gafgyt | b75cefcdafee155afd3ca7e3a45cf889cf425022cee951d1c4e7c698a8973bac | Triage

Sharing

General

Target

strix.i686.elf
Size

139KB
Sample

250223-wdfr5avqs9
MD5

83feaa06a0d71cbf5f81278365579714
SHA1

90fe6f09271104654a7ba4290dc360d7c1d3d286
SHA256

b75cefcdafee155afd3ca7e3a45cf889cf425022cee951d1c4e7c698a8973bac
SHA512

9e0025fe9e85da0dc7bcbf9e06cc09fa4330bbc4be46161117fbb7122af7c1338abb2095e600ffb16693fe030895ecc497b709b9232b9ed760e82ac2df11fea9
SSDEEP

3072:yclx0/BKMUytBXSwwi3yMzS5h6NFl/0mJswdytNr9:y3xrXZzS5hEWmJswdytNr9

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

37.44.238.66:5334

Targets

- Target
  
  strix.i686.elf
- Size
  
  139KB
- MD5
  
  83feaa06a0d71cbf5f81278365579714
- SHA1
  
  90fe6f09271104654a7ba4290dc360d7c1d3d286
- SHA256
  
  b75cefcdafee155afd3ca7e3a45cf889cf425022cee951d1c4e7c698a8973bac
- SHA512
  
  9e0025fe9e85da0dc7bcbf9e06cc09fa4330bbc4be46161117fbb7122af7c1338abb2095e600ffb16693fe030895ecc497b709b9232b9ed760e82ac2df11fea9
- SSDEEP
  
  3072:yclx0/BKMUytBXSwwi3yMzS5h6NFl/0mJswdytNr9:y3xrXZzS5hEWmJswdytNr9
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1