gafgyt | bbd91c692d5e0754e82a982e7d6f2a4dcbfdd5af5e3d8819a8aec4203e1de83c | Triage

Sharing

General

Target

bbd91c692d5e0754e82a982e7d6f2a4dcbfdd5af5e3d8819a8aec4203e1de83c.elf
Size

175KB
Sample

250219-f4252sznw8
MD5

9c779dd03f0116c1db1af160a39b05d6
SHA1

1a6b6a6b6121d94f0c6f1d842be8ead9ffb18ae1
SHA256

bbd91c692d5e0754e82a982e7d6f2a4dcbfdd5af5e3d8819a8aec4203e1de83c
SHA512

cb53a8362708f1f9210aad22e80a6a1d2ca152c9f021a42a1248aef85813d0c853bb449121a9aef1b292e886ccc758f2cbdaa6097ff92010514d711da983f544
SSDEEP

3072:KV/Yb/dnp+eQPGE+uTSaJ9XziklNNr349hRkUZoQr3zVbYM/98OnIFXmmw3Bq/1A:G+KSaJ9XzXlNW9hREQr3z+M/98rlmmw/

Score

10^/10

gafgyt

Malware Config

Extracted

Family

gafgyt

C2

185.74.222.38:8080

Targets

- Target
  
  bbd91c692d5e0754e82a982e7d6f2a4dcbfdd5af5e3d8819a8aec4203e1de83c.elf
- Size
  
  175KB
- MD5
  
  9c779dd03f0116c1db1af160a39b05d6
- SHA1
  
  1a6b6a6b6121d94f0c6f1d842be8ead9ffb18ae1
- SHA256
  
  bbd91c692d5e0754e82a982e7d6f2a4dcbfdd5af5e3d8819a8aec4203e1de83c
- SHA512
  
  cb53a8362708f1f9210aad22e80a6a1d2ca152c9f021a42a1248aef85813d0c853bb449121a9aef1b292e886ccc758f2cbdaa6097ff92010514d711da983f544
- SSDEEP
  
  3072:KV/Yb/dnp+eQPGE+uTSaJ9XziklNNr349hRkUZoQr3zVbYM/98OnIFXmmw3Bq/1A:G+KSaJ9XzXlNW9hREQr3z+M/98rlmmw/
Score

7^/10
- Writes DNS configuration
  Writes data to DNS resolver config file.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Adversary-in-the-Middle

Discovery

Lateral Movement

Collection

Adversary-in-the-Middle

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1