gafgyt | ddd477456eb69031409fe12fa8e141be0137f30a4c4e4a4dd563d58a6a2bcd31 | Triage

Sharing

General

Target

ddd477456eb69031409fe12fa8e141be0137f30a4c4e4a4dd563d58a6a2bcd31.elf
Size

150KB
Sample

241212-dbm5basncj
MD5

743c25fcc0afa84566e200791bcd05cb
SHA1

014c227e929b3b53e32295b5c2b55d1a695ffe68
SHA256

ddd477456eb69031409fe12fa8e141be0137f30a4c4e4a4dd563d58a6a2bcd31
SHA512

5d8ac35117e02ccd1945c046f99814a62f04b502ff7abeaced0655c5887f6941649e9925869018b172200ae9c94886acda55d898297355f4014bed82dd6bb561
SSDEEP

3072:Tdbmn8aAEHqgSkano1DTAy5hWTGZWYxVlxXmpwTsL/QMyn:he8aAEHKkdDTD5hWTGZWYxVldmpwTsLS

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.177.25.107:4258

Targets

- Target
  
  ddd477456eb69031409fe12fa8e141be0137f30a4c4e4a4dd563d58a6a2bcd31.elf
- Size
  
  150KB
- MD5
  
  743c25fcc0afa84566e200791bcd05cb
- SHA1
  
  014c227e929b3b53e32295b5c2b55d1a695ffe68
- SHA256
  
  ddd477456eb69031409fe12fa8e141be0137f30a4c4e4a4dd563d58a6a2bcd31
- SHA512
  
  5d8ac35117e02ccd1945c046f99814a62f04b502ff7abeaced0655c5887f6941649e9925869018b172200ae9c94886acda55d898297355f4014bed82dd6bb561
- SSDEEP
  
  3072:Tdbmn8aAEHqgSkano1DTAy5hWTGZWYxVlxXmpwTsL/QMyn:he8aAEHKkdDTD5hWTGZWYxVldmpwTsLS
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1