gafgyt | 7fda874f2b9c30149bd2aec6a1bc96be0d5398d80cda82e73087d57c6dbedfc6 | Triage

Sharing

General

Target

7fda874f2b9c30149bd2aec6a1bc96be0d5398d80cda82e73087d57c6dbedfc6.elf
Size

106KB
Sample

241213-c58sfawle1
MD5

7132690ea66de493746cbb68e4d90949
SHA1

5c5e855fa05902e73a77765d49142c75bf36fde8
SHA256

7fda874f2b9c30149bd2aec6a1bc96be0d5398d80cda82e73087d57c6dbedfc6
SHA512

75c042fa01735a69eaefc3b33aba371922006574b2fae6ff270f5dc1d2d45210616a8ae4522dc4d0c0d8504f8cc7685b9e577a0081214235a9035a54f785bcc4
SSDEEP

3072:j6dye4BmJQ3phaZw/1vc45AzkSXmdRWaLHgb4:d3phaZcErmdRWaDgb4

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

185.177.25.107:4258

Targets

- Target
  
  7fda874f2b9c30149bd2aec6a1bc96be0d5398d80cda82e73087d57c6dbedfc6.elf
- Size
  
  106KB
- MD5
  
  7132690ea66de493746cbb68e4d90949
- SHA1
  
  5c5e855fa05902e73a77765d49142c75bf36fde8
- SHA256
  
  7fda874f2b9c30149bd2aec6a1bc96be0d5398d80cda82e73087d57c6dbedfc6
- SHA512
  
  75c042fa01735a69eaefc3b33aba371922006574b2fae6ff270f5dc1d2d45210616a8ae4522dc4d0c0d8504f8cc7685b9e577a0081214235a9035a54f785bcc4
- SSDEEP
  
  3072:j6dye4BmJQ3phaZw/1vc45AzkSXmdRWaLHgb4:d3phaZcErmdRWaDgb4
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1