gafgyt | b0af77d9cfea4a70f64d60f401fa5a482a0704accfc714898abc51196fa15b0e | Triage

Sharing

General

Target

wget.elf
Size

134KB
Sample

250218-gal3eaxnev
MD5

fd3c7bfbb389ee1f64ff0c21933c62ac
SHA1

ba0afcd99c7a80cfb44275642c288fcd850ecc80
SHA256

b0af77d9cfea4a70f64d60f401fa5a482a0704accfc714898abc51196fa15b0e
SHA512

192c8dcf97cd876c8b8c3fd962a957be20621abd28633c5d67030bcb5bafd69a05caab4fe7fde81b495c3260f97c519204a2603bf4a2d02a93d27a3ec7ccbe38
SSDEEP

3072:tUokrePpgVjJWQiyxQxi3F2hMb+9m3XkcaRVgYAB:tpiePpgVjJWQi+EhMa9m3XkcaRVgYAB

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

84.200.154.119:4567

Targets

- Target
  
  wget.elf
- Size
  
  134KB
- MD5
  
  fd3c7bfbb389ee1f64ff0c21933c62ac
- SHA1
  
  ba0afcd99c7a80cfb44275642c288fcd850ecc80
- SHA256
  
  b0af77d9cfea4a70f64d60f401fa5a482a0704accfc714898abc51196fa15b0e
- SHA512
  
  192c8dcf97cd876c8b8c3fd962a957be20621abd28633c5d67030bcb5bafd69a05caab4fe7fde81b495c3260f97c519204a2603bf4a2d02a93d27a3ec7ccbe38
- SSDEEP
  
  3072:tUokrePpgVjJWQiyxQxi3F2hMb+9m3XkcaRVgYAB:tpiePpgVjJWQi+EhMa9m3XkcaRVgYAB
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1