gafgyt | e03adb20dced14f894c81f977f244215ed95d821ee8d3462edd2c29e40589d27 | Triage

Sharing

General

Target

e03adb20dced14f894c81f977f244215ed95d821ee8d3462edd2c29e40589d27.elf
Size

92KB
Sample

241211-d8l9aayrhr
MD5

7981a3a60ab91469df013ca383906bd9
SHA1

dcbcd34f841284a0f7f52c5a0e17d44c059d5b96
SHA256

e03adb20dced14f894c81f977f244215ed95d821ee8d3462edd2c29e40589d27
SHA512

51956996c5d19a3c6c932dfb8a8c4dac0153d7601e80509dc31d1b843f37eaeb999ea72678140e2e7a2a64ade667ab7700c65eb0771400e80302e9ef25b0483c
SSDEEP

1536:W7uJtxNeVE8zV7aDlvhE1hmkJ0S36W6bWjK3eyPXfH0mA+KWOXFseaZYxe:4SsVEeVMlpmXJ0O6WpjKuifUm/KWOXFE

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.251:12345

Targets

- Target
  
  e03adb20dced14f894c81f977f244215ed95d821ee8d3462edd2c29e40589d27.elf
- Size
  
  92KB
- MD5
  
  7981a3a60ab91469df013ca383906bd9
- SHA1
  
  dcbcd34f841284a0f7f52c5a0e17d44c059d5b96
- SHA256
  
  e03adb20dced14f894c81f977f244215ed95d821ee8d3462edd2c29e40589d27
- SHA512
  
  51956996c5d19a3c6c932dfb8a8c4dac0153d7601e80509dc31d1b843f37eaeb999ea72678140e2e7a2a64ade667ab7700c65eb0771400e80302e9ef25b0483c
- SSDEEP
  
  1536:W7uJtxNeVE8zV7aDlvhE1hmkJ0S36W6bWjK3eyPXfH0mA+KWOXFseaZYxe:4SsVEeVMlpmXJ0O6WpjKuifUm/KWOXFE
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1