gafgyt | 84ca68ae9cbc94d95fbff735c021ef402af234129cfc013fc18bd78e2427ae6f | Triage

Sharing

General

Target

84ca68ae9cbc94d95fbff735c021ef402af234129cfc013fc18bd78e2427ae6f.elf
Size

119KB
Sample

241211-dd6pfasqey
MD5

db63cd7318e423908e8b55c7e4d4cb86
SHA1

e6575d4f83dcd59c717002e8abe3fe1a3e4107e2
SHA256

84ca68ae9cbc94d95fbff735c021ef402af234129cfc013fc18bd78e2427ae6f
SHA512

9830c7200bc05cf29e59f43998ac12975595b56d8b5a1e760976cbf6ef0237f189a5af89ce1dca05400cd5e1bb90229b9027a3b27e45097e509d344e36a05cdc
SSDEEP

3072:xfOacTDvzz7PAdRSdXNJqdTgmwbfKHmYn:8UUIdTgmwbfwmYn

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

89.147.110.254:65489

Targets

- Target
  
  84ca68ae9cbc94d95fbff735c021ef402af234129cfc013fc18bd78e2427ae6f.elf
- Size
  
  119KB
- MD5
  
  db63cd7318e423908e8b55c7e4d4cb86
- SHA1
  
  e6575d4f83dcd59c717002e8abe3fe1a3e4107e2
- SHA256
  
  84ca68ae9cbc94d95fbff735c021ef402af234129cfc013fc18bd78e2427ae6f
- SHA512
  
  9830c7200bc05cf29e59f43998ac12975595b56d8b5a1e760976cbf6ef0237f189a5af89ce1dca05400cd5e1bb90229b9027a3b27e45097e509d344e36a05cdc
- SSDEEP
  
  3072:xfOacTDvzz7PAdRSdXNJqdTgmwbfKHmYn:8UUIdTgmwbfwmYn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1