gafgyt | d71a424563270b288070cd8e7c35e0636422c96a24f7e39ba6eb4c1be4b48d14 | Triage

Sharing

General

Target

d71a424563270b288070cd8e7c35e0636422c96a24f7e39ba6eb4c1be4b48d14.elf
Size

118KB
Sample

250219-gh63jszrx9
MD5

230fded12db7339d3a9fef64248e25a9
SHA1

e41493b48e0ffcdd3f84ce7fbf7c37e367dbef51
SHA256

d71a424563270b288070cd8e7c35e0636422c96a24f7e39ba6eb4c1be4b48d14
SHA512

9263f03e6feb56b55cb133918aaacb45fa7495634377bce017505a30c02b66ae693e6cc72cf985fb5c27eb689543792617ba4c22580927f9df919b8fb6527bbd
SSDEEP

3072:ekYPUfsgnsb0J2ag/VfCkDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0CkDy+mTQOY5R3cn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

87.251.79.180:12345

Targets

- Target
  
  d71a424563270b288070cd8e7c35e0636422c96a24f7e39ba6eb4c1be4b48d14.elf
- Size
  
  118KB
- MD5
  
  230fded12db7339d3a9fef64248e25a9
- SHA1
  
  e41493b48e0ffcdd3f84ce7fbf7c37e367dbef51
- SHA256
  
  d71a424563270b288070cd8e7c35e0636422c96a24f7e39ba6eb4c1be4b48d14
- SHA512
  
  9263f03e6feb56b55cb133918aaacb45fa7495634377bce017505a30c02b66ae693e6cc72cf985fb5c27eb689543792617ba4c22580927f9df919b8fb6527bbd
- SSDEEP
  
  3072:ekYPUfsgnsb0J2ag/VfCkDN0dn+mTQOY5NX3cn:9YPUfsgEo2a0CkDy+mTQOY5R3cn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1