gafgyt | d2f17797175d0ee304e7ae765ddb929dc0d715e8719db773ba49b6f81bc6e7a6 | Triage

Sharing

General

Target

d2f17797175d0ee304e7ae765ddb929dc0d715e8719db773ba49b6f81bc6e7a6.elf
Size

71KB
Sample

250112-dvd1ratnhv
MD5

616c5deb08b8fe0317ff0a65e8c502aa
SHA1

edf16507d06c99eb9bb2913dedee41b74b241f7c
SHA256

d2f17797175d0ee304e7ae765ddb929dc0d715e8719db773ba49b6f81bc6e7a6
SHA512

d780ae22e3a84f3166d1ef8e2b471db5cde9b3bba9cacd07a69dd42a31e1c0609af57422b3d5fd4ad545a26e0ccc50b4f5cf8434e4fe95a4bd3d5543d0335a64
SSDEEP

1536:fQ/CnToULUWynmqPoh3a8QsESNIp5vtnyChVVql4TgkDjqmbdZ89UxTumLI2VOCF:fQoUULUWbU5vJ5hKKTv5w9OumU2VOCbp

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

89.33.192.138:65447

Targets

- Target
  
  d2f17797175d0ee304e7ae765ddb929dc0d715e8719db773ba49b6f81bc6e7a6.elf
- Size
  
  71KB
- MD5
  
  616c5deb08b8fe0317ff0a65e8c502aa
- SHA1
  
  edf16507d06c99eb9bb2913dedee41b74b241f7c
- SHA256
  
  d2f17797175d0ee304e7ae765ddb929dc0d715e8719db773ba49b6f81bc6e7a6
- SHA512
  
  d780ae22e3a84f3166d1ef8e2b471db5cde9b3bba9cacd07a69dd42a31e1c0609af57422b3d5fd4ad545a26e0ccc50b4f5cf8434e4fe95a4bd3d5543d0335a64
- SSDEEP
  
  1536:fQ/CnToULUWynmqPoh3a8QsESNIp5vtnyChVVql4TgkDjqmbdZ89UxTumLI2VOCF:fQoUULUWbU5vJ5hKKTv5w9OumU2VOCbp
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1