gafgyt | edef911a70c7e2b27c998899de4a6ae13749f6091582e8c3765d35acce0ac71a | Triage

Sharing

General

Target

edef911a70c7e2b27c998899de4a6ae13749f6091582e8c3765d35acce0ac71a.elf
Size

209KB
Sample

241214-rgfjbawmdq
MD5

cf04b3886c628186bd82c4b98d9bd706
SHA1

d2e36954f893c31d3f01b12d1399a79de9956a30
SHA256

edef911a70c7e2b27c998899de4a6ae13749f6091582e8c3765d35acce0ac71a
SHA512

59e5974e40208db25dc87b1392ec89dd9c243b81788dfa2372a21e9e400f4af2709b688118b2790e70997ff442d4853a06846e8c5fc6c0cf7b962d945938234b
SSDEEP

3072:T4mSFGv/kWadcXVKRd8D5hgH3yJCstmrpy6n9Nn:pn/pebRiD5hgXjstmrpy6n9Nn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

37.44.238.73:8778

Targets

- Target
  
  edef911a70c7e2b27c998899de4a6ae13749f6091582e8c3765d35acce0ac71a.elf
- Size
  
  209KB
- MD5
  
  cf04b3886c628186bd82c4b98d9bd706
- SHA1
  
  d2e36954f893c31d3f01b12d1399a79de9956a30
- SHA256
  
  edef911a70c7e2b27c998899de4a6ae13749f6091582e8c3765d35acce0ac71a
- SHA512
  
  59e5974e40208db25dc87b1392ec89dd9c243b81788dfa2372a21e9e400f4af2709b688118b2790e70997ff442d4853a06846e8c5fc6c0cf7b962d945938234b
- SSDEEP
  
  3072:T4mSFGv/kWadcXVKRd8D5hgH3yJCstmrpy6n9Nn:pn/pebRiD5hgXjstmrpy6n9Nn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1