gafgyt | 618c3e2a8bc6b97188b8eb0d25b937711946c23206bb09b5be008b9969a81974 | Triage

Sharing

General

Target

618c3e2a8bc6b97188b8eb0d25b937711946c23206bb09b5be008b9969a81974.elf
Size

105KB
Sample

250219-er315swres
MD5

212450f9dbb99390dedafec72be65ab1
SHA1

afffa9700118c0840519970eca8890cba9cd1563
SHA256

618c3e2a8bc6b97188b8eb0d25b937711946c23206bb09b5be008b9969a81974
SHA512

fa73feaa08ee1f822ce0829f1b3ce6f8ea1a06cbb7e397699fa792b324eca1f0c223a9d041faad1068a795af918b376e992786e3d40473a5cd19b0400d46a926
SSDEEP

3072:MSY+46m1qOzssKFPPKNy+AmkZrQAhPDCXFke:06mgOzJKFPzmkZrQAhPDCXFke

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

87.251.79.180:12345

Targets

- Target
  
  618c3e2a8bc6b97188b8eb0d25b937711946c23206bb09b5be008b9969a81974.elf
- Size
  
  105KB
- MD5
  
  212450f9dbb99390dedafec72be65ab1
- SHA1
  
  afffa9700118c0840519970eca8890cba9cd1563
- SHA256
  
  618c3e2a8bc6b97188b8eb0d25b937711946c23206bb09b5be008b9969a81974
- SHA512
  
  fa73feaa08ee1f822ce0829f1b3ce6f8ea1a06cbb7e397699fa792b324eca1f0c223a9d041faad1068a795af918b376e992786e3d40473a5cd19b0400d46a926
- SSDEEP
  
  3072:MSY+46m1qOzssKFPPKNy+AmkZrQAhPDCXFke:06mgOzJKFPzmkZrQAhPDCXFke
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1