gafgyt | ecd66e5a942f3296d708e83e68e066dbb496814f8b1177c5a49318c7e0b5a662 | Triage

Sharing

General

Target

ssd.elf
Size

170KB
Sample

250109-h1hncavpaq
MD5

f1e8ee3a8f363f3f3b28fc7bb3bb04c4
SHA1

1878e2bcf186554dddc7829f443d4220bf8327fb
SHA256

ecd66e5a942f3296d708e83e68e066dbb496814f8b1177c5a49318c7e0b5a662
SHA512

d94e2942c02027382d888e04682d82c805eef695c80a8a318c3e7fc40f13315889fa6825a9f9ce6f7002ca94a051cd0c7989904663730985975b3c80844016f6
SSDEEP

3072:AC3BygHRaZ7DqwyLVtwZMoUrOfeSdcCtbxXG8mmoQSmKvgp4:AayeRal4LVAMo4OfeCcCDXG8mmoQSmkl

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

89.33.192.138:6581

Targets

- Target
  
  ssd.elf
- Size
  
  170KB
- MD5
  
  f1e8ee3a8f363f3f3b28fc7bb3bb04c4
- SHA1
  
  1878e2bcf186554dddc7829f443d4220bf8327fb
- SHA256
  
  ecd66e5a942f3296d708e83e68e066dbb496814f8b1177c5a49318c7e0b5a662
- SHA512
  
  d94e2942c02027382d888e04682d82c805eef695c80a8a318c3e7fc40f13315889fa6825a9f9ce6f7002ca94a051cd0c7989904663730985975b3c80844016f6
- SSDEEP
  
  3072:AC3BygHRaZ7DqwyLVtwZMoUrOfeSdcCtbxXG8mmoQSmKvgp4:AayeRal4LVAMo4OfeCcCDXG8mmoQSmkl
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1