gafgyt | 9ec7e76cf0d3408623f38046198ea057d741843d3fe3c706355e1a1635604e00 | Triage

Sharing

General

Target

9ec7e76cf0d3408623f38046198ea057d741843d3fe3c706355e1a1635604e00.elf
Size

158KB
Sample

241211-dkvkraxqal
MD5

4cb021ed5e9c420c536c898b9e9e902b
SHA1

e89de6b33cef48619d26cfc323de01cd1cb18907
SHA256

9ec7e76cf0d3408623f38046198ea057d741843d3fe3c706355e1a1635604e00
SHA512

f2324c561e2535de27318c329689f43f2d92bb7a10c055719d5354110a0df6423efc4efea5985bdf13e2fdd127b88ebea6f672c1b3cae542fd2a5ddf916d20e6
SSDEEP

3072:E6wbe7nWIYPnSUAMjRb63TsR9kHLbzLII1mXv+PYGR2:F2jtyHLbQomXv+wGR2

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

89.147.110.254:65489

Targets

- Target
  
  9ec7e76cf0d3408623f38046198ea057d741843d3fe3c706355e1a1635604e00.elf
- Size
  
  158KB
- MD5
  
  4cb021ed5e9c420c536c898b9e9e902b
- SHA1
  
  e89de6b33cef48619d26cfc323de01cd1cb18907
- SHA256
  
  9ec7e76cf0d3408623f38046198ea057d741843d3fe3c706355e1a1635604e00
- SHA512
  
  f2324c561e2535de27318c329689f43f2d92bb7a10c055719d5354110a0df6423efc4efea5985bdf13e2fdd127b88ebea6f672c1b3cae542fd2a5ddf916d20e6
- SSDEEP
  
  3072:E6wbe7nWIYPnSUAMjRb63TsR9kHLbzLII1mXv+PYGR2:F2jtyHLbQomXv+wGR2
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1