gafgyt | 09b543c8b2c72e070716802d48686208d16054258964c1b1e15db819b123d092 | Triage

Sharing

General

Target

09b543c8b2c72e070716802d48686208d16054258964c1b1e15db819b123d092.elf
Size

150KB
Sample

250219-clep9awps7
MD5

1436c169550ade43b1aaaa4cb9d705de
SHA1

f43f76d7c9f4885edc6698153669baec6400c25a
SHA256

09b543c8b2c72e070716802d48686208d16054258964c1b1e15db819b123d092
SHA512

64ecdfc4df41090d607a5d963d660e7c5b1dd3047b6774f1630af8072f7e3045fcfa1363a85e03cca4387483a647868d362c630eddf7ed5367125ad50c4204d5
SSDEEP

3072:amYIFgYfDIwXShaQGXZvURxuZq+1uPNd5R:v7b8t9GJURxuZq+1uPNd5R

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

185.74.222.38:8080

Targets

- Target
  
  09b543c8b2c72e070716802d48686208d16054258964c1b1e15db819b123d092.elf
- Size
  
  150KB
- MD5
  
  1436c169550ade43b1aaaa4cb9d705de
- SHA1
  
  f43f76d7c9f4885edc6698153669baec6400c25a
- SHA256
  
  09b543c8b2c72e070716802d48686208d16054258964c1b1e15db819b123d092
- SHA512
  
  64ecdfc4df41090d607a5d963d660e7c5b1dd3047b6774f1630af8072f7e3045fcfa1363a85e03cca4387483a647868d362c630eddf7ed5367125ad50c4204d5
- SSDEEP
  
  3072:amYIFgYfDIwXShaQGXZvURxuZq+1uPNd5R:v7b8t9GJURxuZq+1uPNd5R
Score

7^/10
- Writes DNS configuration
  Writes data to DNS resolver config file.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Adversary-in-the-Middle

Discovery

Lateral Movement

Collection

Adversary-in-the-Middle

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1