gafgyt | c82f09cfd95dc91ca98e5a5cda13e5652449bfa9946d5309867a6c4f6e1f0ed9 | Triage

Sharing

General

Target

ssb.elf
Size

119KB
Sample

250109-h1hncavpak
MD5

181bbb04ad8aeb8c587d5c5db62a9034
SHA1

9557d6b561a23eb8bd246d6653e5014f35f51f19
SHA256

c82f09cfd95dc91ca98e5a5cda13e5652449bfa9946d5309867a6c4f6e1f0ed9
SHA512

2f74e64400d75d93ecee64e0cfba6d61792c181ca4fc6fb0903f23b7dd8cae52f8a942d139950e173f531cf7a267a1bb62781fcffeb0e4f4843aa0622d462839
SSDEEP

3072:ZHxsY8kYWNKYCGACj7zQWWrU1PKN5QtX7I0bz3:0Y8XkDn7j7jPKN5QtX7I0bz3

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

89.33.192.138:6581

Targets

- Target
  
  ssb.elf
- Size
  
  119KB
- MD5
  
  181bbb04ad8aeb8c587d5c5db62a9034
- SHA1
  
  9557d6b561a23eb8bd246d6653e5014f35f51f19
- SHA256
  
  c82f09cfd95dc91ca98e5a5cda13e5652449bfa9946d5309867a6c4f6e1f0ed9
- SHA512
  
  2f74e64400d75d93ecee64e0cfba6d61792c181ca4fc6fb0903f23b7dd8cae52f8a942d139950e173f531cf7a267a1bb62781fcffeb0e4f4843aa0622d462839
- SSDEEP
  
  3072:ZHxsY8kYWNKYCGACj7zQWWrU1PKN5QtX7I0bz3:0Y8XkDn7j7jPKN5QtX7I0bz3
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1