gafgyt | d7e692e9b170b43d4608d39f6cd9ea2bebdbd151166f572c65496d0df162beaf | Triage

Sharing

General

Target

ssi.elf
Size

74KB
Sample

250111-hnmfrsslfj
MD5

074033f8d86474698c07cc049b2abef9
SHA1

80bda8af65af4c2acf99df2ca4cb67f4d0e4a8b2
SHA256

d7e692e9b170b43d4608d39f6cd9ea2bebdbd151166f572c65496d0df162beaf
SHA512

c24af4f22f3c3ea0d7742d986ab1f89a786e6f0162d20d96e69f14fa5fe6fd3a507a4afc211451016ae4d7bd8c5751ca1aed35e1adecc489db1e8148f7ffbc91
SSDEEP

1536:1/PKCSudWp8QqCorO7ph6F9Zu23B7oWt8NsEAbtmLI2VOCjXUfJRk:YCS52/CorONh6Zh1OuntmU2VOCbUfJRk

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

89.33.192.138:65447

Targets

- Target
  
  ssi.elf
- Size
  
  74KB
- MD5
  
  074033f8d86474698c07cc049b2abef9
- SHA1
  
  80bda8af65af4c2acf99df2ca4cb67f4d0e4a8b2
- SHA256
  
  d7e692e9b170b43d4608d39f6cd9ea2bebdbd151166f572c65496d0df162beaf
- SHA512
  
  c24af4f22f3c3ea0d7742d986ab1f89a786e6f0162d20d96e69f14fa5fe6fd3a507a4afc211451016ae4d7bd8c5751ca1aed35e1adecc489db1e8148f7ffbc91
- SSDEEP
  
  1536:1/PKCSudWp8QqCorO7ph6F9Zu23B7oWt8NsEAbtmLI2VOCjXUfJRk:YCS52/CorONh6Zh1OuntmU2VOCbUfJRk
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1