gafgyt | abb74b82d4f661b0c8021e31a05ed9ad827d714b1eca2a786e8d25cd5f06821a | Triage

Sharing

General

Target

i686.elf
Size

89KB
Sample

241229-pz7peasjdl
MD5

766a3f2bc9c93e264a77b1431224d4df
SHA1

d782c81890f6843bf6080607dba7c564938c9b59
SHA256

abb74b82d4f661b0c8021e31a05ed9ad827d714b1eca2a786e8d25cd5f06821a
SHA512

beae8c3a22ac6ad041f69a8cc7d9c0dae80eb6a52fd3e943e8add5df2c0b5a349981a684ad4b22e9524af3cf299508781c181479828919eeda513b7c3a1ccd71
SSDEEP

1536:2JcSA3zJO93RceGQwqWQC1yIZ2DN1d3Oow5hBPrJs6Wshe0QzUzJYQ2Wk:CAI93RceGT91yIZ2DN1QL5hBlWUe0QzR

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

98.159.236.221:23

Targets

- Target
  
  i686.elf
- Size
  
  89KB
- MD5
  
  766a3f2bc9c93e264a77b1431224d4df
- SHA1
  
  d782c81890f6843bf6080607dba7c564938c9b59
- SHA256
  
  abb74b82d4f661b0c8021e31a05ed9ad827d714b1eca2a786e8d25cd5f06821a
- SHA512
  
  beae8c3a22ac6ad041f69a8cc7d9c0dae80eb6a52fd3e943e8add5df2c0b5a349981a684ad4b22e9524af3cf299508781c181479828919eeda513b7c3a1ccd71
- SSDEEP
  
  1536:2JcSA3zJO93RceGQwqWQC1yIZ2DN1d3Oow5hBPrJs6Wshe0QzUzJYQ2Wk:CAI93RceGT91yIZ2DN1QL5hBlWUe0QzR
Score

7^/10
- Writes DNS configuration
  Writes data to DNS resolver config file.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Adversary-in-the-Middle

Discovery

Lateral Movement

Collection

Adversary-in-the-Middle

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1