gafgyt | 6ab442f45a043883b5b7535267a03ecad585b9d243f9c51e68b68aa2c3503fad | Triage

Sharing

General

Target

sss.elf
Size

110KB
Sample

250111-mkyf3swpgz
MD5

fd5543a1b6da49cb5d4e89ba574b7b4a
SHA1

aa3712673caad0c3aaa981441f7bdf54aad05417
SHA256

6ab442f45a043883b5b7535267a03ecad585b9d243f9c51e68b68aa2c3503fad
SHA512

e6df9f79a710ba9b4f1b2e3a04623df6efd4b2da8c3002ef49b1c58e5070e1924edc418d9dc74502951c6d393680792ad7ca839db9045da7354a1ea5dc0ba388
SSDEEP

1536:3LeTkl+xRnSMOEr9ZTun5ATI3fMgHfA9DFqUmkiSFxfC7xbXe:3oSZEr9f6fMT/qUmkiSFxfKxbXe

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

176.119.150.11:65489

Targets

- Target
  
  sss.elf
- Size
  
  110KB
- MD5
  
  fd5543a1b6da49cb5d4e89ba574b7b4a
- SHA1
  
  aa3712673caad0c3aaa981441f7bdf54aad05417
- SHA256
  
  6ab442f45a043883b5b7535267a03ecad585b9d243f9c51e68b68aa2c3503fad
- SHA512
  
  e6df9f79a710ba9b4f1b2e3a04623df6efd4b2da8c3002ef49b1c58e5070e1924edc418d9dc74502951c6d393680792ad7ca839db9045da7354a1ea5dc0ba388
- SSDEEP
  
  1536:3LeTkl+xRnSMOEr9ZTun5ATI3fMgHfA9DFqUmkiSFxfC7xbXe:3oSZEr9f6fMT/qUmkiSFxfKxbXe
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1