gafgyt | 72807c35f0fa3b7b6fc3cb7980c2db8e18a6133ef3da827546e87505a6d933b9 | Triage

Sharing

General

Target

72807c35f0fa3b7b6fc3cb7980c2db8e18a6133ef3da827546e87505a6d933b9.elf
Size

156KB
Sample

250219-e5m7vaxker
MD5

ff60dec55424ba5ad6976a5cbec4dbac
SHA1

ecf2c65f29cac600ad8622d5b950c2471b225641
SHA256

72807c35f0fa3b7b6fc3cb7980c2db8e18a6133ef3da827546e87505a6d933b9
SHA512

ad04ac10c34bed5db70204e7db7d76b92bad563d73b425cfa3aba457fca88c67b037119d50bc4edff1fb5414151862dfde6749ffad72de1d27f77f1e72320af4
SSDEEP

3072:T1g2/eINNlzx2kkQCMOaQcvBRYnyLRM/9q3tmFwfBxKQodn:hg2hNNlzIkk/MOa/bYnydM/9MmFwfBxE

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

87.251.79.180:12345

Targets

- Target
  
  72807c35f0fa3b7b6fc3cb7980c2db8e18a6133ef3da827546e87505a6d933b9.elf
- Size
  
  156KB
- MD5
  
  ff60dec55424ba5ad6976a5cbec4dbac
- SHA1
  
  ecf2c65f29cac600ad8622d5b950c2471b225641
- SHA256
  
  72807c35f0fa3b7b6fc3cb7980c2db8e18a6133ef3da827546e87505a6d933b9
- SHA512
  
  ad04ac10c34bed5db70204e7db7d76b92bad563d73b425cfa3aba457fca88c67b037119d50bc4edff1fb5414151862dfde6749ffad72de1d27f77f1e72320af4
- SSDEEP
  
  3072:T1g2/eINNlzx2kkQCMOaQcvBRYnyLRM/9q3tmFwfBxKQodn:hg2hNNlzIkk/MOa/bYnydM/9MmFwfBxE
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1