gafgyt | 5baa4ccd39546027550ae86a1a2e4c10f4a2613d8918b66705c4ad61697e8a0b | Triage

Sharing

General

Target

5baa4ccd39546027550ae86a1a2e4c10f4a2613d8918b66705c4ad61697e8a0b.elf
Size

118KB
Sample

250221-dqcxws1rcp
MD5

ed04c5cae8f614e010ecd49c43beb7d7
SHA1

911c0c5dca9f715b2a6278141529079c472ecf9b
SHA256

5baa4ccd39546027550ae86a1a2e4c10f4a2613d8918b66705c4ad61697e8a0b
SHA512

3729296982edc90953f66ccdd34b9253fa648abaa467a6cf00e595c047d5f58d81ecd71b1eff01293aaf52db1cd1aeb5d356acf33dd4edbbaa6ce6934c64eb99
SSDEEP

1536:47je1TNWquXQ8xe3byv2rKlKgsrzOQuQZeKdSRf6YkzCwSUmkixFxfC7cgjQ:XT5rzOQuQFsf6YxwSUmkixFxfKcgjQ

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

15.204.128.30:6140

Targets

- Target
  
  5baa4ccd39546027550ae86a1a2e4c10f4a2613d8918b66705c4ad61697e8a0b.elf
- Size
  
  118KB
- MD5
  
  ed04c5cae8f614e010ecd49c43beb7d7
- SHA1
  
  911c0c5dca9f715b2a6278141529079c472ecf9b
- SHA256
  
  5baa4ccd39546027550ae86a1a2e4c10f4a2613d8918b66705c4ad61697e8a0b
- SHA512
  
  3729296982edc90953f66ccdd34b9253fa648abaa467a6cf00e595c047d5f58d81ecd71b1eff01293aaf52db1cd1aeb5d356acf33dd4edbbaa6ce6934c64eb99
- SSDEEP
  
  1536:47je1TNWquXQ8xe3byv2rKlKgsrzOQuQZeKdSRf6YkzCwSUmkixFxfC7cgjQ:XT5rzOQuQFsf6YxwSUmkixFxfKcgjQ
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1