gafgyt | e8d6b763796b225306b598f06b0d6f0aa922a67126836207a0d390405c268adf | Triage

Sharing

General

Target

e8d6b763796b225306b598f06b0d6f0aa922a67126836207a0d390405c268adf.elf
Size

148KB
Sample

241208-dbtl4aymav
MD5

250aea83ba25bcd8697cf90c03745937
SHA1

9159bbd77f4a2e78957b633860563063d865f287
SHA256

e8d6b763796b225306b598f06b0d6f0aa922a67126836207a0d390405c268adf
SHA512

cc473d631a8c16030e0c7a7dbba6e4a6f88b8df265d06a7439df5d8622c34bf80bab63fa3b4d2093808c7a474532de0346e107793b0b1106deb60f05bb13026e
SSDEEP

3072:8EBvlkr8KuZHfu6ZSEWiOHYIj33wZ6yjl/KLvj4pr3t8g1ZRR5Qo8s9VmfiHU0Ws:8yhpVmfiHUdmYSBhX48

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

154.213.187.14:1999

Targets

- Target
  
  e8d6b763796b225306b598f06b0d6f0aa922a67126836207a0d390405c268adf.elf
- Size
  
  148KB
- MD5
  
  250aea83ba25bcd8697cf90c03745937
- SHA1
  
  9159bbd77f4a2e78957b633860563063d865f287
- SHA256
  
  e8d6b763796b225306b598f06b0d6f0aa922a67126836207a0d390405c268adf
- SHA512
  
  cc473d631a8c16030e0c7a7dbba6e4a6f88b8df265d06a7439df5d8622c34bf80bab63fa3b4d2093808c7a474532de0346e107793b0b1106deb60f05bb13026e
- SSDEEP
  
  3072:8EBvlkr8KuZHfu6ZSEWiOHYIj33wZ6yjl/KLvj4pr3t8g1ZRR5Qo8s9VmfiHU0Ws:8yhpVmfiHUdmYSBhX48
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1