gafgyt | 3076007d721bf1429983962438de193c39e67cd78c75336b3e9bd9855ea5beb5 | Triage

Sharing

General

Target

ssd.elf
Size

109KB
Sample

250111-h68fyszrc1
MD5

af4ae224675ae5f9774c06dcfb78033a
SHA1

bfb636576e3e53cbe672712cce723e7ad7661eb3
SHA256

3076007d721bf1429983962438de193c39e67cd78c75336b3e9bd9855ea5beb5
SHA512

f1e69497516b3b3f29d1dc791d8d66cd20209e26d89a0bdf4f1e543858ff0701e06a7fe38e7d228b8ce1afa23001f2e814d1217154d1935a72c9f63fec2bba6e
SSDEEP

3072:DKmA8aOS17tm2KOJxJsTDGgqW8bmTQOWsXAOn:Dc8aOS17xJsTDQbmTQOWCAOn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

89.33.192.138:65447

Targets

- Target
  
  ssd.elf
- Size
  
  109KB
- MD5
  
  af4ae224675ae5f9774c06dcfb78033a
- SHA1
  
  bfb636576e3e53cbe672712cce723e7ad7661eb3
- SHA256
  
  3076007d721bf1429983962438de193c39e67cd78c75336b3e9bd9855ea5beb5
- SHA512
  
  f1e69497516b3b3f29d1dc791d8d66cd20209e26d89a0bdf4f1e543858ff0701e06a7fe38e7d228b8ce1afa23001f2e814d1217154d1935a72c9f63fec2bba6e
- SSDEEP
  
  3072:DKmA8aOS17tm2KOJxJsTDGgqW8bmTQOWsXAOn:Dc8aOS17xJsTDQbmTQOWCAOn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1