gafgyt | 4c96e9af9a3092ce59c8f49474370e7286c41e07c6d9af6140088174d19c0ea2 | Triage

Sharing

General

Target

4c96e9af9a3092ce59c8f49474370e7286c41e07c6d9af6140088174d19c0ea2.elf
Size

109KB
Sample

250219-ead1pawme1
MD5

3899fd75311d4b34aad8db2d1a4b3b03
SHA1

9673fc5503f1342822d325ab784c1b20f03b2a2e
SHA256

4c96e9af9a3092ce59c8f49474370e7286c41e07c6d9af6140088174d19c0ea2
SHA512

12ce22069821a591a8e0de562a60b68573f44cd195cea66b9b4f676b4baaa606283e9edcbdc655252630aec8109b805f5aefbb1239397e389116d53102fe5a81
SSDEEP

3072:OR2nVcaX3sB56mIUZAkyYtAfRnoThfrzfPPCNVOXinYuM8R:PKWmIVHRnoFzzPCNVOXinYuM8R

Score

10^/10

gafgyt linux

Malware Config

Extracted

Family

gafgyt

C2

185.74.222.38:8080

Targets

- Target
  
  4c96e9af9a3092ce59c8f49474370e7286c41e07c6d9af6140088174d19c0ea2.elf
- Size
  
  109KB
- MD5
  
  3899fd75311d4b34aad8db2d1a4b3b03
- SHA1
  
  9673fc5503f1342822d325ab784c1b20f03b2a2e
- SHA256
  
  4c96e9af9a3092ce59c8f49474370e7286c41e07c6d9af6140088174d19c0ea2
- SHA512
  
  12ce22069821a591a8e0de562a60b68573f44cd195cea66b9b4f676b4baaa606283e9edcbdc655252630aec8109b805f5aefbb1239397e389116d53102fe5a81
- SSDEEP
  
  3072:OR2nVcaX3sB56mIUZAkyYtAfRnoThfrzfPPCNVOXinYuM8R:PKWmIVHRnoFzzPCNVOXinYuM8R
Score

7^/10
- Writes DNS configuration
  Writes data to DNS resolver config file.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Adversary-in-the-Middle

Discovery

Lateral Movement

Collection

Adversary-in-the-Middle

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1