gafgyt | e48315a11b764ed5e5fe7c457a7112fba6672b06429cc1efd11c8c68670837eb | Triage

Sharing

General

Target

rebirth.x86.elf
Size

98KB
Sample

241230-bq33zatjhq
MD5

7ca085966f75c5c7d28bc4518142a5e0
SHA1

e29b77b8d637abed905cae089b7877c45581cd6a
SHA256

e48315a11b764ed5e5fe7c457a7112fba6672b06429cc1efd11c8c68670837eb
SHA512

d781d8156d9bf18233203a484703d5f4ce0250139a52b9d8efb2e0b5b878844a8efe24c3f917a5a05f45f610f41857cbd634c3409ab7b2693a4fec770fe6e7b6
SSDEEP

1536:QBfT9WiC3txvWtfEo5vXJM9wypej++3hxEgL7nLGPTms5TDUMHYr/:QBjC9wtsOnuejjhxEgL7smITDfHYr/

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

23.95.72.235:666

Targets

- Target
  
  rebirth.x86.elf
- Size
  
  98KB
- MD5
  
  7ca085966f75c5c7d28bc4518142a5e0
- SHA1
  
  e29b77b8d637abed905cae089b7877c45581cd6a
- SHA256
  
  e48315a11b764ed5e5fe7c457a7112fba6672b06429cc1efd11c8c68670837eb
- SHA512
  
  d781d8156d9bf18233203a484703d5f4ce0250139a52b9d8efb2e0b5b878844a8efe24c3f917a5a05f45f610f41857cbd634c3409ab7b2693a4fec770fe6e7b6
- SSDEEP
  
  1536:QBfT9WiC3txvWtfEo5vXJM9wypej++3hxEgL7nLGPTms5TDUMHYr/:QBjC9wtsOnuejjhxEgL7smITDfHYr/
Score

9^/10

discovery
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1