gafgyt | 514f184e701a93fc2df68a104acc7b7abd09743aaacabaa1d4ab0beda9524f60 | Triage

Sharing

General

Target

514f184e701a93fc2df68a104acc7b7abd09743aaacabaa1d4ab0beda9524f60.elf
Size

118KB
Sample

250114-c47hzswrdk
MD5

a1dbe596e19f5da7efcd75242b5c3d8c
SHA1

ec67b5c162808ac4f74f5d7393593389309c35a9
SHA256

514f184e701a93fc2df68a104acc7b7abd09743aaacabaa1d4ab0beda9524f60
SHA512

56fa0c321161dbee73c0731c5a2a58690453bc7b2eface247822b847a97454a9fc3c224d453d7dd1f3ee919b73217b53dc501f6bf19bf5db6c5e4e1b4fbc8612
SSDEEP

3072:ekYPUfsgnsb0J2ag/VfOkDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0OkDy+mTQOY5R3cn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

185.189.13.91:25565

Targets

- Target
  
  514f184e701a93fc2df68a104acc7b7abd09743aaacabaa1d4ab0beda9524f60.elf
- Size
  
  118KB
- MD5
  
  a1dbe596e19f5da7efcd75242b5c3d8c
- SHA1
  
  ec67b5c162808ac4f74f5d7393593389309c35a9
- SHA256
  
  514f184e701a93fc2df68a104acc7b7abd09743aaacabaa1d4ab0beda9524f60
- SHA512
  
  56fa0c321161dbee73c0731c5a2a58690453bc7b2eface247822b847a97454a9fc3c224d453d7dd1f3ee919b73217b53dc501f6bf19bf5db6c5e4e1b4fbc8612
- SSDEEP
  
  3072:ekYPUfsgnsb0J2ag/VfOkDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0OkDy+mTQOY5R3cn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1