gafgyt | 102f027d9f7a95f8c24395786a4315ca95b2421fa5ae5cd5450b608289900e35 | Triage

Sharing

General

Target

rebirth.i686.elf
Size

85KB
Sample

241230-bndqassrej
MD5

5948c09ed728dd52dbcc333222e72d91
SHA1

683c13ef3c0d0ab47222add1eb04b3a5eaaab14e
SHA256

102f027d9f7a95f8c24395786a4315ca95b2421fa5ae5cd5450b608289900e35
SHA512

b3ef89d3dfa5bcb461e8f9f69e3cd409142a22964fc88eaaaed5d7e136f2617e2069e133dc5b8ebb3dcd4a5b6b0f00c9152c5955a8eab94cce571c4f3fdf1601
SSDEEP

1536:x3oLQ5TCzSVYERb1aGy8gwi5voMbBZzp6+m5CsNFPVYLf0:d8Q5Tv+U5aH8VkAMfp7mwsN1VYLf0

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

23.95.72.235:666

Targets

- Target
  
  rebirth.i686.elf
- Size
  
  85KB
- MD5
  
  5948c09ed728dd52dbcc333222e72d91
- SHA1
  
  683c13ef3c0d0ab47222add1eb04b3a5eaaab14e
- SHA256
  
  102f027d9f7a95f8c24395786a4315ca95b2421fa5ae5cd5450b608289900e35
- SHA512
  
  b3ef89d3dfa5bcb461e8f9f69e3cd409142a22964fc88eaaaed5d7e136f2617e2069e133dc5b8ebb3dcd4a5b6b0f00c9152c5955a8eab94cce571c4f3fdf1601
- SSDEEP
  
  1536:x3oLQ5TCzSVYERb1aGy8gwi5voMbBZzp6+m5CsNFPVYLf0:d8Q5Tv+U5aH8VkAMfp7mwsN1VYLf0
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1