gafgyt | dd8d57df26725ee577a5fb8f90945bff74fafa27d1a73e5bf46237bd7175fe59 | Triage

Sharing

General

Target

dd8d57df26725ee577a5fb8f90945bff74fafa27d1a73e5bf46237bd7175fe59.elf
Size

181KB
Sample

250219-gh8w5synax
MD5

f219af8c0dc8fd3385c6a1ae73fe0fc6
SHA1

f800743d4d7cf76a9568da4adb96ade12b6ec9f4
SHA256

dd8d57df26725ee577a5fb8f90945bff74fafa27d1a73e5bf46237bd7175fe59
SHA512

97571589bbf75de9f5188ae8b9c90981d077e44a5bef3f22e01d3fd9154f76f3865ee2871f68dedbad7463d464a0eb2ee6bef6118c89f605de700c8bde43f348
SSDEEP

1536:rMm6eTXdOjOMvWCv6yCmZm0PF+3ArrUcVind94hnzFmlQDFmzVu6nm7:r7Ojp6ESurSnqnzFmlsFmzVu6nm7

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

84.200.154.119:4567

Targets

- Target
  
  dd8d57df26725ee577a5fb8f90945bff74fafa27d1a73e5bf46237bd7175fe59.elf
- Size
  
  181KB
- MD5
  
  f219af8c0dc8fd3385c6a1ae73fe0fc6
- SHA1
  
  f800743d4d7cf76a9568da4adb96ade12b6ec9f4
- SHA256
  
  dd8d57df26725ee577a5fb8f90945bff74fafa27d1a73e5bf46237bd7175fe59
- SHA512
  
  97571589bbf75de9f5188ae8b9c90981d077e44a5bef3f22e01d3fd9154f76f3865ee2871f68dedbad7463d464a0eb2ee6bef6118c89f605de700c8bde43f348
- SSDEEP
  
  1536:rMm6eTXdOjOMvWCv6yCmZm0PF+3ArrUcVind94hnzFmlQDFmzVu6nm7:r7Ojp6ESurSnqnzFmlsFmzVu6nm7
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1