gafgyt | a3c242b6037414042b7e675022f93cc3d3fdcb7034d169b199458fa097dc1d58 | Triage

Sharing

General

Target

a3c242b6037414042b7e675022f93cc3d3fdcb7034d169b199458fa097dc1d58.elf
Size

98KB
Sample

241214-phs5patkbk
MD5

8dba4950f3120e3de39c66b59d36bc55
SHA1

4e52f383d50310b26cacfcc5a0a71b8c2f2980f1
SHA256

a3c242b6037414042b7e675022f93cc3d3fdcb7034d169b199458fa097dc1d58
SHA512

8d905d9fc64fd66b7dc2d8d96dce0d5121518d2fff2c5f1bce75e769af2386ec046536e4b0b998dd0f104d4b6552b0596524a27fc167fba79d3d6fcbc5783547
SSDEEP

3072:VSx+i6mqaObhNEnPLGd22mZuqQ4DPwXXtse:y6mRObnEnPp2mZuqQ4DPwXXtse

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

154.213.187.62:1865

Targets

- Target
  
  a3c242b6037414042b7e675022f93cc3d3fdcb7034d169b199458fa097dc1d58.elf
- Size
  
  98KB
- MD5
  
  8dba4950f3120e3de39c66b59d36bc55
- SHA1
  
  4e52f383d50310b26cacfcc5a0a71b8c2f2980f1
- SHA256
  
  a3c242b6037414042b7e675022f93cc3d3fdcb7034d169b199458fa097dc1d58
- SHA512
  
  8d905d9fc64fd66b7dc2d8d96dce0d5121518d2fff2c5f1bce75e769af2386ec046536e4b0b998dd0f104d4b6552b0596524a27fc167fba79d3d6fcbc5783547
- SSDEEP
  
  3072:VSx+i6mqaObhNEnPLGd22mZuqQ4DPwXXtse:y6mRObnEnPp2mZuqQ4DPwXXtse
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1