gafgyt | ff0cdb171c6f565632e8d84c5c312538ab04e95d4161363f15db1881dab8b702 | Triage

Sharing

General

Target

ff0cdb171c6f565632e8d84c5c312538ab04e95d4161363f15db1881dab8b702.elf
Size

118KB
Sample

250218-edagnsxjfr
MD5

6583fef00d7968f710ba11a3c533d11e
SHA1

dbe485aded5b731316b476bba4f1ae660c097f57
SHA256

ff0cdb171c6f565632e8d84c5c312538ab04e95d4161363f15db1881dab8b702
SHA512

74f39b6d6d048f092ba8213884082c2dd8f9de9d1152816db8835c3eda44e1bc881a66eaed23a119289ddc133832969c750dd154ead024e96f82299ea92f15c9
SSDEEP

3072:ekYPUfsgnsb0J2ag/VfxkDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0xkDy+mTQOY5R3cn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

199.195.248.181:606

Targets

- Target
  
  ff0cdb171c6f565632e8d84c5c312538ab04e95d4161363f15db1881dab8b702.elf
- Size
  
  118KB
- MD5
  
  6583fef00d7968f710ba11a3c533d11e
- SHA1
  
  dbe485aded5b731316b476bba4f1ae660c097f57
- SHA256
  
  ff0cdb171c6f565632e8d84c5c312538ab04e95d4161363f15db1881dab8b702
- SHA512
  
  74f39b6d6d048f092ba8213884082c2dd8f9de9d1152816db8835c3eda44e1bc881a66eaed23a119289ddc133832969c750dd154ead024e96f82299ea92f15c9
- SSDEEP
  
  3072:ekYPUfsgnsb0J2ag/VfxkDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0xkDy+mTQOY5R3cn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1