gafgyt | 3bb91a64535d3fbd24e870033443bf4bed94c40e5801b8a0d3cc14bb79644024 | Triage

Sharing

General

Target

3bb91a64535d3fbd24e870033443bf4bed94c40e5801b8a0d3cc14bb79644024.elf
Size

98KB
Sample

241217-cza9zsymdr
MD5

d2bfbef39d223ad6de03fd28044b755e
SHA1

20aa09942c03070b3c8812f51c0d07c822cc1649
SHA256

3bb91a64535d3fbd24e870033443bf4bed94c40e5801b8a0d3cc14bb79644024
SHA512

504a71559f148bb075dd31acf4dee777cb16a9bc7c96b82618ff7674c376d24fe8590778b1da90f1ebc431ee9efae92dce6c2c110a50572413d8eb77f488c102
SSDEEP

3072:1Sd+e6mKaGP0NhD3PpShtKmZuqQ4DPwXXtse:C6mxGP0hD3PiKmZuqQ4DPwXXtse

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

150.241.88.132:25565

Targets

- Target
  
  3bb91a64535d3fbd24e870033443bf4bed94c40e5801b8a0d3cc14bb79644024.elf
- Size
  
  98KB
- MD5
  
  d2bfbef39d223ad6de03fd28044b755e
- SHA1
  
  20aa09942c03070b3c8812f51c0d07c822cc1649
- SHA256
  
  3bb91a64535d3fbd24e870033443bf4bed94c40e5801b8a0d3cc14bb79644024
- SHA512
  
  504a71559f148bb075dd31acf4dee777cb16a9bc7c96b82618ff7674c376d24fe8590778b1da90f1ebc431ee9efae92dce6c2c110a50572413d8eb77f488c102
- SSDEEP
  
  3072:1Sd+e6mKaGP0NhD3PpShtKmZuqQ4DPwXXtse:C6mxGP0hD3PiKmZuqQ4DPwXXtse
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1