gafgyt | b67b9fb5c81dc96e34c12e5ffebe16db92bb03d2d1fa6dbe16f212992b764f3d | Triage

Sharing

General

Target

b67b9fb5c81dc96e34c12e5ffebe16db92bb03d2d1fa6dbe16f212992b764f3d.elf
Size

83KB
Sample

250219-f21jfazm18
MD5

9407f2e571451c2980a284725a28da80
SHA1

a9181678ee792658f0408a89acb0e5ddc8972260
SHA256

b67b9fb5c81dc96e34c12e5ffebe16db92bb03d2d1fa6dbe16f212992b764f3d
SHA512

4218ba1fd072c1b8c0974e73530413a141e864c00c5593bd2219db57585f2d2d9aaedb9751b3f2c8baa40eebd6b976b9c573411f912e192f0319fb9b85130fac
SSDEEP

1536:W35b9Vc4N3J6lreu5r4hWj8LkWDloRmF+wVOz+sXcfW7k:Ab9Vc4JJ6liuq0Yg2oRmEwVOz+ucfW7k

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

87.251.79.180:12345

Targets

- Target
  
  b67b9fb5c81dc96e34c12e5ffebe16db92bb03d2d1fa6dbe16f212992b764f3d.elf
- Size
  
  83KB
- MD5
  
  9407f2e571451c2980a284725a28da80
- SHA1
  
  a9181678ee792658f0408a89acb0e5ddc8972260
- SHA256
  
  b67b9fb5c81dc96e34c12e5ffebe16db92bb03d2d1fa6dbe16f212992b764f3d
- SHA512
  
  4218ba1fd072c1b8c0974e73530413a141e864c00c5593bd2219db57585f2d2d9aaedb9751b3f2c8baa40eebd6b976b9c573411f912e192f0319fb9b85130fac
- SSDEEP
  
  1536:W35b9Vc4N3J6lreu5r4hWj8LkWDloRmF+wVOz+sXcfW7k:Ab9Vc4JJ6liuq0Yg2oRmEwVOz+ucfW7k
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1