gafgyt | 34179df03a08582a1fd1e6e14a64dc2986a701796e7507a6782ed695ad8f55e4 | Triage

Sharing

General

Target

4530f2ac88e07eb93f8fa1572a3befea.bin
Size

67KB
Sample

241205-blhw8swpdp
MD5

34a8f4d74901694684b5468f06dde4f7
SHA1

6cf53f7bf590b6ad60934624c565f1ec33b4f5d3
SHA256

34179df03a08582a1fd1e6e14a64dc2986a701796e7507a6782ed695ad8f55e4
SHA512

85eb570dbc7a2b9588abf8688b5b96d4af5c0a2c69413aa5f8260defaf6e2320c3404ab8bbdf62d5965e636dd250428a52effc5500a8b1de0b1040d255c8b356
SSDEEP

1536:NoFvde78EX1TG/Ff9IdpWLw33RU6u+ccgQrE5PWhSF:NWa3TG/FfGdpWgRUdcgbWhQ

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

195.201.59.165:1865

Targets

- Target
  
  0075dd99585895c4db740629d1e53d76eee158adeefc4c69089493e26ac6988b.elf
- Size
  
  156KB
- MD5
  
  4530f2ac88e07eb93f8fa1572a3befea
- SHA1
  
  1798256e9cf10f77f05c5319f833f73adb594551
- SHA256
  
  0075dd99585895c4db740629d1e53d76eee158adeefc4c69089493e26ac6988b
- SHA512
  
  23206ebce4cf485408ae928122f78b3db77b117918ef026522a93a1f235c125c71ba500069fd7552e8b80c7791068278069b1ca59f2ba7c23fd0385cd5a271f9
- SSDEEP
  
  3072:T1g2/eINNlzx2kkQCMOaQcvB4YnyLRM/9pSQomFwfBxKQodn:hg2hNNlzIkk/MOa/6YnydM/9LomFwfBC
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1