gafgyt | 7841c5ea5bc3db18e616c51020db28651486687f505cf267a2547ce2bf497389 | Triage

Sharing

General

Target

1a7871fd3be3629f82a6d853a664a1fe.bin
Size

42KB
Sample

241215-bgvega1paj
MD5

7df635470f661fdf6b56a8c667a2e9ca
SHA1

e559b29e030a9e941c6c2ea38348880b22e073df
SHA256

7841c5ea5bc3db18e616c51020db28651486687f505cf267a2547ce2bf497389
SHA512

7a4768d47a85f42569665c9ceaa1a694b2c7624993399ce08bd2cc3e20979e0e43f3e8c011e1d83abd5d5eb08b21ba175c082d95c34c9e304e71587b314a204c
SSDEEP

768:pKzofsx6MDHVMtpvUrktkd2INQep7z+44wcOA6nxkDAJQFJ4yKO55vhkiA:pKyMTVMIkolf4wcv6nxkAQb4yKO55vhq

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

154.213.187.62:1865

Targets

- Target
  
  f7548b648a490e1b26b44caebda3de87e7f36abf52ecc935e0fbf69aa6a3d3ff.elf
- Size
  
  123KB
- MD5
  
  1a7871fd3be3629f82a6d853a664a1fe
- SHA1
  
  30b792715c6b463ad15944f07f746eccc12e75bc
- SHA256
  
  f7548b648a490e1b26b44caebda3de87e7f36abf52ecc935e0fbf69aa6a3d3ff
- SHA512
  
  8cf8f1325c1e0ef9813346d50cc2d632ac0fe43088fa767380ae050f4f6b366f394693ae7721c713473061c8271850b2d6b359c4644a351ff5ed62d7ba107ab4
- SSDEEP
  
  1536:/UHeTxCAms/Y8Zm3lKYA43gMJwSkJ8Epc+DGGJrmW+IFB1Df11hR/:/UyLqAmgMJM8E6+DGsrmW+IFB1Dt1hR/
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1