gafgyt | 6b2c936593f3f32b29141bb0bcacbc2198444d54e4bb5cc40eaf103e09abfac3 | Triage

Sharing

General

Target

6b2c936593f3f32b29141bb0bcacbc2198444d54e4bb5cc40eaf103e09abfac3.elf
Size

112KB
Sample

241216-ctep8aypgx
MD5

03f613943cdee79e70d46d1a362c24e5
SHA1

210f08413c504b8efa02d170f8f468bebd0978e2
SHA256

6b2c936593f3f32b29141bb0bcacbc2198444d54e4bb5cc40eaf103e09abfac3
SHA512

45fac9cc5e007f450a357e797f9e1743e020b78fc38c0621148e89ba6719c7290fb76064ccd5d9367c6dfda8c11da02fa3803b9c6df513dab47fadb16d1b7fd4
SSDEEP

3072:vhfviOui5FCRSUaVejY68tE5hqSr3hGm0Qxu1bXWIn:pvfUQVejYXtE5hqSr3hGm0Qxu1rWIn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

166.88.225.34:4258

Targets

- Target
  
  6b2c936593f3f32b29141bb0bcacbc2198444d54e4bb5cc40eaf103e09abfac3.elf
- Size
  
  112KB
- MD5
  
  03f613943cdee79e70d46d1a362c24e5
- SHA1
  
  210f08413c504b8efa02d170f8f468bebd0978e2
- SHA256
  
  6b2c936593f3f32b29141bb0bcacbc2198444d54e4bb5cc40eaf103e09abfac3
- SHA512
  
  45fac9cc5e007f450a357e797f9e1743e020b78fc38c0621148e89ba6719c7290fb76064ccd5d9367c6dfda8c11da02fa3803b9c6df513dab47fadb16d1b7fd4
- SSDEEP
  
  3072:vhfviOui5FCRSUaVejY68tE5hqSr3hGm0Qxu1bXWIn:pvfUQVejYXtE5hqSr3hGm0Qxu1rWIn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1