gafgyt | a23b88938a22c85d32e6e74a538281f724db6f4bfc6adc869f9aeee58855e149 | Triage

Sharing

General

Target

a23b88938a22c85d32e6e74a538281f724db6f4bfc6adc869f9aeee58855e149.elf
Size

123KB
Sample

250219-fq4rqaxqfx
MD5

89baf8a811dc892fc622c12d249fec06
SHA1

d04ae8d3fc365aa2d7499f8120069666881bf794
SHA256

a23b88938a22c85d32e6e74a538281f724db6f4bfc6adc869f9aeee58855e149
SHA512

cf0b70f2333897eda18f80d4456700f91b462b4d0af9e3ae99dcc43b45b45d27b503691528c47b9be1c2ae8b3bc96d92c6966cf1d6a014bbcdfb64d94710c893
SSDEEP

1536:M7je1TMGq+f+AQ2rK7zeXeReXe8V2rK7Ie+u60GAzQj1l72HBe2EdWfRZrmW+IFj:Ted0W0MZQHwd6RZrmW+IFB1Dt1hR/

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

87.251.79.180:12345

Targets

- Target
  
  a23b88938a22c85d32e6e74a538281f724db6f4bfc6adc869f9aeee58855e149.elf
- Size
  
  123KB
- MD5
  
  89baf8a811dc892fc622c12d249fec06
- SHA1
  
  d04ae8d3fc365aa2d7499f8120069666881bf794
- SHA256
  
  a23b88938a22c85d32e6e74a538281f724db6f4bfc6adc869f9aeee58855e149
- SHA512
  
  cf0b70f2333897eda18f80d4456700f91b462b4d0af9e3ae99dcc43b45b45d27b503691528c47b9be1c2ae8b3bc96d92c6966cf1d6a014bbcdfb64d94710c893
- SSDEEP
  
  1536:M7je1TMGq+f+AQ2rK7zeXeReXe8V2rK7Ie+u60GAzQj1l72HBe2EdWfRZrmW+IFj:Ted0W0MZQHwd6RZrmW+IFB1Dt1hR/
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1