gafgyt | b649981e539640687ea7f1251fc87a3f864e4422e9d6abbbaee8a8d08ec2bc76 | Triage

Sharing

General

Target

m-i.p.-se.l.elf
Size

158KB
Sample

241210-pqktaazrcq
MD5

ce6cba3aa651d2953730f3ef35f2f111
SHA1

c5e4f1ba1d4147e9b0dadf5097b562c16aaa265e
SHA256

b649981e539640687ea7f1251fc87a3f864e4422e9d6abbbaee8a8d08ec2bc76
SHA512

565fa6b7c733773c05497986e62aff8b4c4bc404a175b493c3b6a0ceee19a9897372fb536ea627b0e1519972500403e65050d872fd1cbcb9a63065bfcabea7ef
SSDEEP

1536:MGRejgKuYUVu/sZC5pXQzTnldtgFioNtxxlxmnXv+PYGR2:ByPUE5VQHnuXNtxx3mXv+PYGR2

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

89.147.110.254:65489

Targets

- Target
  
  m-i.p.-se.l.elf
- Size
  
  158KB
- MD5
  
  ce6cba3aa651d2953730f3ef35f2f111
- SHA1
  
  c5e4f1ba1d4147e9b0dadf5097b562c16aaa265e
- SHA256
  
  b649981e539640687ea7f1251fc87a3f864e4422e9d6abbbaee8a8d08ec2bc76
- SHA512
  
  565fa6b7c733773c05497986e62aff8b4c4bc404a175b493c3b6a0ceee19a9897372fb536ea627b0e1519972500403e65050d872fd1cbcb9a63065bfcabea7ef
- SSDEEP
  
  1536:MGRejgKuYUVu/sZC5pXQzTnldtgFioNtxxlxmnXv+PYGR2:ByPUE5VQHnuXNtxx3mXv+PYGR2
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1