gafgyt | 71c93a7aee9e684174275c0e4a17015357b6bdb64a945c65010822f944211b57 | Triage

Sharing

General

Target

71c93a7aee9e684174275c0e4a17015357b6bdb64a945c65010822f944211b57.elf
Size

167KB
Sample

241211-c9fbpaxjgm
MD5

5fd12602f32ced194f9300b0df2aa1d9
SHA1

a948c368ac016f201c17b863246496bd4d99c84e
SHA256

71c93a7aee9e684174275c0e4a17015357b6bdb64a945c65010822f944211b57
SHA512

4d0456d3bf5f92a3ee4ae389cfb4d204672f3847822fb54077a1c697bdb6c5d5b4c26f1a8411e7d6ad5f75c9a21f99e7f9a5ca7ebae3e8dc82202822b2306cff
SSDEEP

3072:Fw1aOPNmJEgpYD98SD6qK4m3AHxVbNGHdm+wN8dQSl2:y1aOPNmJFpLI674m3AHxVJGHdm+wN8OR

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

89.147.110.254:65489

Targets

- Target
  
  71c93a7aee9e684174275c0e4a17015357b6bdb64a945c65010822f944211b57.elf
- Size
  
  167KB
- MD5
  
  5fd12602f32ced194f9300b0df2aa1d9
- SHA1
  
  a948c368ac016f201c17b863246496bd4d99c84e
- SHA256
  
  71c93a7aee9e684174275c0e4a17015357b6bdb64a945c65010822f944211b57
- SHA512
  
  4d0456d3bf5f92a3ee4ae389cfb4d204672f3847822fb54077a1c697bdb6c5d5b4c26f1a8411e7d6ad5f75c9a21f99e7f9a5ca7ebae3e8dc82202822b2306cff
- SSDEEP
  
  3072:Fw1aOPNmJEgpYD98SD6qK4m3AHxVbNGHdm+wN8dQSl2:y1aOPNmJFpLI674m3AHxVJGHdm+wN8OR
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1