gafgyt | c8514ef7562bcfe21c8c63ce9d88394ad4341d4aed606eb5c81ed37c05606d5a | Triage

Sharing

General

Target

c8514ef7562bcfe21c8c63ce9d88394ad4341d4aed606eb5c81ed37c05606d5a.elf
Size

181KB
Sample

250219-ga87yaylej
MD5

17093ead9364b8a8758a7f7e21c89ce2
SHA1

87777d538359c8348e71c6591a710a9629b76ed6
SHA256

c8514ef7562bcfe21c8c63ce9d88394ad4341d4aed606eb5c81ed37c05606d5a
SHA512

623b304da3117baa765d03a43056fa947568ac6bdc61354036ddcfd0aabf624bc42fa51163eedc7f61e9743658d1c7c16422842dd745d963d139770f57ea266f
SSDEEP

3072:RUkUQWXBwRUY5Ab9mGxY/5JFvMuVZA+DdVun3bhS8IRzbenrFjr//URgFIFmlsFx:kQYTagFIFmlsFmzVu6nm7

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

84.200.154.119:4567

Targets

- Target
  
  c8514ef7562bcfe21c8c63ce9d88394ad4341d4aed606eb5c81ed37c05606d5a.elf
- Size
  
  181KB
- MD5
  
  17093ead9364b8a8758a7f7e21c89ce2
- SHA1
  
  87777d538359c8348e71c6591a710a9629b76ed6
- SHA256
  
  c8514ef7562bcfe21c8c63ce9d88394ad4341d4aed606eb5c81ed37c05606d5a
- SHA512
  
  623b304da3117baa765d03a43056fa947568ac6bdc61354036ddcfd0aabf624bc42fa51163eedc7f61e9743658d1c7c16422842dd745d963d139770f57ea266f
- SSDEEP
  
  3072:RUkUQWXBwRUY5Ab9mGxY/5JFvMuVZA+DdVun3bhS8IRzbenrFjr//URgFIFmlsFx:kQYTagFIFmlsFmzVu6nm7
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1