gafgyt | 6d24702a82cd555d36c72b8eb608aade1aea5945e746189bd208b153472a882e | Triage

Sharing

General

Target

6d24702a82cd555d36c72b8eb608aade1aea5945e746189bd208b153472a882e.elf
Size

155KB
Sample

250224-dg5asaylcv
MD5

eda2256fafedd04041d78793d0359fd7
SHA1

afb2c129d04c7ed135bf5c47966e3448e73518a4
SHA256

6d24702a82cd555d36c72b8eb608aade1aea5945e746189bd208b153472a882e
SHA512

786166404f8133dda66068a24b161cd30071c12aaad3c9f48565c8e58124d00220bd43af7d801b69eab8e47cba6fca2c5b2d46124e57efd7f1b05d6f39f4b9ca
SSDEEP

3072:a8L2FlZkVf62TCX5hGhfNphahpCn38ntVAlZn31mBT38dAY4:Ms1Nphabka6lmBT38dAY4

Score

10^/10

gafgyt discovery linux

Malware Config

Extracted

Family

gafgyt

C2

37.44.238.66:5334

Targets

- Target
  
  6d24702a82cd555d36c72b8eb608aade1aea5945e746189bd208b153472a882e.elf
- Size
  
  155KB
- MD5
  
  eda2256fafedd04041d78793d0359fd7
- SHA1
  
  afb2c129d04c7ed135bf5c47966e3448e73518a4
- SHA256
  
  6d24702a82cd555d36c72b8eb608aade1aea5945e746189bd208b153472a882e
- SHA512
  
  786166404f8133dda66068a24b161cd30071c12aaad3c9f48565c8e58124d00220bd43af7d801b69eab8e47cba6fca2c5b2d46124e57efd7f1b05d6f39f4b9ca
- SSDEEP
  
  3072:a8L2FlZkVf62TCX5hGhfNphahpCn38ntVAlZn31mBT38dAY4:Ms1Nphabka6lmBT38dAY4
Score

6^/10

discovery
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1