gafgyt | 9a9dabc7e7049bbe769862a4f3ddfc65b6ba294a048d41b95588a8a6dd68c56e | Triage

Sharing

General

Target

ss.elf
Size

89KB
Sample

250109-h1hcksspcw
MD5

d7612a30f87510c9dc2a7058b535e086
SHA1

f8e29c34a4d608a42b6ee5b0e4155c02ef4a163d
SHA256

9a9dabc7e7049bbe769862a4f3ddfc65b6ba294a048d41b95588a8a6dd68c56e
SHA512

2255ef5c6fce4040da8c897672af78b000a41be93b182ee1558ce042886831866ae07f51bfc4fbf633ba953ccdae5945dc30ef6b6edf8fcd32887e94aa10b446
SSDEEP

1536:oTfepUvU5S1awHRoZJfeeYI+s8LCw9HbQfzgeVJYCuAAxcW7efTcgZvYV:oToUvU52HRoZpeevbFWOUeVgxcW7ef45

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

89.33.192.138:6581

Targets

- Target
  
  ss.elf
- Size
  
  89KB
- MD5
  
  d7612a30f87510c9dc2a7058b535e086
- SHA1
  
  f8e29c34a4d608a42b6ee5b0e4155c02ef4a163d
- SHA256
  
  9a9dabc7e7049bbe769862a4f3ddfc65b6ba294a048d41b95588a8a6dd68c56e
- SHA512
  
  2255ef5c6fce4040da8c897672af78b000a41be93b182ee1558ce042886831866ae07f51bfc4fbf633ba953ccdae5945dc30ef6b6edf8fcd32887e94aa10b446
- SSDEEP
  
  1536:oTfepUvU5S1awHRoZJfeeYI+s8LCw9HbQfzgeVJYCuAAxcW7efTcgZvYV:oToUvU52HRoZpeevbFWOUeVgxcW7ef45
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1