gafgyt | d2bdaa1f67a7571b62302fdba30121b014534aebdd1d3a5d46420ab274da12aa | Triage

Sharing

General

Target

0c260e4c6abf22910bb0cef9b99f8ab1.bin
Size

66KB
Sample

241209-bc1exsxjcy
MD5

02b3c9efbf53cdcdabeeb69027476cfe
SHA1

b3e1933f4783c9f9ad0d39e0341e37739894b9c3
SHA256

d2bdaa1f67a7571b62302fdba30121b014534aebdd1d3a5d46420ab274da12aa
SHA512

e43599187d94ab247f1b6bf735d47e0f816f09f157a07e6f0b844c38c9b19f715e98b83242f8ab2a60e33b3efc66517db279077e667a270208e6df7887f89219
SSDEEP

1536:rBHGExMF6scZmlyynEF2mfgrmIf07MvmEwLs/uuSe:x/Zmjyfgrlf3vmEluY

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

87.120.112.101:405

Targets

- Target
  
  3a3f9b1d7021b0e8d497449ef2d97f81e6196a1350ba85f891e45a83961e89d9.elf
- Size
  
  169KB
- MD5
  
  0c260e4c6abf22910bb0cef9b99f8ab1
- SHA1
  
  57e624f9758fcf598b42d54803a2f0277431af27
- SHA256
  
  3a3f9b1d7021b0e8d497449ef2d97f81e6196a1350ba85f891e45a83961e89d9
- SHA512
  
  60436ba21fb5de6fe994d11238a80c723b5a04884121b5e68e43b182caefc3d5f7f7c12f0ea2597270b3851eb747de3a19c25566e3150460404f5bf820bf3ee8
- SSDEEP
  
  3072:czS45xoVVqweWRiiiau2t/fGmrnyVHHEetJ8add9QzhsdymnxL4+3myUQ0LKXDmZ:lila7tGAyVEetJ8addQIym5myUQ0L8Dq
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1