gafgyt | 56f84969dca02a9f9af6ca6140d802749f2098f3aa0c86b5da817bc5fe714b37 | Triage

Sharing

General

Target

6964fe6708c8204ec460be246b521398.bin
Size

62KB
Sample

241209-btppraxlbz
MD5

76fe56bad6866f0132747d9ebcbc8fec
SHA1

94f473afa923397ff6ce4df39cbcb2fcc3737f49
SHA256

56f84969dca02a9f9af6ca6140d802749f2098f3aa0c86b5da817bc5fe714b37
SHA512

88d136b6366bdb8ead366cbc48182c9c8c2a86b493301fe5f1c91f650defba2f50f2838eedd23a5bfbc71a4d5a280f1a7b3819936f3c8db20c36595f1a10b9e7
SSDEEP

1536:gVfGIdmCkzKFxqtlyaqz3pPWS0EWZPA/hPhs44fTkCJQ+jyWj:gVaLxtnqzJWSwPIPhXMkmQ+v

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

87.120.112.101:405

Targets

- Target
  
  f77e02f01a3daea6d37cbbf9456ad68ffa51cc20d1c455cad9346e1a0a99c39b.elf
- Size
  
  162KB
- MD5
  
  6964fe6708c8204ec460be246b521398
- SHA1
  
  9f8a499bb774efc2744889b918f51a391761d2b7
- SHA256
  
  f77e02f01a3daea6d37cbbf9456ad68ffa51cc20d1c455cad9346e1a0a99c39b
- SHA512
  
  9e2b3ce7fed5f2a7026add2df4c54bbb285ce4b35da194b33d4c09ba47ba0fcc5db01671716e8732e5b598272da233639283dce1e90857a2f8930368119f0a4d
- SSDEEP
  
  3072:j3+u1eSNtOYvfxmP6hfhEutJ8adPF4KQTjsR3TFnUUQIHc2mnhvwHqSA:VvgMmPputJ8adPF4fGTQP2mnhvGqSA
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1