gafgyt | d9748509c0799d61ab3dffdc9513657865d41ee8340654c5983f5a71a994d936 | Triage

Sharing

General

Target

felkawtf.i586.elf
Size

79KB
Sample

250220-ypwntsvrv4
MD5

cb59acf08eae97467b1ecb66c06c34d6
SHA1

9a6c6a1429a6071addbd00e23c39bc43f2d115f7
SHA256

d9748509c0799d61ab3dffdc9513657865d41ee8340654c5983f5a71a994d936
SHA512

7a9c4c198e50a4315fba54525d8535c0397655f912b98e75a62e013b849aaafa472ec10ad1854d7312cb1243aaa8a5ce901439fe5b353df7930e17516a7b5a35
SSDEEP

1536:Yof4eXCUCUoRLKHnmrTH5bE9ohl/9vrklFmrJHiPJ4mLItVOCjXZRshS:YoFCUCUoR2Hnm3ZbcohZ9jttiPemUtV7

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

15.204.128.30:6140

Targets

- Target
  
  felkawtf.i586.elf
- Size
  
  79KB
- MD5
  
  cb59acf08eae97467b1ecb66c06c34d6
- SHA1
  
  9a6c6a1429a6071addbd00e23c39bc43f2d115f7
- SHA256
  
  d9748509c0799d61ab3dffdc9513657865d41ee8340654c5983f5a71a994d936
- SHA512
  
  7a9c4c198e50a4315fba54525d8535c0397655f912b98e75a62e013b849aaafa472ec10ad1854d7312cb1243aaa8a5ce901439fe5b353df7930e17516a7b5a35
- SSDEEP
  
  1536:Yof4eXCUCUoRLKHnmrTH5bE9ohl/9vrklFmrJHiPJ4mLItVOCjXZRshS:YoFCUCUoR2Hnm3ZbcohZ9jttiPemUtV7
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1