gafgyt | a20eae7046a22b1a174c057c3c7fce6d4224de642760f709db61826771355d1a | Triage

Sharing

General

Target

sse.elf
Size

147KB
Sample

250111-h4d5bssrcl
MD5

a42441ae6d4aa9519f2446eefd7d4ad4
SHA1

1e810fb37a84e385b9054116f2546fbd8d8a1ef5
SHA256

a20eae7046a22b1a174c057c3c7fce6d4224de642760f709db61826771355d1a
SHA512

21507c90324fe3da600a164c40de9357c85ce8bfddb10e3f6bcc3d3dc7f6f70447feabb1680749edaa7bdb378c6eb0d90997832bfc07735bf13edd45c24cc510
SSDEEP

3072:uenraJTZv6uYXNq+3rIpIUnnFEM/9IWxhmpwfvRQfZn:7raJTZvZk7rI2UnneM/95mpwfvafZn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

89.33.192.138:65447

Targets

- Target
  
  sse.elf
- Size
  
  147KB
- MD5
  
  a42441ae6d4aa9519f2446eefd7d4ad4
- SHA1
  
  1e810fb37a84e385b9054116f2546fbd8d8a1ef5
- SHA256
  
  a20eae7046a22b1a174c057c3c7fce6d4224de642760f709db61826771355d1a
- SHA512
  
  21507c90324fe3da600a164c40de9357c85ce8bfddb10e3f6bcc3d3dc7f6f70447feabb1680749edaa7bdb378c6eb0d90997832bfc07735bf13edd45c24cc510
- SSDEEP
  
  3072:uenraJTZv6uYXNq+3rIpIUnnFEM/9IWxhmpwfvRQfZn:7raJTZvZk7rI2UnneM/95mpwfvafZn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1