gafgyt | a93a7b49c5f43630433b45f68d779f05917502461fbf6d4666e036991b0b9142 | Triage

Sharing

General

Target

i--6.-.86.elf
Size

107KB
Sample

241210-pjwxzavpgx
MD5

c47fee0c2f5f4c80645db85b8988b503
SHA1

ddc02a945909c3b8ab3f3128c464759807c11019
SHA256

a93a7b49c5f43630433b45f68d779f05917502461fbf6d4666e036991b0b9142
SHA512

ddd29270086df2f6cf5cca65beffddb5b262887ce342017be090b2d3b027cc07c30079c99d603db89e0a0212f09776b77c54f3372480e85dd2eef14948c35f97
SSDEEP

1536:yp3b7kAYhytxsEdxL87gWuFXwaDQ5/2cjOAm5Ro1LM7YzuA:urIA3tSYxLCFeXwacbjOAm3o1o7YzuA

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

89.147.110.254:65489

Targets

- Target
  
  i--6.-.86.elf
- Size
  
  107KB
- MD5
  
  c47fee0c2f5f4c80645db85b8988b503
- SHA1
  
  ddc02a945909c3b8ab3f3128c464759807c11019
- SHA256
  
  a93a7b49c5f43630433b45f68d779f05917502461fbf6d4666e036991b0b9142
- SHA512
  
  ddd29270086df2f6cf5cca65beffddb5b262887ce342017be090b2d3b027cc07c30079c99d603db89e0a0212f09776b77c54f3372480e85dd2eef14948c35f97
- SSDEEP
  
  1536:yp3b7kAYhytxsEdxL87gWuFXwaDQ5/2cjOAm5Ro1LM7YzuA:urIA3tSYxLCFeXwacbjOAm3o1o7YzuA
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1