Overview

overview

10

Static

static

10

felkawtf.i686.elf

ubuntu-18.04-amd64

6

Sharing

Copy URL
Twitter E-mail

General

  • Target

    felkawtf.i686.elf

  • Size

    82KB

  • Sample

    250220-ypa25atnfm

  • MD5

    35e881ca3f8f00163b2a2596642ff619

  • SHA1

    555423b5cc3b950babad9805fee9480dd854712c

  • SHA256

    d1176ae598bf0156c072814e487c712e98113ce057c9f185d3bda08658d16a01

  • SHA512

    2c6452c77ff6fb80449c424f6a2d8a1fc1dc61179eb131d1453b72d2003205c4109fe826e80b8c7ffd0ee4061a56bbc92f9df94de65be16816951bbef3230aea

  • SSDEEP

    1536:6/0diomMnECdWGmAzlIRP4QIwbX2X/ACaLpKn9zmLItVOCjXZRshS:hiBwEtzmlIR/xKYzLpKn9zmUtVOCbZR3

Score
10/10
gafgytdiscoverylinux

Malware Config

Extracted

Family

gafgyt

C2

15.204.128.30:6140

Targets

    • Target

      felkawtf.i686.elf

    • Size

      82KB

    • MD5

      35e881ca3f8f00163b2a2596642ff619

    • SHA1

      555423b5cc3b950babad9805fee9480dd854712c

    • SHA256

      d1176ae598bf0156c072814e487c712e98113ce057c9f185d3bda08658d16a01

    • SHA512

      2c6452c77ff6fb80449c424f6a2d8a1fc1dc61179eb131d1453b72d2003205c4109fe826e80b8c7ffd0ee4061a56bbc92f9df94de65be16816951bbef3230aea

    • SSDEEP

      1536:6/0diomMnECdWGmAzlIRP4QIwbX2X/ACaLpKn9zmLItVOCjXZRshS:hiBwEtzmlIR/xKYzLpKn9zmUtVOCbZR3

    Score
    6/10
    discovery

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks