gafgyt | 26bb71bc8e6b6343bd80595934f5a8b1ef0a235a8efd86d2866a42ff82f512da | Triage

Sharing

General

Target

26bb71bc8e6b6343bd80595934f5a8b1ef0a235a8efd86d2866a42ff82f512da.elf
Size

99KB
Sample

250110-cnd7ha1kbm
MD5

00389ae9afc4e52098a16c0b227b45bd
SHA1

59aab7520d7a6c875cf911f1588966825017e31f
SHA256

26bb71bc8e6b6343bd80595934f5a8b1ef0a235a8efd86d2866a42ff82f512da
SHA512

a84f7b11091cc2c739907a351a95e0bde6ff0bdb4da8845985f27a35288f455c1894ff651a01f93a57a5dd7a434bdb96d5f0a87dffbc85bd6bb52059b281dd2d
SSDEEP

3072:R3tl3wYkMFJIeIbpLoIc2raQarJeteC9pbw:9JI9pc2+QarJeteC9pbw

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

89.33.192.138:6581

Targets

- Target
  
  26bb71bc8e6b6343bd80595934f5a8b1ef0a235a8efd86d2866a42ff82f512da.elf
- Size
  
  99KB
- MD5
  
  00389ae9afc4e52098a16c0b227b45bd
- SHA1
  
  59aab7520d7a6c875cf911f1588966825017e31f
- SHA256
  
  26bb71bc8e6b6343bd80595934f5a8b1ef0a235a8efd86d2866a42ff82f512da
- SHA512
  
  a84f7b11091cc2c739907a351a95e0bde6ff0bdb4da8845985f27a35288f455c1894ff651a01f93a57a5dd7a434bdb96d5f0a87dffbc85bd6bb52059b281dd2d
- SSDEEP
  
  3072:R3tl3wYkMFJIeIbpLoIc2raQarJeteC9pbw:9JI9pc2+QarJeteC9pbw
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1