gafgyt | 98edba37c596b819bef407b525106b65f779e988ea9b27c300bd807aeaa63d4a | Triage

Sharing

General

Target

sss.elf
Size

110KB
Sample

250111-g5f5msylbs
MD5

69962af56389332e691928e0c0f364fe
SHA1

cdbf8735f5d36a4042f353cd28fbed5d149bcc13
SHA256

98edba37c596b819bef407b525106b65f779e988ea9b27c300bd807aeaa63d4a
SHA512

96f22b8ed2a04f8692327ff5289224357acdd2abf4dac68c9d7ce2423a1296f802798546124e994b99782ad03cd4a401f6c350f9ef48c9069bbce19ff5e699eb
SSDEEP

1536:57jO1TBqq+XaYF2rKy/evDiP50c6eIymEmyjCcF9rUmkiSFxfC7xbXe:UPBXP50a9myjzzUmkiSFxfKxbXe

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

89.33.192.138:65447

Targets

- Target
  
  sss.elf
- Size
  
  110KB
- MD5
  
  69962af56389332e691928e0c0f364fe
- SHA1
  
  cdbf8735f5d36a4042f353cd28fbed5d149bcc13
- SHA256
  
  98edba37c596b819bef407b525106b65f779e988ea9b27c300bd807aeaa63d4a
- SHA512
  
  96f22b8ed2a04f8692327ff5289224357acdd2abf4dac68c9d7ce2423a1296f802798546124e994b99782ad03cd4a401f6c350f9ef48c9069bbce19ff5e699eb
- SSDEEP
  
  1536:57jO1TBqq+XaYF2rKy/evDiP50c6eIymEmyjCcF9rUmkiSFxfC7xbXe:UPBXP50a9myjzzUmkiSFxfKxbXe
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1