gafgyt | 23943c584d1eb21be3c895145c84e176741fccb4f9a085d575aa25ca6a3585e4 | Triage

Sharing

General

Target

23943c584d1eb21be3c895145c84e176741fccb4f9a085d575aa25ca6a3585e4.elf
Size

136KB
Sample

250115-cq531azjdk
MD5

0a91b3ecd9583827b4cbe1c2b44ccb59
SHA1

90ef6e5d0414b988bba47949624e700b6fe495ab
SHA256

23943c584d1eb21be3c895145c84e176741fccb4f9a085d575aa25ca6a3585e4
SHA512

1b2279a6707d5b1c353826ee157f87efece0a8a15fbf7bdf7c73ace08f2dc7d378e89ec3d50272665fcd5f00390f6becdab342260235b2a65fd328c3059e7009
SSDEEP

1536:HHfGlk6Mau3GaXIM2rKbU6Ul5gioHLfPti2dSImNEz7ugf7hoWlNDsorH4hs29NA:+FO3PtiJn8ugN9sazoVmCBgAYiCh

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

23.95.73.77:999

Targets

- Target
  
  23943c584d1eb21be3c895145c84e176741fccb4f9a085d575aa25ca6a3585e4.elf
- Size
  
  136KB
- MD5
  
  0a91b3ecd9583827b4cbe1c2b44ccb59
- SHA1
  
  90ef6e5d0414b988bba47949624e700b6fe495ab
- SHA256
  
  23943c584d1eb21be3c895145c84e176741fccb4f9a085d575aa25ca6a3585e4
- SHA512
  
  1b2279a6707d5b1c353826ee157f87efece0a8a15fbf7bdf7c73ace08f2dc7d378e89ec3d50272665fcd5f00390f6becdab342260235b2a65fd328c3059e7009
- SSDEEP
  
  1536:HHfGlk6Mau3GaXIM2rKbU6Ul5gioHLfPti2dSImNEz7ugf7hoWlNDsorH4hs29NA:+FO3PtiJn8ugN9sazoVmCBgAYiCh
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1