gafgyt | eb78f25a0c5f632026fb9cf827529bc6cb60d82bd6debec5b13b325db5148ee2 | Triage

Sharing

General

Target

weedapache2.elf
Size

169KB
Sample

241207-r21pzsvpgw
MD5

c0d5bd0ee2738640e7a4fb2e032ff016
SHA1

1c6ba5897cb3f9726a1435e6393034a0278042be
SHA256

eb78f25a0c5f632026fb9cf827529bc6cb60d82bd6debec5b13b325db5148ee2
SHA512

8678ef5aeb65e2d51ed0b71178fb5d01611c1f9f19f5b6abe860f022d6d894624bf62f44526e7fabb6712e63c955f102720ed808ff12b685bb81d40337d63618
SSDEEP

3072:czS45xoVVqweWRiiiau2t/fGmrnyVHHEetJ8add9Qzhsdym+xL4+gmyUQ0LKXDmZ:lila7tGAyVEetJ8addQIymVmyUQ0L8Dq

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

87.120.112.101:405

Targets

- Target
  
  weedapache2.elf
- Size
  
  169KB
- MD5
  
  c0d5bd0ee2738640e7a4fb2e032ff016
- SHA1
  
  1c6ba5897cb3f9726a1435e6393034a0278042be
- SHA256
  
  eb78f25a0c5f632026fb9cf827529bc6cb60d82bd6debec5b13b325db5148ee2
- SHA512
  
  8678ef5aeb65e2d51ed0b71178fb5d01611c1f9f19f5b6abe860f022d6d894624bf62f44526e7fabb6712e63c955f102720ed808ff12b685bb81d40337d63618
- SSDEEP
  
  3072:czS45xoVVqweWRiiiau2t/fGmrnyVHHEetJ8add9Qzhsdym+xL4+gmyUQ0LKXDmZ:lila7tGAyVEetJ8addQIymVmyUQ0L8Dq
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1