gafgyt | b4c287da7695f3526534493a7ed3a95ac5a98f0797cc2d399f9b1dacba334409 | Triage

Sharing

General

Target

b4c287da7695f3526534493a7ed3a95ac5a98f0797cc2d399f9b1dacba334409.elf
Size

148KB
Sample

241210-dyjqeaxkfq
MD5

a44fd1274515c694dbf70a908f902e99
SHA1

944956eae1f8686f9ccb3a80fca1675b166baf9a
SHA256

b4c287da7695f3526534493a7ed3a95ac5a98f0797cc2d399f9b1dacba334409
SHA512

cd8363443e8914d9da4f57ad3569b5233990d39ebb7083da2915cded7a1179c57f04216cedf9834742c2f863aaa00e14e98f1977056275d91e36440c6186bcc4
SSDEEP

3072:cM9T14fQuS9L76qt28qm6zos3DXEZGSjZHOHnHM5nblgMN9lBFZhsNZOfS3UvyWs:cS9yZOfS3UvHmYSBhX48

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

154.213.187.14:13387

Targets

- Target
  
  b4c287da7695f3526534493a7ed3a95ac5a98f0797cc2d399f9b1dacba334409.elf
- Size
  
  148KB
- MD5
  
  a44fd1274515c694dbf70a908f902e99
- SHA1
  
  944956eae1f8686f9ccb3a80fca1675b166baf9a
- SHA256
  
  b4c287da7695f3526534493a7ed3a95ac5a98f0797cc2d399f9b1dacba334409
- SHA512
  
  cd8363443e8914d9da4f57ad3569b5233990d39ebb7083da2915cded7a1179c57f04216cedf9834742c2f863aaa00e14e98f1977056275d91e36440c6186bcc4
- SSDEEP
  
  3072:cM9T14fQuS9L76qt28qm6zos3DXEZGSjZHOHnHM5nblgMN9lBFZhsNZOfS3UvyWs:cS9yZOfS3UvHmYSBhX48
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1