gafgyt | 7f765da92fc5198d8471e539295abe983cfe16e69d8f8ef4e62952d74b2855c2 | Triage

Sharing

General

Target

sss.elf
Size

143KB
Sample

250111-md8cpsynhr
MD5

9927dbbbcf327501a8d6e46e3b6bafca
SHA1

09d2eed3ed7aa3af21958b9115f45a716e5ea4f7
SHA256

7f765da92fc5198d8471e539295abe983cfe16e69d8f8ef4e62952d74b2855c2
SHA512

1dc4458787be47a271486a14e67e7874e5afd1fdace81a85d00bd60a3b3c67dfa450d1c39ca6660af32261634b5a27dd65a4999a5e05aa27eeaa4166c87cdac0
SSDEEP

3072:DgFB3V3nMKVA0osc6Bgqgyy5ULjo5LGOPdsu3:Dg31nZUvYLvyULjo5LGOPdsu3

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

89.33.192.138:65447

Targets

- Target
  
  sss.elf
- Size
  
  143KB
- MD5
  
  9927dbbbcf327501a8d6e46e3b6bafca
- SHA1
  
  09d2eed3ed7aa3af21958b9115f45a716e5ea4f7
- SHA256
  
  7f765da92fc5198d8471e539295abe983cfe16e69d8f8ef4e62952d74b2855c2
- SHA512
  
  1dc4458787be47a271486a14e67e7874e5afd1fdace81a85d00bd60a3b3c67dfa450d1c39ca6660af32261634b5a27dd65a4999a5e05aa27eeaa4166c87cdac0
- SSDEEP
  
  3072:DgFB3V3nMKVA0osc6Bgqgyy5ULjo5LGOPdsu3:Dg31nZUvYLvyULjo5LGOPdsu3
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1