gafgyt | 425a0a8c30db2392ee0417bbc358e2d981a91bf019b120ad1c26232dfbcd786a | Triage

Sharing

General

Target

425a0a8c30db2392ee0417bbc358e2d981a91bf019b120ad1c26232dfbcd786a.elf
Size

92KB
Sample

250219-dzxzesxqx3
MD5

5c777ad1d6836b738641c5ac2f74ee9c
SHA1

80ba07796df9fd6880dad816258c653965d399b2
SHA256

425a0a8c30db2392ee0417bbc358e2d981a91bf019b120ad1c26232dfbcd786a
SHA512

5a0c4ecfe245d769b314268e09ddd01ddda814e3c936572764126a09c2cb75cbbd3c4a3431be434e2a0173807ee4cb0c3d8d254ef251916227ad8191fd045a7f
SSDEEP

1536:W7uJtxNeVE8zV7aDlvhE1hmkJ0S36W6bWjK3TyPXfH0mA+KWOXFseaZYxe:4SsVEeVMlpmXJ0O6WpjKjifUm/KWOXFE

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

205.185.115.242:12345

Targets

- Target
  
  425a0a8c30db2392ee0417bbc358e2d981a91bf019b120ad1c26232dfbcd786a.elf
- Size
  
  92KB
- MD5
  
  5c777ad1d6836b738641c5ac2f74ee9c
- SHA1
  
  80ba07796df9fd6880dad816258c653965d399b2
- SHA256
  
  425a0a8c30db2392ee0417bbc358e2d981a91bf019b120ad1c26232dfbcd786a
- SHA512
  
  5a0c4ecfe245d769b314268e09ddd01ddda814e3c936572764126a09c2cb75cbbd3c4a3431be434e2a0173807ee4cb0c3d8d254ef251916227ad8191fd045a7f
- SSDEEP
  
  1536:W7uJtxNeVE8zV7aDlvhE1hmkJ0S36W6bWjK3TyPXfH0mA+KWOXFseaZYxe:4SsVEeVMlpmXJ0O6WpjKjifUm/KWOXFE
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1