gafgyt | 466ae5d16fcf284eb2d890059e14c8a76568b3e2ccf7ae5a54baec38d512d60b | Triage

Sharing

General

Target

466ae5d16fcf284eb2d890059e14c8a76568b3e2ccf7ae5a54baec38d512d60b.elf
Size

141KB
Sample

241212-cr7yzs1qbl
MD5

3a723ef1512dd5b8b5f3409cdf2482a9
SHA1

245e6be124b33b7e9e26ad84e4dfb32006ebfa93
SHA256

466ae5d16fcf284eb2d890059e14c8a76568b3e2ccf7ae5a54baec38d512d60b
SHA512

6abb156647b1ad799f19828787ef74c7fba7214620301f5b8e6cc71128e14245e8dafc289d58233af2f4db0d04ca3ce6d2c633d77412d41eae99b53e86735cfe
SSDEEP

3072:lBXpqf9VHGn7vsk5htpRvHpVFm0/5ApYADn:llp4Wvsk5htvp7m0/5ASADn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.177.25.107:4258

Targets

- Target
  
  466ae5d16fcf284eb2d890059e14c8a76568b3e2ccf7ae5a54baec38d512d60b.elf
- Size
  
  141KB
- MD5
  
  3a723ef1512dd5b8b5f3409cdf2482a9
- SHA1
  
  245e6be124b33b7e9e26ad84e4dfb32006ebfa93
- SHA256
  
  466ae5d16fcf284eb2d890059e14c8a76568b3e2ccf7ae5a54baec38d512d60b
- SHA512
  
  6abb156647b1ad799f19828787ef74c7fba7214620301f5b8e6cc71128e14245e8dafc289d58233af2f4db0d04ca3ce6d2c633d77412d41eae99b53e86735cfe
- SSDEEP
  
  3072:lBXpqf9VHGn7vsk5htpRvHpVFm0/5ApYADn:llp4Wvsk5htvp7m0/5ASADn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1