gafgyt | ce28907943bc46496ee99e0dfb9618644062628502fbcf5ff59be886863d60e5 | Triage

Sharing

General

Target

ce28907943bc46496ee99e0dfb9618644062628502fbcf5ff59be886863d60e5.elf
Size

83KB
Sample

250108-dlmxas1pes
MD5

57dee730e854b5ba734bcd395b44d012
SHA1

05d02dc536aeb6c21bb00cfd4e44f6d1b6588d6e
SHA256

ce28907943bc46496ee99e0dfb9618644062628502fbcf5ff59be886863d60e5
SHA512

cf595b0599fd6ccd95141e15088d4f2c5ee0206be2df5083eca3b5dab0595b544f03767db4f2ac032d2fb3ab91de9661d49f4e802af436c123a78186eebbe2da
SSDEEP

1536:W35b9Vc4N3J6lreu5r4hWj8L4WDloRmF+wVOz+sXcfW7k:Ab9Vc4JJ6liuq0Yk2oRmEwVOz+ucfW7k

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

38.134.189.10:12345

Targets

- Target
  
  ce28907943bc46496ee99e0dfb9618644062628502fbcf5ff59be886863d60e5.elf
- Size
  
  83KB
- MD5
  
  57dee730e854b5ba734bcd395b44d012
- SHA1
  
  05d02dc536aeb6c21bb00cfd4e44f6d1b6588d6e
- SHA256
  
  ce28907943bc46496ee99e0dfb9618644062628502fbcf5ff59be886863d60e5
- SHA512
  
  cf595b0599fd6ccd95141e15088d4f2c5ee0206be2df5083eca3b5dab0595b544f03767db4f2ac032d2fb3ab91de9661d49f4e802af436c123a78186eebbe2da
- SSDEEP
  
  1536:W35b9Vc4N3J6lreu5r4hWj8L4WDloRmF+wVOz+sXcfW7k:Ab9Vc4JJ6liuq0Yk2oRmEwVOz+ucfW7k
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1