gafgyt | f7548b648a490e1b26b44caebda3de87e7f36abf52ecc935e0fbf69aa6a3d3ff | Triage

Sharing

General

Target

f7548b648a490e1b26b44caebda3de87e7f36abf52ecc935e0fbf69aa6a3d3ff.elf
Size

123KB
Sample

241214-rh8aqawnaj
MD5

1a7871fd3be3629f82a6d853a664a1fe
SHA1

30b792715c6b463ad15944f07f746eccc12e75bc
SHA256

f7548b648a490e1b26b44caebda3de87e7f36abf52ecc935e0fbf69aa6a3d3ff
SHA512

8cf8f1325c1e0ef9813346d50cc2d632ac0fe43088fa767380ae050f4f6b366f394693ae7721c713473061c8271850b2d6b359c4644a351ff5ed62d7ba107ab4
SSDEEP

1536:/UHeTxCAms/Y8Zm3lKYA43gMJwSkJ8Epc+DGGJrmW+IFB1Df11hR/:/UyLqAmgMJM8E6+DGsrmW+IFB1Dt1hR/

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

154.213.187.62:1865

Targets

- Target
  
  f7548b648a490e1b26b44caebda3de87e7f36abf52ecc935e0fbf69aa6a3d3ff.elf
- Size
  
  123KB
- MD5
  
  1a7871fd3be3629f82a6d853a664a1fe
- SHA1
  
  30b792715c6b463ad15944f07f746eccc12e75bc
- SHA256
  
  f7548b648a490e1b26b44caebda3de87e7f36abf52ecc935e0fbf69aa6a3d3ff
- SHA512
  
  8cf8f1325c1e0ef9813346d50cc2d632ac0fe43088fa767380ae050f4f6b366f394693ae7721c713473061c8271850b2d6b359c4644a351ff5ed62d7ba107ab4
- SSDEEP
  
  1536:/UHeTxCAms/Y8Zm3lKYA43gMJwSkJ8Epc+DGGJrmW+IFB1Df11hR/:/UyLqAmgMJM8E6+DGsrmW+IFB1Dt1hR/
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1