gafgyt | ef70ae977d084090e1e6190027847b4b8faf783e7d4b30d000f71abcc9ada345 | Triage

Sharing

General

Target

ssc.elf
Size

90KB
Sample

250111-hgxcdssjdm
MD5

dde2d17a7e2be0e4515e539b6f41db1f
SHA1

0c249d31a39d455d21743fad5dc0b2c7ac10f58a
SHA256

ef70ae977d084090e1e6190027847b4b8faf783e7d4b30d000f71abcc9ada345
SHA512

abfa383c8b2655df36802733389e0c7359cf160b3a1bf5cb70e4122e92e564f2dac407f1dade3f38ce073429205ece2485f8e9fd4b38ce1605416659d9a4c639
SSDEEP

1536:EkN/XiFPxOptNjJfisayIBH544x6O5/DPpsNQ8YJmREqQ4b/X7XSee:yFZ8tB2ys44FDPpZmREqQ4bv7XSee

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

89.33.192.138:65447

Targets

- Target
  
  ssc.elf
- Size
  
  90KB
- MD5
  
  dde2d17a7e2be0e4515e539b6f41db1f
- SHA1
  
  0c249d31a39d455d21743fad5dc0b2c7ac10f58a
- SHA256
  
  ef70ae977d084090e1e6190027847b4b8faf783e7d4b30d000f71abcc9ada345
- SHA512
  
  abfa383c8b2655df36802733389e0c7359cf160b3a1bf5cb70e4122e92e564f2dac407f1dade3f38ce073429205ece2485f8e9fd4b38ce1605416659d9a4c639
- SSDEEP
  
  1536:EkN/XiFPxOptNjJfisayIBH544x6O5/DPpsNQ8YJmREqQ4b/X7XSee:yFZ8tB2ys44FDPpZmREqQ4bv7XSee
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1