gafgyt | 434abd280673159df72c6a9eaaf0d2e8b260b079e11f728bfa5eba3d6b44d934 | Triage

Sharing

General

Target

434abd280673159df72c6a9eaaf0d2e8b260b079e11f728bfa5eba3d6b44d934.elf
Size

85KB
Sample

241215-cnpcgasrbk
MD5

28e18d356688c0fdf9e3afaa4bad0bfc
SHA1

812439314484bad7d93f2539e10be1214ef208c9
SHA256

434abd280673159df72c6a9eaaf0d2e8b260b079e11f728bfa5eba3d6b44d934
SHA512

c71fa925fbe857881940682d9117baad84d5981e09cacc332398dc0849eb0396d150b9539216345f7b896cb6d169e95e9335d66e6940cd57645ecd51b587e9e0
SSDEEP

1536:j3oLQ5TCzSVYERb1aGy8gwi5vYMbBZzp6+m5CsNFPVYLf0:r8Q5Tv+U5aH8VkAMfp7mwsN1VYLf0

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

93.123.85.5:666

Targets

- Target
  
  434abd280673159df72c6a9eaaf0d2e8b260b079e11f728bfa5eba3d6b44d934.elf
- Size
  
  85KB
- MD5
  
  28e18d356688c0fdf9e3afaa4bad0bfc
- SHA1
  
  812439314484bad7d93f2539e10be1214ef208c9
- SHA256
  
  434abd280673159df72c6a9eaaf0d2e8b260b079e11f728bfa5eba3d6b44d934
- SHA512
  
  c71fa925fbe857881940682d9117baad84d5981e09cacc332398dc0849eb0396d150b9539216345f7b896cb6d169e95e9335d66e6940cd57645ecd51b587e9e0
- SSDEEP
  
  1536:j3oLQ5TCzSVYERb1aGy8gwi5vYMbBZzp6+m5CsNFPVYLf0:r8Q5Tv+U5aH8VkAMfp7mwsN1VYLf0
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1