gafgyt | c12f36d08f3427a7077bf09e5ff955fefac9712ba9d413f45160a63ca04f2351 | Triage

Sharing

General

Target

c12f36d08f3427a7077bf09e5ff955fefac9712ba9d413f45160a63ca04f2351.elf
Size

98KB
Sample

250115-dzc91syqhx
MD5

2aaa580f6dce10b2fd777231e3257a58
SHA1

8da5f8f1d31fe006e718bfff85590efc6760a683
SHA256

c12f36d08f3427a7077bf09e5ff955fefac9712ba9d413f45160a63ca04f2351
SHA512

ca2418ed1e88969d5b51fc9bd8571b9dbb11766e95e842c4f3957a23ae2980e2f15975e7ea2bbdb2e2a64efe1b48bad9f88e482062c71b382a1e38ebedb4732a
SSDEEP

1536:Q9fT9WiC3txvWtfEo5vXJM9wypej++3h5EgL7nLGPTms5TDUMHYr/:Q9jC9wtsOnuejjh5EgL7smITDfHYr/

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

23.95.73.77:999

Targets

- Target
  
  c12f36d08f3427a7077bf09e5ff955fefac9712ba9d413f45160a63ca04f2351.elf
- Size
  
  98KB
- MD5
  
  2aaa580f6dce10b2fd777231e3257a58
- SHA1
  
  8da5f8f1d31fe006e718bfff85590efc6760a683
- SHA256
  
  c12f36d08f3427a7077bf09e5ff955fefac9712ba9d413f45160a63ca04f2351
- SHA512
  
  ca2418ed1e88969d5b51fc9bd8571b9dbb11766e95e842c4f3957a23ae2980e2f15975e7ea2bbdb2e2a64efe1b48bad9f88e482062c71b382a1e38ebedb4732a
- SSDEEP
  
  1536:Q9fT9WiC3txvWtfEo5vXJM9wypej++3h5EgL7nLGPTms5TDUMHYr/:Q9jC9wtsOnuejjh5EgL7smITDfHYr/
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1