gafgyt | 8488c0e447428e855fa8376ea2b5e17852f6c399a2c92eabcc97823369d27e75 | Triage

Sharing

General

Target

8488c0e447428e855fa8376ea2b5e17852f6c399a2c92eabcc97823369d27e75.elf
Size

201KB
Sample

241208-c2gvjsxph1
MD5

941227e2b497f67925f5796f90257408
SHA1

6fd377cd9c9e29f14030c7c31918d203001f2a52
SHA256

8488c0e447428e855fa8376ea2b5e17852f6c399a2c92eabcc97823369d27e75
SHA512

8fd90750da8b197a0ce6b85b0811add8289d0f86dfd9e602bc49fad5c428c5c4a8a7130908c74b2e1b4bbd4813ce864a892bde270dc8ca11d2eb303c43dcae56
SSDEEP

3072:3+k8r/1/SvFbweetJ8add9QzhsQZSL2XjWmQR22bvxZ:3+Rr/1/EPetJ8addQlXWmQR2mvxZ

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

87.120.112.101:405

Targets

- Target
  
  8488c0e447428e855fa8376ea2b5e17852f6c399a2c92eabcc97823369d27e75.elf
- Size
  
  201KB
- MD5
  
  941227e2b497f67925f5796f90257408
- SHA1
  
  6fd377cd9c9e29f14030c7c31918d203001f2a52
- SHA256
  
  8488c0e447428e855fa8376ea2b5e17852f6c399a2c92eabcc97823369d27e75
- SHA512
  
  8fd90750da8b197a0ce6b85b0811add8289d0f86dfd9e602bc49fad5c428c5c4a8a7130908c74b2e1b4bbd4813ce864a892bde270dc8ca11d2eb303c43dcae56
- SSDEEP
  
  3072:3+k8r/1/SvFbweetJ8add9QzhsQZSL2XjWmQR22bvxZ:3+Rr/1/EPetJ8addQlXWmQR2mvxZ
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1