gafgyt | a67729bd076a71ee5bb057f62dac87fa27b2897d48cbb1e5d4a301b480257dc5 | Triage

Sharing

General

Target

d111e3a8f38d3693ff456e90374cacfb.bin
Size

42KB
Sample

241205-b913qaslbs
MD5

0038cd0ee7046bcb4976375427ba372d
SHA1

b27d3264b107e844935681590d6d9808dd3456e0
SHA256

a67729bd076a71ee5bb057f62dac87fa27b2897d48cbb1e5d4a301b480257dc5
SHA512

86fe2d069cb49be7efd89ca87a482fe4918a2d6f1f1c7e142d2fb4f1f5c302944c1e3cec48b15111993e1412e61e6eafefa1a9fff2875386cfbb5f183a2d6b02
SSDEEP

768:f6JQ/MwHaLsEd87P7PFRMX/YOszBte9KBi9igixrhyTXlmEgRR9i23E34i6lSLf:imHHaLDwhRG/Bs6+giyDlm5n9Da16lST

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

195.201.59.165:1865

Targets

- Target
  
  0f60859f887446023b8f5d3b19b13ac50392dbb36392592845731a0a644a860e.elf
- Size
  
  123KB
- MD5
  
  d111e3a8f38d3693ff456e90374cacfb
- SHA1
  
  5ab917a6142162ad9958811a134a0a6e93d2ceef
- SHA256
  
  0f60859f887446023b8f5d3b19b13ac50392dbb36392592845731a0a644a860e
- SHA512
  
  c2340d517452c6231a6b29c9e51a404ba162f257d4be87f689a1221afc18c289620a422aa9c5847f3d0bcc76779dfa02bab9f51f83a99e266ae708884d740378
- SSDEEP
  
  1536:/UHeTxCAms/Y8Zm3lKYA43gMJwSkJ8Ep++DGGJrmW+IFB1Df11hR/:/UyLqAmgMJM8Eg+DGsrmW+IFB1Dt1hR/
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1