gafgyt | e6177852038d2130936a6c52ae274f813d5338f94b4f27faa6e19f7db19cbd46 | Triage

Sharing

General

Target

e6177852038d2130936a6c52ae274f813d5338f94b4f27faa6e19f7db19cbd46.elf
Size

149KB
Sample

250101-dtvbcavper
MD5

76cd360f074eaa5d8287bb0762aab991
SHA1

72da777df5b6d7794efa05d87e5528d0c45e1403
SHA256

e6177852038d2130936a6c52ae274f813d5338f94b4f27faa6e19f7db19cbd46
SHA512

897e406c0982fa347e945653a5af9db7876004ff0e54a9a2bb5cde10bb0df3b52172a54481726d974621291deaae0c29df90e2333eb81c6fe30f15e190cdfd38
SSDEEP

3072:VV7mFOvf5veB/7PxPWDlVEsgixj8YjmujymeYBn3:VV7mQ+TpWvIivjmujymtBn3

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

195.179.230.64:606

Targets

- Target
  
  e6177852038d2130936a6c52ae274f813d5338f94b4f27faa6e19f7db19cbd46.elf
- Size
  
  149KB
- MD5
  
  76cd360f074eaa5d8287bb0762aab991
- SHA1
  
  72da777df5b6d7794efa05d87e5528d0c45e1403
- SHA256
  
  e6177852038d2130936a6c52ae274f813d5338f94b4f27faa6e19f7db19cbd46
- SHA512
  
  897e406c0982fa347e945653a5af9db7876004ff0e54a9a2bb5cde10bb0df3b52172a54481726d974621291deaae0c29df90e2333eb81c6fe30f15e190cdfd38
- SSDEEP
  
  3072:VV7mFOvf5veB/7PxPWDlVEsgixj8YjmujymeYBn3:VV7mQ+TpWvIivjmujymtBn3
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1