gafgyt | c52cc8e9f3c411da04a177a00c59a4ca99d817f8ff2a665dbb6140a51778ac70 | Triage

Sharing

General

Target

ssb.elf
Size

111KB
Sample

250111-mg3xdsyqcq
MD5

f1260d5b2810144eed89c613b21f934b
SHA1

b3a23824dc6973028a258c7b67e5c790f984ca03
SHA256

c52cc8e9f3c411da04a177a00c59a4ca99d817f8ff2a665dbb6140a51778ac70
SHA512

ec374a720971d0acbffbbdf0d7f3b41d10445cae388eb07c489695d781bc35be5751c4835a561fa90a645436a01947994696438208811e93993c2bec5460c855
SSDEEP

3072:iH3IkVmX9MVG8G7j97zQ8aZoP3AoQzWwhRHZ3:rkVe+VGF7j97tP3AoQzWwhRHZ3

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

89.33.192.138:65447

Targets

- Target
  
  ssb.elf
- Size
  
  111KB
- MD5
  
  f1260d5b2810144eed89c613b21f934b
- SHA1
  
  b3a23824dc6973028a258c7b67e5c790f984ca03
- SHA256
  
  c52cc8e9f3c411da04a177a00c59a4ca99d817f8ff2a665dbb6140a51778ac70
- SHA512
  
  ec374a720971d0acbffbbdf0d7f3b41d10445cae388eb07c489695d781bc35be5751c4835a561fa90a645436a01947994696438208811e93993c2bec5460c855
- SSDEEP
  
  3072:iH3IkVmX9MVG8G7j97zQ8aZoP3AoQzWwhRHZ3:rkVe+VGF7j97tP3AoQzWwhRHZ3
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1