gafgyt | 83510df45dd53c59b893a274621fc6ed2b0ba2908d62fde67a73f1b84b5d7557 | Triage

Sharing

General

Target

83510df45dd53c59b893a274621fc6ed2b0ba2908d62fde67a73f1b84b5d7557.elf
Size

146KB
Sample

250115-der8faykgv
MD5

bcd8dee9671b5b3aeece01406feb8595
SHA1

67332344c03d69866672b933bfdf99d2942da3f9
SHA256

83510df45dd53c59b893a274621fc6ed2b0ba2908d62fde67a73f1b84b5d7557
SHA512

e37130cccd205a68f662870aa1363fcf778a3ed93fafb019ec47cf56680f2f9c185fab1a6de950809efebedc30ceea1fd077409ec6d015176a5fd1e4c67fbf25
SSDEEP

3072:CtfSVjcVCLJDexaWt8m717a8oXV7EHIzmQwfCMQiGW:AfSVjcgLNexa9y17a8oXV7EcmQwfCDi9

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

23.95.73.77:999

Targets

- Target
  
  83510df45dd53c59b893a274621fc6ed2b0ba2908d62fde67a73f1b84b5d7557.elf
- Size
  
  146KB
- MD5
  
  bcd8dee9671b5b3aeece01406feb8595
- SHA1
  
  67332344c03d69866672b933bfdf99d2942da3f9
- SHA256
  
  83510df45dd53c59b893a274621fc6ed2b0ba2908d62fde67a73f1b84b5d7557
- SHA512
  
  e37130cccd205a68f662870aa1363fcf778a3ed93fafb019ec47cf56680f2f9c185fab1a6de950809efebedc30ceea1fd077409ec6d015176a5fd1e4c67fbf25
- SSDEEP
  
  3072:CtfSVjcVCLJDexaWt8m717a8oXV7EHIzmQwfCMQiGW:AfSVjcgLNexa9y17a8oXV7EcmQwfCDi9
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1