gafgyt | 79164326a7940f25869476593db103dfd144e7155d7f005e3f51d4f5472df840 | Triage

Sharing

General

Target

79164326a7940f25869476593db103dfd144e7155d7f005e3f51d4f5472df840.elf
Size

209KB
Sample

241207-dc7kcaskbz
MD5

97d9d4346609a36db70c4732d53f530a
SHA1

a9beb573471c7a6d83dc70fa331233446f49556c
SHA256

79164326a7940f25869476593db103dfd144e7155d7f005e3f51d4f5472df840
SHA512

160deab9e2ebf460fbf264b71737a5dc509c03a61e1b75324582b6644eb3f9dec2b83ff9add8ae5ccec83910c04f1a1b4b93d22ba6c1d46d54f6d82623a1c73c
SSDEEP

3072:3XC9j6w2ZQgoYJlQelShPb+iSWhvJ6CeWRd9soUQcI7V5h2Bk1cmrpy6n9Nn:3SnfTcI7V5h21mrpy6n9Nn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.91.127.27:87

Targets

- Target
  
  79164326a7940f25869476593db103dfd144e7155d7f005e3f51d4f5472df840.elf
- Size
  
  209KB
- MD5
  
  97d9d4346609a36db70c4732d53f530a
- SHA1
  
  a9beb573471c7a6d83dc70fa331233446f49556c
- SHA256
  
  79164326a7940f25869476593db103dfd144e7155d7f005e3f51d4f5472df840
- SHA512
  
  160deab9e2ebf460fbf264b71737a5dc509c03a61e1b75324582b6644eb3f9dec2b83ff9add8ae5ccec83910c04f1a1b4b93d22ba6c1d46d54f6d82623a1c73c
- SSDEEP
  
  3072:3XC9j6w2ZQgoYJlQelShPb+iSWhvJ6CeWRd9soUQcI7V5h2Bk1cmrpy6n9Nn:3SnfTcI7V5h21mrpy6n9Nn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1