gafgyt | ad21c5195ca77b03531a22273339970030166163682c7e31a25951673e5ae51a | Triage

Sharing

General

Target

ad21c5195ca77b03531a22273339970030166163682c7e31a25951673e5ae51a.elf
Size

175KB
Sample

250219-fxpldazmv7
MD5

6c96dc18ae26532d7154d6a8604f6037
SHA1

32556bc72a00a8382f7f2d5ad184d26a059ae109
SHA256

ad21c5195ca77b03531a22273339970030166163682c7e31a25951673e5ae51a
SHA512

5fa577c9dace4c279c818dd182334f3ae8fdb60f0a77ccd5dd825710e7062dbaf8194655cde736bba347d792a37f4760d458720ebd63452e7e8a0d1bf05a4577
SSDEEP

3072:LPa+ieKJ4BLkTCxUnpPS4IulfGIDwaNR6ia/T5VeZZ8T8Os4UyIDAtmAQAWMXj18:wwia/T5Vls4Uy2AtmAQAWij18

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

84.200.154.119:4567

Targets

- Target
  
  ad21c5195ca77b03531a22273339970030166163682c7e31a25951673e5ae51a.elf
- Size
  
  175KB
- MD5
  
  6c96dc18ae26532d7154d6a8604f6037
- SHA1
  
  32556bc72a00a8382f7f2d5ad184d26a059ae109
- SHA256
  
  ad21c5195ca77b03531a22273339970030166163682c7e31a25951673e5ae51a
- SHA512
  
  5fa577c9dace4c279c818dd182334f3ae8fdb60f0a77ccd5dd825710e7062dbaf8194655cde736bba347d792a37f4760d458720ebd63452e7e8a0d1bf05a4577
- SSDEEP
  
  3072:LPa+ieKJ4BLkTCxUnpPS4IulfGIDwaNR6ia/T5VeZZ8T8Os4UyIDAtmAQAWMXj18:wwia/T5Vls4Uy2AtmAQAWij18
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1