gafgyt | e9824f05b581e39ad1d49714b483d4603b81e828797b111d7aec02154bc52b7d | Triage

Sharing

General

Target

e9824f05b581e39ad1d49714b483d4603b81e828797b111d7aec02154bc52b7d.elf
Size

94KB
Sample

250110-er4bxatpgn
MD5

57524629e68d4595f15157a3cdbfde01
SHA1

e0b22ae870db745885f2fd00eef10fedab6e9133
SHA256

e9824f05b581e39ad1d49714b483d4603b81e828797b111d7aec02154bc52b7d
SHA512

6562b556a70bef4b028e0b7d55bf565c614425b7f428574504238a155ce7dcf3812abc66dd845e68ae56cacf043a40a598f1f9f6125cb5f38978accbb5afc7ab
SSDEEP

1536:eApB6UCU2CFroahQf2+lCDN94UwkGcv0nIFIkrcs1qmc2PhU9HefK:vpB6UCU2CFroayZoDN6UzvWIF2qqmc2m

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

89.33.192.138:6581

Targets

- Target
  
  e9824f05b581e39ad1d49714b483d4603b81e828797b111d7aec02154bc52b7d.elf
- Size
  
  94KB
- MD5
  
  57524629e68d4595f15157a3cdbfde01
- SHA1
  
  e0b22ae870db745885f2fd00eef10fedab6e9133
- SHA256
  
  e9824f05b581e39ad1d49714b483d4603b81e828797b111d7aec02154bc52b7d
- SHA512
  
  6562b556a70bef4b028e0b7d55bf565c614425b7f428574504238a155ce7dcf3812abc66dd845e68ae56cacf043a40a598f1f9f6125cb5f38978accbb5afc7ab
- SSDEEP
  
  1536:eApB6UCU2CFroahQf2+lCDN94UwkGcv0nIFIkrcs1qmc2PhU9HefK:vpB6UCU2CFroayZoDN6UzvWIF2qqmc2m
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1