gafgyt | 7780ae12ab7aa44d2010b16b4cc944b9cc5df5dcd945f7edb12c992af76cfbe3 | Triage

Sharing

General

Target

7780ae12ab7aa44d2010b16b4cc944b9cc5df5dcd945f7edb12c992af76cfbe3.elf
Size

150KB
Sample

241223-cm27yatpex
MD5

b2beab580053cd4b42058f5e043e5211
SHA1

7c26316b9a7a8d2d4f4cd1186e06b5303fb6f75b
SHA256

7780ae12ab7aa44d2010b16b4cc944b9cc5df5dcd945f7edb12c992af76cfbe3
SHA512

04aa9f2510478887f14af622b899b323ad00576c3fbea2150b9cd5523b4da5a43d3cb41ffbccbeab8337fb34f42d409f775c7ddaa0b54dd0ef3b73c6d0176ea0
SSDEEP

3072:Tdbmn8aAEHqgSkano1DTAD5hWTGZWYxVlxXmpwTsL/QMyn:he8aAEHKkdDTW5hWTGZWYxVldmpwTsLS

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.216.71.152:4258

Targets

- Target
  
  7780ae12ab7aa44d2010b16b4cc944b9cc5df5dcd945f7edb12c992af76cfbe3.elf
- Size
  
  150KB
- MD5
  
  b2beab580053cd4b42058f5e043e5211
- SHA1
  
  7c26316b9a7a8d2d4f4cd1186e06b5303fb6f75b
- SHA256
  
  7780ae12ab7aa44d2010b16b4cc944b9cc5df5dcd945f7edb12c992af76cfbe3
- SHA512
  
  04aa9f2510478887f14af622b899b323ad00576c3fbea2150b9cd5523b4da5a43d3cb41ffbccbeab8337fb34f42d409f775c7ddaa0b54dd0ef3b73c6d0176ea0
- SSDEEP
  
  3072:Tdbmn8aAEHqgSkano1DTAD5hWTGZWYxVlxXmpwTsL/QMyn:he8aAEHKkdDTW5hWTGZWYxVldmpwTsLS
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1