gafgyt | 0452cb3fb8453b54cb19ef75f560e2f7fea4ab7eb30af9659eaaddb241a28a53 | Triage

Sharing

General

Target

0452cb3fb8453b54cb19ef75f560e2f7fea4ab7eb30af9659eaaddb241a28a53.elf
Size

141KB
Sample

250224-cgbsssyqcl
MD5

055b38ec59b86c46c13c0e2167085c8f
SHA1

4bfd016c645caf44b4f4f22a20a4e552102f8b52
SHA256

0452cb3fb8453b54cb19ef75f560e2f7fea4ab7eb30af9659eaaddb241a28a53
SHA512

5a5b7a63afe9bf4bb0e2770bf9c3d562eb30f86a3c4572a4658f73f258fa40e546f822ff59e5d44f7ee94e289bdc644e1e3c82f0ddb7202474cc11485c355d3e
SSDEEP

3072:lBDH4L9VHGn7vs25h9DLHpVFm0/5ApYADn:lhHaWvs25h9Hp7m0/5ASADn

Score

10^/10

gafgyt discovery

Malware Config

Extracted

Family

gafgyt

C2

173.208.190.227:4258

Targets

- Target
  
  0452cb3fb8453b54cb19ef75f560e2f7fea4ab7eb30af9659eaaddb241a28a53.elf
- Size
  
  141KB
- MD5
  
  055b38ec59b86c46c13c0e2167085c8f
- SHA1
  
  4bfd016c645caf44b4f4f22a20a4e552102f8b52
- SHA256
  
  0452cb3fb8453b54cb19ef75f560e2f7fea4ab7eb30af9659eaaddb241a28a53
- SHA512
  
  5a5b7a63afe9bf4bb0e2770bf9c3d562eb30f86a3c4572a4658f73f258fa40e546f822ff59e5d44f7ee94e289bdc644e1e3c82f0ddb7202474cc11485c355d3e
- SSDEEP
  
  3072:lBDH4L9VHGn7vs25h9DLHpVFm0/5ApYADn:lhHaWvs25h9Hp7m0/5ASADn
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1