc306a6d0087dbd30d12f539747ebbf9e93c92b482
SHA512

5d9cc1821cead630f946d19e2bdf9395a899382edbee9f380638f52b4e357a1016fa85a6ccc6b5a24e8d1fe0082232d4cc5fba740a7158ac7dc0f127969e75db
SSDEEP

768:HkWVcoVkNoDANcIF5yPYv/ek4UygAtMHcRt1JvBEhl+pCLHvyb:HkWVTVOoDANtFQG/etj1lJvG+pE+

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

195.201.59.165:1865

Targets

- Target
  
  02c4ac3e15e6e9e6f6da669654fb169e93b752af36d96fc582993700487d5c84.elf
- Size
  
  83KB
- MD5
  
  a0e5a422d98545cdfe83529a1115e36f
- SHA1
  
  66c9aa8632ea92dca436f39baafa1d2f37606a56
- SHA256
  
  02c4ac3e15e6e9e6f6da669654fb169e93b752af36d96fc582993700487d5c84
- SHA512
  
  093bb87da90b03aecc5b56bf73f62c46edcf0b9a2bd47233070013e74b8a9115970a1fe8db46de5fb4643f14cef5cfd93e05554c1bcc1db4bc1fe57230632362
- SSDEEP
  
  1536:W35b9Vc4N3J6lreu5r4hWj8LJwcEvDmF+wVOz+sXcfW7k:Ab9Vc4JJ6liuq0YdwvDmEwVOz+ucfW7k
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1