gafgyt | ef1ae483017650a71c5628673d2c1d15da4eeb705a2be8efa9cb7b9be1a4e97c | Triage

Sharing

General

Target

ef1ae483017650a71c5628673d2c1d15da4eeb705a2be8efa9cb7b9be1a4e97c.elf
Size

98KB
Sample

250218-efdbcaxjhk
MD5

25e8edf393e1bdebbfa831fdcbc06bf7
SHA1

4d767546327266d75a8e9f3c0fedabc184271953
SHA256

ef1ae483017650a71c5628673d2c1d15da4eeb705a2be8efa9cb7b9be1a4e97c
SHA512

b46b9d6a81a47a4df1efc998c4b12cb0405f65c93031aa01141be16b276190d6bc467774ceb3998db56fcc0f872afcb3919bf94942da8dff030f5a3c2b863ad0
SSDEEP

3072:VSx+i6mqaObhNgnPNKV+qKmZuqQ4DPwXXtse:y6mRObngnP7qKmZuqQ4DPwXXtse

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

199.195.248.181:606

Targets

- Target
  
  ef1ae483017650a71c5628673d2c1d15da4eeb705a2be8efa9cb7b9be1a4e97c.elf
- Size
  
  98KB
- MD5
  
  25e8edf393e1bdebbfa831fdcbc06bf7
- SHA1
  
  4d767546327266d75a8e9f3c0fedabc184271953
- SHA256
  
  ef1ae483017650a71c5628673d2c1d15da4eeb705a2be8efa9cb7b9be1a4e97c
- SHA512
  
  b46b9d6a81a47a4df1efc998c4b12cb0405f65c93031aa01141be16b276190d6bc467774ceb3998db56fcc0f872afcb3919bf94942da8dff030f5a3c2b863ad0
- SSDEEP
  
  3072:VSx+i6mqaObhNgnPNKV+qKmZuqQ4DPwXXtse:y6mRObngnP7qKmZuqQ4DPwXXtse
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1