gafgyt | 6e365b90e0bd20833fa1282c59839635ae53dd8445b58651ba8c72d73659509c | Triage

Sharing

General

Target

6e365b90e0bd20833fa1282c59839635ae53dd8445b58651ba8c72d73659509c.elf
Size

130KB
Sample

241207-dazrqasjbv
MD5

0cd9cc7d699134bedcbf376fec8269b0
SHA1

3ad95a6bace4fa25201585d7d180ea120b0fa5f8
SHA256

6e365b90e0bd20833fa1282c59839635ae53dd8445b58651ba8c72d73659509c
SHA512

6e023761b41f19556a35c75667be8a3e69668b122f52d620e1484018d9b0cdc0273044da1875b8f9879d346bdc82f2b39a87ef1e2d9526bab6ca4e583bf0d5cd
SSDEEP

1536:Omuejqh4HybHWuOdd9BORHgUYZVw0vXynGKuB7mbN+G5QW5BPgm8o1B65HFqR:OmCYBf5TpmZPQW5VgmF1BUHFqR

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

154.216.18.82:9999

Targets

- Target
  
  6e365b90e0bd20833fa1282c59839635ae53dd8445b58651ba8c72d73659509c.elf
- Size
  
  130KB
- MD5
  
  0cd9cc7d699134bedcbf376fec8269b0
- SHA1
  
  3ad95a6bace4fa25201585d7d180ea120b0fa5f8
- SHA256
  
  6e365b90e0bd20833fa1282c59839635ae53dd8445b58651ba8c72d73659509c
- SHA512
  
  6e023761b41f19556a35c75667be8a3e69668b122f52d620e1484018d9b0cdc0273044da1875b8f9879d346bdc82f2b39a87ef1e2d9526bab6ca4e583bf0d5cd
- SSDEEP
  
  1536:Omuejqh4HybHWuOdd9BORHgUYZVw0vXynGKuB7mbN+G5QW5BPgm8o1B65HFqR:OmCYBf5TpmZPQW5VgmF1BUHFqR
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1